We’re heading to Cloud Native Con in Paris →

Remove barriers by enabling self-serve for users on AWS

Woman looking at data
Woman looking at data
How can you enable users on AWS in way that adheres to governance controls but without adding obstacles to innovation?

About customer

Aon PLC is a British-American professional services and management consulting firm that offers a range of risk-mitigation products, including commercial risk, investment, wealth, health, human capital, and reinsurance solutions.

Customer Site: https://www.aon.com


The Platform Services business unit are responsible for the delivery of global platforms to enable enhanced productivity and value delivery at enterprise scale. The team seek to drive value by combining ServiceNOW and automation for AWS to enable improvements for request fulfilment where the requirements are considered simplex.

The team want to develop a capability that will support semi or fully automated provisioning for existing operational teams in addition to providing a path to self-service provisioning for internal development teams with more advanced AWS adoption.

Key to the challenge was a requirement that the solution provide a mechanism to enable “Day 2” operations within the organization from the existing support teams.


Hestio combined modern Infrastructure-as-Code practices, automation and native AWS services to create an Infrastructure Vending Machine for AWS that will included:

  • Creation of automation pipelines for Infrastructure As Code (IAC) based provisioning
  • Development of templated support for the provisioning of IaaS resources (EC2 VMs, S3 Buckets, RDS Databases, etc) into target AWS accounts using Spoke VPCs as part of an existing Hub & Spoke model
  • Enhancements to the existing GitLab Image Factory for additional VM images required for simplex stack product offerings

The capability was delivered as a functional set of automation pipelines that provided a mechanism to allow the capability to be inserted into existing manual processes within the organization for resource provisioning.

The design summary below illustrates how this capability can be inserted into the existing process (#1) to automate resource provisioning. It can also provide for post provisioning activities for those teams that have adopted Infrastructure as Code (IAC) practices (#7)

This scope of work is aimed at delivering the “Day 1” operations solution the design has taken “Day 2” requirements (e.g. modifying disk size) into account.


Figure: AWS Vending Machine Solution
  1. ServiceNOW captures payload and is responsible for triggering pipeline.
  2. The provisioning pipeline itself is codified which provides support for both API triggered pipelines from ServiceNOW (target state) and curated provisioning via web forms.
  3. Input parameters from the trigger are used to select from a list of codified blueprints
  4. New stacks of resources are provisioned using the selected blueprint. Terraform, open sources tools and codified infrastructure are combined with input parameters to provision resources into target AWS account
  5. Code, config and (optionally) state are injected into new Git repository to represent the entire stack in it’s codified state
  6. Stack is then pushed back into a secure stack registry with source control support (GitLab)
  7. Further changes can then be made using same toolset by DevOps and Operations teams

Business benefits for the customer

The customer create a mechanism to enable other teams within the organization to serve some of their own infrastructure needs on AWS, without adding additional obstacles or barriers to innovation.

The engineering and operational teams get a solution that delivered outcomes compatible with the same technology (Terraform) already in use for more complex workloads in AWS.

Need Tailored Advice?

If you’re seeking more specific information or guidance, Schedule a Call with the Hestio team.

Let’s discuss how our solutions can uniquely address your cloud challenges and objectives.

Ready to Enhance Your Cloud Experience?

Now that your questions are answered, take the first step towards cloud innovation with worX.

Sign Up for a Free Account today and begin exploring the transformative potential of our platform.