Searchmetrics is a leading enterprise SEO and content marketing platform, providing competitive insight and market analysis. By using AI and Automation, Searchmetrics reveals business opportunities, supports intelligent decision-making, and connects SEO tactics and strategy directly to revenue.
Searchmetrics had multiple existing AWS environments and wanted to utilize them to their full potential. This included implementing DevOps pipelines and automated infrastructure, reducing data transfer fees, and bolstering existing security with cloud best practices. AllCloud became their 24/7 managed cloud service provider, leveraging its know-how and deep expertise of AWS to reduce costs and operational resources while improving security and introducing faster deployment times through automated infrastructure.
Searchmetrics had many application environments deployed within multiple Amazon VPCs scattered around a number of AWS accounts and needed a way to control and secure the traffic that was addressed to, or generated by, these applications while keeping costs under control. There was also a security concern with these heterogeneous environments as most of them were not following a clear template when it came to Identity and Access Management, remote console access, account governance, and other important cloud best practices.
Moving forward, Searchmetrics aimed for these new controls to be managed by a provider with deep cloud know-how on a 24/7 basis, so that they could leverage DevOps on-demand with automated infrastructure and streamline operating resources. Searchmetrics wanted to apply the changes that would create the above benefits with as little disruption as possible to their running production applications.
Searchmetrics was introduced to AllCloud in early 2019, they soon took advantage of one of AllCloud’s Accelerator Packages, and then followed up with several Professional Services engagements, leading to a 24/7 Managed Services, including Cost Management. Smartly phasing engagements and deploying required workloads allowed Searchmetrics to achieve a seamless cloud journey towards a fully automated AWS infrastructure.
During early engagement, AllCloud suggested a structured implementation approach, using the Next Generation Landing Zone, which is a proven solution in AllCloud’s portfolio. The solution compiles existing AWS and cloud security best practices and puts them into action. In order to reduce the ramp-up period for the Searchmetrics team, and given their prior knowledge and skills of AWS CloudFormation and Ansible, the Landing Zone solution that was previously written using Terraform was refactored using CloudFormation to create Infrastructure as Code (IaC) environments. This allowed Searchmetrics to more easily achieve their primary migration goals.
All existing VPC environments were using public-facing load balancers and AWS NAT Gateways. In order to gain better control over traffic, the networking connectivity solution included migration to centralized Ingress and Transit resources, built around Amazon CloudFront, AWS WAF, and AWS Transit Gateway. It first needed to be deployed using code to the management account and then tested before being used for production traffic. The goal was to move traffic to the Landing Zone networking solution with zero downtime throughout the migration process.
In order to further ensure best practice security, Searchmetrics wanted to lower the risk of long-term credentials leakage, so AllCloud leveraged Single-Sign-On (SSO) for access control to the AWS application accounts. Following the principle of least privilege, often cited in working towards a Zero Trust model, each job role was given the minimum set of permissions required to perform the task at hand. IAM permission boundaries were further used in order to prevent users from increasing their privileges.
Leveraging AllCloud’s AWS Managed Services has helped us gain a deeper knowledge of AWS to reduce costs and operational resources while improving the overall security posture and introducing faster deployment times through our new automated infrastructure.