AWS in Switzerland and Austria (Alps)

Swissport’s cloud journey: Automated cross-account monitoring and incident response with AWS

In this blog post, we will explore Swissport’s cloud journey as they migrate their core business applications to AWS. We will dive into how they implemented a robust incident management solution to support their migration efforts, resulting in a 65% improvement in incident response times and an 80% increase in SLA compliance, setting a solid foundation for cloud adoption.

Swissport’s migration journey to AWS

Swissport International AG is the world’s leading provider of airport ground services and air cargo handling based on revenue and number of airports served. In 2023 Swissport provided best-in-class airport ground services for 232 million passengers, handled 4.7 million tons of air freight at 115 centers, and was active at 286 airports in 44 countries.

In 2023, Swissport embarked on a transformative journey with AWS by establishing an AWS Landing Zone, marking a significant milestone in their cloud journey. This strategic move enabled them to successfully migrate their Global SAP environment to AWS, setting the stage for further migrations. Currently, Swissport is amid transitioning their core business applications, crucial for resource planning and data exchange, enhancing their operational flexibility and efficiency. Additionally, Swissport is integrating the AWS cloud environment into their global service desk using Halo ITSM, ensuring a seamless and unified IT landscape.

Addressing operations challenges during and post migration

Migrating core business applications presents several challenges. Unexpected service interruptions that can occur during and after a migration lead to potential disruptions in ground handling, negatively affecting passenger experiences and customer satisfaction. As the security standard at Swissport requires, it is crucial to ensure seamless integration between the Swissport AWS environment and Halo ITSM. The integration process is complicated by the presence of multiple resolver groups, each responsible for different cloud applications, which can lead to fragmented incident management and coordination issues. Additionally, Swissport’s incident response must be rapid to meet strict SLAs, necessitating a streamlined and efficient process. Thus, the cloud environment should provide the real-time visibility and detailed information to identify the source of incidents for effective incident management and service delivery. Furthermore, as Swissport continues to expand its cloud infrastructure, the creation of new AWS accounts adds another layer of complexity. Manually enrolling each new account into the existing integration framework would be cumbersome and inefficient, potentially leading to delays and inconsistencies.

Addressing the operations challenges Swissport and other customers face, AWS provides a comprehensive suite of tools and services that can effectively integrate their cloud environment with service desk and ensuring robust incident management, minimizing the effort in cloud operations and the impact on business and customer experiences.

Architecture for observability, incident response, and automated deployment

Diagram showing the overall architecture for cross-account monitoring and incident response. AWS Service Catalog and AWS CloudFormation deploy resources into member accounts. Amazon CloudWatch Alarms publish events onto a central event bus in a central monitoring account. A centralized CloudWatch dashboard shows the cross-account metrics. A Lambda function is triggered for every event, relaying the information into Halo ITSM that is processed by their runbook to identify the corresponding resolver groups.

Swissport has implemented the serverless, event-driven architecture above that integrates with Halo ITSM for observability, incident response, and automated deployment:

Cross-account observability: Swissport created a central monitoring account within their AWS Landing Zone to enhance their ability to manage and oversee their cloud environment effectively. This monitoring account serves as a central hub for collecting and analyzing telemetry data, such as logs, metrics, and traces, from multiple AWS member accounts across their organization. In these member accounts, Amazon CloudWatch alarms are set up to provide real-time alerts on specific thresholds and performance issues. The alarms capture the detailed information such as account ID and resource ARN to identify the incident source. By leveraging CloudWatch cross-account observability dashboard, Swissport can seamlessly search, visualize, and analyze metrics, logs, and traces without account boundaries.

Event-driven incident response: By implementing the cross-account Amazon EventBridge architecture, Swissport set up a centralized EventBridge event bus which can capture and process events from multiple AWS accounts, ensuring real-time visibility into their cloud operations. When an event, such as a system anomaly or a threshold breach, is detected by CloudWatch, it triggers an EventBridge rule that routes the event to predefined targets. The target of the central EventBridge is an AWS Lambda function, which plays a crucial role in automating the incident response process. The Lambda function is configured to send detailed event data via a REST API to Halo ITSM. The serverless nature of EventBridge and Lambda allows it to automatically scale to handle varying volumes of events, providing a flexible and cost-effective solution that ensures that incidents are immediately logged with all necessary context, allowing Halo ITSM to quickly identify the appropriate resolver group. By automating this workflow, Swissport not only accelerates incident response times but also maintains compliance with stringent SLAs, enhancing overall operational resilience and efficiency.

Automated deployment: Swissport wants to ensure that newly added member AWS accounts are automatically enrolled into the incident response system. For this purpose, they create a centralized AWS Service Catalog repository of approved Infrastructure as Code (IaC) templates. These AWS CloudFormation templates define the infrastructure and configurations required for setting up CloudWatch alarms and the EventBridge event bus. When a new AWS account is added to Swissport’s AWS Organization, Service Catalog deploys the CloudFormation templates, ensuring that each account is equipped with the necessary monitoring and event-handling capabilities. This automated approach not only streamlines the deployment process but also ensures consistency and compliance across all accounts.

Conclusion

Swissport’s migration to AWS highlights a strategic approach to modernizing IT infrastructure while boosting operational efficiency. By collaborating closely with AWS, Swissport has enhanced its incident management and streamlined seamless service delivery across global operations. The implementation of the event-driven architecture has enhanced incident response times by 65% and improved compliance with strict SLAs by 80%, laying a strong foundation for Swissport’s future growth on AWS.

To explore more customer success stories and learn how AWS empowers organizations in Switzerland, visit our AWS in Switzerland and customers success stories pages. To dive deeper into the services and solutions mentioned in this blog:

Spac