Ready to build better conversations?
Simple to set up. Easy to use. Powerful integrations.
Get free accessReady to build better conversations?
Simple to set up. Easy to use. Powerful integrations.
Get free accessIn the bustling world of cloud computing where we can create new services on the fly, efficient resource management is paramount. Every unused or redundant resource not only incurs unnecessary costs but also adds complexity to the infrastructure. In such a scenario, tools like AWS Nuke come to the rescue, offering a streamlined solution to clean up AWS accounts effectively. Today, we'll explore how Aircall leverages AWS Nuke to maintain a lean and optimized AWS environment.
The cloud landscape at Aircall
Aircall has established more than 20 sandbox AWS accounts, each serving as a playground for developers to explore, test, and prototype new ideas and solutions.
Crucially, these sandbox AWS accounts are not managed centrally by the IT department or infrastructure teams. Instead, they are owned and administered directly by the developers themselves. By entrusting developers with ownership of their respective sandbox environments, Aircall empowers them to take ownership of their projects from inception to deployment.
Understanding AWS Nuke
AWS Nuke, as the name suggests, is a powerful tool designed to obliterate resources within an AWS account. AWS Nuke is an open-source project aimed at providing a simple yet effective way to clean up AWS accounts by deleting all resources within specified regions, except for the essential ones explicitly whitelisted by the user.
The importance of Resource Management
For companies like Aircall, which operate in dynamic environments with evolving infrastructure needs, efficient resource management is crucial. With a vast array of services and features offered by AWS, it's easy for unused resources to accumulate over time, leading to inflated costs and decreased operational efficiency.
A cluttered AWS account not only complicates cost tracking but also poses security risks and hampers the scalability of the infrastructure. By regularly cleaning up unused resources, organizations can not only reduce costs but also enhance security and streamline operations.
How Aircall utilizes AWS Nuke
At Aircall, where agility and scalability are key, AWS Nuke plays a pivotal role in maintaining a well-organized AWS environment. By integrating AWS Nuke into our infrastructure management workflow, Aircall ensures that unused resources are promptly identified and removed, preventing unnecessary expenditure and reducing complexity.
The process at Aircall typically involves the following steps:
Identification: Aircall's SRE team collaborates closely with the development teams to identify resources that are no longer in use or are redundant.
Whitelisting essential resources: Certain critical resources, such as VPCs, databases or key infrastructure components, are whitelisted to prevent accidental deletion.
(Dry-Run) Execution: AWS Nuke is then executed with the specified configuration, targeting the identified resources for deletion across the designated AWS regions. First in a so-called Dry-Run mode in which developers can see which resources are marked for deletion. Afterwards, when validated these resources are hard deleted.
Verification and Monitoring: Post-execution, the team verifies that only the intended resources have been removed. Continuous monitoring ensures that any unexpected issues are promptly addressed. A full report of what has been deleted is available in our monitoring tools.
Benefits and Considerations
The adoption of AWS Nuke brings forth several benefits for Aircall:
Cost Optimization: By eliminating unused resources, Aircall significantly reduces AWS costs, ensuring optimal utilization of resources.
Enhanced Security: Removing redundant resources minimizes the attack surface and strengthens the overall security posture of Aircall's AWS environment.
Process Automation: With a cleaner and more streamlined infrastructure, Aircall's teams can focus their efforts on innovation and delivering value to customers rather than managing unnecessary resources.
However, it's essential to exercise caution while using AWS Nuke, as indiscriminate deletion of resources can lead to unintended consequences. A thorough understanding of the tool's capabilities and careful planning are crucial to prevent disruptions to critical services. Running the tool in Dry-Run mode before the hard deletion and displaying all the results in a dashboard helps us to prevent these unintended consequences.
AWS Nuke Architecture description at Aircall
Orchestrating the deployment of AWS Nuke via a centralized repository called landing-zone helps us to efficiently deploy the solution to each AWS Sandbox account, facilitating consistent deployment and management across multiple sandbox AWS accounts. Take a look at the architecture:
Explanation of components:
Landing Zone Repository: This centralized repository holds configurations, templates, and scripts for deploying various resources, including AWS Nuke, across multiple sandbox AWS accounts. It serves as a centralized source of truth for deployment configurations.
AWS Nuke CLI: Deployed from the Landing Zone Repository, the AWS Nuke CLI is provisioned within each sandbox AWS account. It interacts with AWS services to identify and delete resources based on predefined configurations.
AWS Stepfunction / Codebuild / S3: Each instance of AWS Nuke within sandbox AWS accounts is orchestrated via an AWS Stepfunction, which in turns triggers a CodeBuild build with appropriate permissions to access and delete resources. These credentials are securely managed and configured within each sandbox account limiting the blast radius incase of mistakes. The AWS Nuke Configuration files are stored in S3.
Monitoring: The output will be transformed using a tool called AWS Nuke Exporter and this output will either be available via Email, A Datadog dashboard or directly in Slack for developers to analyse and troubleshoot.Â
Testing: As the solution is using Serverless resources we have decided to duplicate the resources and create a Test pipeline. With this Test pipeline developers can create a new AWS Nuke configuration file and test this in a secure way, while limiting the impact of potential configuration mistakes.
This architecture diagram illustrates how the deployment of AWS Nuke is orchestrated from a centralized Landing Zone Repository to individual sandbox AWS accounts, enabling consistent management and cleanup of resources across the organization's development environments.
Cost reduction in our AWS sandbox accounts
In fact, Aircall has experienced firsthand the tangible benefits of AWS Nuke. In our sandbox AWS accounts, the implementation of AWS Nuke resulted in an impressive cost reduction of around 20%. This significant saving underscores the tool's efficacy in optimizing AWS spending and underscores its value as a vital component of Aircall's infrastructure management strategy.
Overall...
In the fast-paced world of cloud computing, effective resource management is indispensable. AWS Nuke empowers companies like Aircall to maintain a lean, optimized, and secure AWS environment, driving cost savings, enhancing security, and boosting operational efficiency. By leveraging tools like AWS Nuke, Aircall has unlocked impressive cost savings while staying agile and competitive in today's digital landscape. Giving developers full control of their sandbox accounts while at the same time being in control of the cost is paramount and a huge benefit. Overall at Aircall, we're very happy with this OpenSource tool.
Published on June 27, 2024.
