About GRNET
GRNET S.A. – National Infrastructures for Research and Technology, is a leading public sector technology company in Greece, operating since 1998 under the Ministry of Digital Governance. It provides networking, cloud computing, HPC, and data management services to academic, research, and public institutions. GRNET plays a crucial role in Greece's digital transformation, supporting the design of advanced information systems and services across various sectors. Key initiatives include the National Competence Center for HPC, the National Academy of Digital Skills, and the Greek Internet Exchange (GR-IX). GRNET also collaborates on Open Science projects and the National AI Strategy, interconnecting institutions nationally and internationally via the GÉANT network.
The Challenge
GRNet has been instrumental in providing advanced technological services to various institutions. Expanding its AWS services from research projects to educational institutions was a strategic move to enhance the digital infrastructure of Greece’s educational sector. This expansion required the development of a comprehensive user management system, presenting several unique challenges that needed to be addressed to ensure secure, efficient, and cost-effective service delivery.
- Resource Isolation: In a shared AWS account environment, it was critical to ensure that each student had isolated access to their own resources. This was necessary to prevent accidental or intentional interference with peers' work, thereby maintaining the integrity and security of individual projects.
- Infrastructure as Code (IaC) Integration: The solution had to be developed using Terraform to fit seamlessly into GRNet's existing account provisioning pipelines. This was essential for automating the deployment process, ensuring consistency, and reducing manual intervention.
- Cost Management: Accurate tracking and management of AWS spending for each class and individual student were essential. This required a robust system that could tag and monitor resource usage and provide detailed cost reports to manage budgets effectively.
The Solution
PCG collaborated closely with GRNet to understand their specific requirements and challenges. Together, we developed a solution that leverages AWS services effectively, adhering to AWS and industry best practices, while also incorporating our extensive experience in cloud solutions. This approach gives the solution the best chance of being robust, scalable, and aligned with the educational institutions' needs:
Secure and Isolated Resource Access:
- Custom IAM policies were created for each AWS service, ensuring students could only access their own resources
- These policies were linked to IAM Identity Center Permission Sets, providing fine-grained control over resource access
- Resource tagging was enforced at creation using AWS Lambda functions, maintaining consistent access controls.
Automated Resource Management:
- Terraform scripts were developed to automate resource provisioning.
- Terraform was integrated with AWS Account Factory for Terraform (AFT) for smooth and consistent deployment.
- Monitoring of user logins was handled through AWS CloudTrail and AWS EventBridge, while AWS StepFunctions, and Lambda automatically created dedicated Resource Groups, S3 buckets, and folders for each student.
Cost Tracking and Management:
- Cost allocation tags were applied to all resources, ensuring that expenses could be tracked accurately.
- The AWS Cost Explorer API was used to generate detailed cost reports, providing transparency and allowing for precise tracking of expenses for each class and student.
Architecture diagram
Results and Benefits
The AWS solutions implemented by PCG enable secure resource isolation through automated Resource Group creation for each student. Terraform scripts and AWS AFT integration automate resource provisioning, while cost allocation tags and the Cost Explorer API provide detailed cost tracking and reporting capabilities.
These technical improvements translate into substantial business benefits, enhancing GRNet’s operational efficiency and financial management capabilities:
- Enhanced Security and Productivity: Students can now work securely without the risk of their work being affected by others, fostering a more productive learning environment. The isolated resource setup ensures that students' projects are protected, enhancing overall security.
- Operational Efficiency: Automated provisioning reduces manual workload and increases the speed of resource deployment. Consistent deployment practices ensure reliable and efficient service delivery, aligning with GRNet’s goal of scalable operations.
- Improved Financial Oversight: Detailed cost tracking and reporting provides transparency, aiding in effective budget management. The ability to monitor and manage AWS spending more effectively ensures the cost-effective use of resources, optimising financial performance.
Overall, PCG’s innovative approach to leveraging AWS services has significantly improved the capacity of GRNET to support educational institutions in Greece. By addressing key challenges related to resource isolation, automated provisioning, and cost tracking, GRNet can now continue to drive digital transformation and support advanced information systems and services in the academic sector.
About PCG
Public Cloud Group (PCG) supports companies in their digital transformation through the use of public cloud solutions.
With a product portfolio designed to accompany organisations of all sizes in their cloud journey and competence that is a synonym for highly qualified staff that clients and partners like to work with, PCG is positioned as a reliable and trustworthy partner for the hyperscalers, relevant and with repeatedly validated competence and credibility.
We have the highest partnership status with the three relevant hyperscalers: Amazon Web Services (AWS), Google, and Microsoft. As experienced providers, we advise our customers independently with cloud implementation, application development, and managed services.