Adevinta, a global online classifieds specialist, has developed a comprehensive strategy for managing and governing cloud resources across multiple providers. Their approach focuses on empowering teams, optimizing costs, and ensuring efficient cloud resource provisioning. This article delves into the tactics and tools Adevinta employs to achieve effective multi-cloud governance and cost management.
Cloud Account Ownership and Data-Driven Decisions
Tracking Cloud Account Responsibility
One of the foremost priorities for Adevinta is meticulously keeping track of who is responsible for each cloud account, a necessity for making informed, data-driven decisions. The agile nature of projects within the organization makes maintaining up-to-date information a continuous challenge, with responsibilities constantly shifting between teams. Initially, account details were maintained in tables on a Confluence page; however, this approach quickly became inefficient as the number of accounts grew into the hundreds, rendering it unscalable. The company needed a more robust solution to manage this complexity and dynamically link account data with relevant financial and team information, facilitating better decision-making and cost management.
Development of the Catalogue API
To address the scalability issue and efficiently track AWS account information, Adevinta developed the Catalogue API. Originally a simple REST API comprising around 400 lines of Python code, the Catalogue API linked accounts to finance cost centers and team names. However, as organizational needs evolved and the number of cloud accounts expanded, the API grew into a sophisticated tool with over 7,000 lines of code. This transformational development enabled a wide range of functionalities, including seamless account creation and management. By automating these processes, the Catalogue API has been pivotal in maintaining accurate and up-to-date information on cloud accounts, thus supporting Adevinta’s commitment to data-driven decision-making.
Dynamic Organization Structure
Challenges with Existing Internal APIs
In an ever-changing corporate environment like Adevinta’s, keeping team and project information current is essential for reliable cost tracking and resource allocation. The company faced notable challenges with its existing internal APIs, which were frequently outdated and lacked comprehensive team hierarchy information. These shortcomings made it hard to maintain accurate records of team structures and their associated costs, leading to inefficiencies and potential inaccuracies in cost management. Ensuring that organizational data is always current was a pressing need, prompting the development of more sophisticated internal tools to bridge these gaps and improve overall governance.
Introduction of the Organisations API
To overcome challenges posed by outdated internal APIs and improve the precision of organizational data, Adevinta developed the Organisations API. This tool is designed to track the entire organizational tree, thereby maintaining accurate and up-to-date information on teams, divisions, and cost centers. By ensuring that organizational data is consistently current, Adevinta can better manage costs and make informed decisions regarding resource allocation. The Organisations API complements the Catalogue API, creating a robust infrastructure that supports the company’s dynamic organizational structure and contributes to more efficient multi-cloud governance. This integration ultimately aids in maintaining a high level of operational efficiency and cost-effectiveness.
Governance at Scale
Growth of the Cloud Governance Team
Since its inception, the Cloud Governance team at Adevinta has seen significant growth, starting with just three members in 2019 and expanding to twelve members by 2024. This expansion reflects the escalating complexity and volume of cloud accounts managed by the company. The team is strategically divided into two squads: FinOps, focusing on financial operations, and GovOps, dedicated to operational governance. As the number of cloud accounts increased, so did the necessity for automation to avoid bottlenecks and ensure efficient management. By scaling the governance team and introducing specialized roles, Adevinta has been able to handle this growth effectively while maintaining a high standard of cloud resource governance.
Automation of Processes
To manage the increasing number of cloud accounts efficiently, Adevinta has placed a strong emphasis on automating many of its processes. One key development is the creation of a user interface to complement the Catalogue API, which allows internal users to manage cloud resources autonomously. This portal empowers teams to make resource requests that can be approved or rejected by the appropriate managers, thereby ensuring accountability and efficient resource management. Through automation, Adevinta has not only streamlined cloud account management but also minimized the risk of bottlenecks, enabling its Cloud Governance team to focus on strategic tasks rather than routine administrative duties.
Account Creation and Management
Automating Account Creation
In the realm of cloud governance, automating the account creation process is crucial for maintaining accurate ownership information and ensuring streamlined operations. Adevinta has developed a robust workflow that allows budget owners to approve or reject account creation requests. This not only ensures that all new accounts are properly tracked, but also keeps ownership information perpetually up to date. By automating this process, Adevinta has significantly reduced manual intervention, thereby increasing efficiency and minimizing the risk of errors. This automation aligns with the company’s overarching goal of fostering a proactive and responsive governance framework, capable of adapting to the dynamic needs of its various teams.
Ensuring Accountability
Adevinta’s approach to account creation and management underscores the company’s commitment to accountability. Utilizing automated workflows and incorporating budget owners in the approval process, Adevinta ensures that teams remain responsible for their resources. This methodology aligns seamlessly with the company’s ‘You build it, you run it (and you pay for it)’ principle, enforcing strict accountability and encouraging teams to judiciously manage their cloud resources. By embedding accountability into the very fabric of its cloud governance framework, Adevinta has cultivated an organizational culture that values responsibility, efficiency, and proactive resource management.
Access Management
Transition to External Identity Providers
In a bid to enhance security and streamline access management, Adevinta transitioned from using IAM users to external Identity Provider (IdP) services for secure single sign-on (SSO). This shift has significantly streamlined the management of user access and improved overall security protocols. By integrating AWS SSO with the Catalogue API, Adevinta enables teams to manage their access requests independently, thereby reducing the administrative burden on the Cloud Governance team. This transition also allows for more granular control over access permissions, facilitating a more secure and scalable approach to access management in the multi-cloud environment.
Implementation of Attribute-Based Access Control
To manage a large number of permission sets more efficiently, Adevinta introduced Attribute-Based Access Control (ABAC), which offers a more granular and flexible approach to access management. ABAC enables permissions to be assigned based on user attributes, providing a dynamic method to cater to the diverse roles and requirements within the organization. Eventually, Adevinta transitioned to customer-managed policies, further enhancing their ability to manage permissions at scale. This implementation underscores Adevinta’s commitment to maintaining robust security measures while ensuring that access management remains efficient and scalable across its multi-cloud infrastructure.
Notifications and Alerts
Development of the Notifications API
Adevinta has consistently emphasized the importance of effective communication and timely responses, leading to the development of the Notifications API. This tool ensures that important emails and notifications from AWS are appropriately routed to the relevant users. Furthermore, the API manages notifications for internal processes such as budgeting period reminders and cost alerts. By routing notifications to the right individuals, the Notifications API helps Adevinta maintain effective communication and ensures that critical information is delivered promptly, supporting timely decision-making and responsiveness.
Handling Internal Processes
Adevinta, a leading global expert in online classifieds, has crafted a thorough strategy for managing and governing cloud resources across a variety of providers. Their method zeroes in on three main objectives: empowering their teams, optimizing costs, and making cloud resource provisioning more efficient. To meet their goals, Adevinta prioritizes delivering autonomy to their teams, allowing them to make timely, informed decisions regarding cloud resources. This sense of empowerment drives efficiency and innovation. Concurrently, by refining cost management practices, Adevinta aims to maximize the value derived from their cloud investments. Effective cost optimization not only helps in reducing unnecessary expenses but also reallocates resources toward pivotal projects, thereby enhancing overall productivity.
Moreover, Adevinta’s strategy emphasizes efficient cloud resource provisioning to eliminate bottlenecks and enhance responsiveness. By leveraging advanced tools and automation, they streamline processes, ensuring quick deployment and scalability. This precision allows them to remain agile and competitive in the fast-paced digital landscape.
In summary, Adevinta’s multi-faceted approach encompasses team empowerment, cost efficiency, and streamlined cloud provisioning, all of which play crucial roles in their successful multi-cloud governance and cost management practices.