Swissport’s cloud journey: Automated cross-account monitoring and incident response with AWS

In this blog post, we explore Swissport's cloud journey as the company migrates its core business applications to AWS. We'll look at how the company implemented a robust incident management solution to support its migration efforts, resulting in a 65% improvement in incident response times and an 80% improvement in SLA compliance, laying a solid foundation for cloud adoption.

Swissport's migration journey to AWS

Swissport International AG is the world's leading provider of airport ground services and air cargo handling in terms of revenue and number of airports served. In 2023, Swissport provided first-class airport ground services to 232 million passengers, handled 4.7 million tonnes of air cargo at 115 locations and was active at 286 airports in 44 countries.

In 2023, Swissport started a transformative journey with AWS and established an AWS Landing Zone, which marked a major milestone in its cloud journey. This strategic move enabled the company to successfully migrate its global SAP environment to AWS, setting the stage for further migrations. Currently, Swissport is in the midst of converting its core business applications, which are critical for resource planning and data exchange, to improve its operational flexibility and efficiency. In addition, Swissport is integrating the AWS cloud environment into its global service desk using Halo ITSM, ensuring a seamless and unified IT landscape.

Addressing operational challenges during and after migration

Migrating core business applications brings several challenges. Unexpected service interruptions that can occur during and after a migration lead to potential disruptions in ground handling operations and negatively impact passenger experience and customer satisfaction. As the security standard at Swissport dictates, it is critical to ensure seamless integration between Swissport's AWS environment and Halo ITSM. The integration process is complicated by the presence of multiple resolver groups, each responsible for different cloud applications, which can lead to fragmented incident management and coordination issues. In addition, Swissport needs to respond quickly to incidents to meet strict SLAs, which requires a streamlined and efficient process. Therefore, the cloud environment should provide real-time visibility and detailed information to identify the source of incidents for effective incident management and service delivery. As Swissport continues to expand its cloud infrastructure, the creation of new AWS accounts adds another layer of complexity. Manually registering each new account into the existing integration framework would be cumbersome and inefficient, potentially leading to delays and inconsistencies.

To address the operational challenges faced by Swissport and other customers, AWS offers a comprehensive suite of tools and services that effectively integrate the cloud environment with the service desk and ensure robust incident management, minimizing cloud operations overhead and impact on the business and customer experience.

Architecture for observability, incident response and automated deployment

Swissport has implemented the serverless, event-driven architecture described above, which integrates with Halo ITSM to enable observation, incident response, and automated provisioning:

Cross-account observability: Swissport has set up a central monitoring account within its AWS Landing Zone to more effectively manage and monitor its cloud environment. This monitoring account serves as a central hub to collect and analyze telemetry data such as logs, metrics, and traces from multiple AWS member accounts across the organization. Amazon CloudWatch alarms are set up within these member accounts to provide real-time alerts on specific thresholds and performance issues. The alarms capture detailed information such as account ID and resource ARN to identify the incident source. By leveraging CloudWatch's cross-account observability dashboard, Swissport can search, visualize, and analyze metrics, logs, and traces seamlessly without account boundaries.

Event-driven incident response: By implementing the Amazon EventBridge cross-account architecture, Swissport has set up a centralized EventBridge event bus that can ingest and process events from multiple AWS accounts, ensuring real-time visibility into cloud operations. When an event, such as a system anomaly or threshold violation, is detected by CloudWatch, it triggers an EventBridge rule that routes the event to predefined destinations. The target of the centralized EventBridge is an AWS Lambda function that plays a critical role in automating the incident response process. The Lambda function is configured to send detailed event data to Halo ITSM via a REST API. The serverless nature of EventBridge and Lambda enables automatic scaling to handle varying event volumes, providing a flexible and cost-effective solution that ensures incidents are immediately logged with all the necessary context information, allowing Halo ITSM to quickly identify the appropriate resolver group. By automating this workflow, Swissport not only accelerates incident response times but also meets strict SLAs, improving overall operational stability and efficiency.

Automated deployment: Swissport wants to ensure that newly added AWS member accounts are automatically onboarded to the incident response system. To do this, the company creates a central AWS Service Catalog repository of approved Infrastructure as Code (IaC) templates. These AWS CloudFormation templates define the infrastructure and configurations needed to set up CloudWatch alarms and the EventBridge event bus. When a new AWS account is added to Swissport's AWS organization, Service Catalog deploys the CloudFormation templates and ensures that each account is equipped with the required monitoring and event handling capabilities. This automated approach not only streamlines the deployment process, but also ensures consistency and compliance across all accounts.

Diploma

Swissport's migration to AWS underscores a strategic approach to modernizing its IT infrastructure while increasing operational efficiency. Working closely with AWS has enabled Swissport to improve its incident management and optimize seamless service delivery across its global operations. Implementing the event-driven architecture has reduced incident response times by 65% ​​and improved compliance with strict SLAs by 80%, laying a solid foundation for Swissport's future growth on AWS.

For more customer success stories and information on how AWS supports organizations in Switzerland, visit our AWS in Switzerland and Customer Success Stories pages. For more information on the services and solutions mentioned in this blog, visit:

Spac