Cloud governance & architecture

Bahrain Airport Company (BAC) is the organisation responsible for the day to day and strategic operations of Bahrain Airport, a piece of critical national infrastructure in the Kingdom of Bahrain. The airport handles over 8.5 million passengers a year and the strategy for BAC is to expand this capability over the coming years, increasing both the capacity and the functionality of the services that are offered.

As part of BAC’s strategic planning and ambition to be an institutional leader that is pushing the digital boundaries, the executive team decided to embark on a journey to public cloud. BAC consequently engaged drie as their technology partner of choice for this engagement. This initial project was broken down into two phases;

    1. 1. Discovery
    2. Establishment of governance & architecture

The engagement kicked off with a discovery phase in order to give our client a better idea of what it would take to move BAC’s infrastructure from an on premise deployment to the cloud. The deliverables of the discovery phase outlined findings around how BAC should approach migrating to the cloud, which services BAC should adopt, the roadmap for completing the migration, and a high level cost for the services that BAC will end up running on AWS.

The second phase was about putting in place the key building blocks that are required for a successful cloud migration. These pieces would subsequently make it easier for the rest of the project to proceed. Together with the BAC team, drie decided to put in place an AWS landing zone architecture as a baseline for migrating applications to the cloud.  In order to control audit, security and costs a governance process for management of AWS users and accounts was put in place alongside identity access management (IAM) and tagging policies. Once the framework was in place, a number of services were migrated for testing purposes.

All along, AWS resources were built using infrastructure as code techniques. With that, the definition of AWS resources happened in code and was then applied to BAC’s AWS accounts in an automated and consistent way. Tools like Terraform and AWS Cloud Formation were used to facilitate this process.

Since BAC manages an IT infrastructure that is core to operating a critical piece of national infrastructure for Bahrain, a core requirement at the outset of the project was to both minimise the risks associated with adopting a new technology and enable BAC to take advantage of the innovative potential and cost efficiency of the cloud. All of the above could be achieved and thus BAC positioned itself as a digital leader in its space.