Streamlining Network Traffic Management: Kambi's Success with AWS Network Firewall and DevOps.

Written by
Sebastian Rosander
Published on
May 24, 2023

About

Kambi is the leading independent provider of premium sports betting technology and services to the regulated global betting and gaming industry.

Excutive Summary

Kambi faced a challenge with its manual, fragmented, and complex network and traffic management on AWS, causing high cost, operational overhead, and difficulties with separation of duty. Playground Tech and Kambi's Engineering Services team partnered to design a solution for egress and firewall management, deploying AWS Network Firewall in both a central inspection VPC and local VPCs. Terraform was used as an infrastructure as code tool, and Atlantis, Bitbucket, and Netbox were utilized to streamline the solution further. Kambi now has a secure, self-service solution for managing network traffic, enabling DevOps capabilities, increasing team autonomy and skills, and faster time to market for new product releases. Network changes have been reduced from days to hours, or in some cases, minutes, driving developer productivity and business success.

Challenge

Parts of Kambi's sports betting systems have been running on AWS since 2015, with infrastructure built mainly manually through the AWS Console. This manual approach resulted in a fragmented and complex network and traffic management, causing challenges with separation of duty, high cost, and significant operational overhead. In 2021, Kambi launched a DevOps initiative to enable team autonomy and growth on AWS, but the current network traffic management proved to be a hindrance.


Solution

Playground Tech and Kambi's Engineering Services team combined forces to design a cutting-edge solution for egress and firewall management. The solution deployed AWS Network Firewall in both a central inspection VPC and in each VPC requiring local internet ingress and/or egress. This enabled workloads to leverage local IGW and securely connect to internal networks (VPCs, on-premises) through the centralized inspection VPC. The private subnets within these VPCs still retain the option to utilize the centralized internet egress VPC, providing a flexible and comprehensive solution.


Architecture & Tools

By leveraging the AWS combined centralized and distributed deployment model as a blueprint, Playground Tech and Kambi's Engineering Services team took automation to the next level by using Terraform as an infrastructure as code tool to create AWS Transit Gateways, VPCs, Network Firewalls, and NAT Gateways. The solution was further streamlined with the use of Atlantis as a CI/CD tool for provisioning the infrastructure structure in a GitOps fashion, with Bitbucket serving as the version control system and Netbox for IP address management (IPAM).


Results and benefits

Kambi now boasts a streamlined and secure solution for managing network traffic, empowering their development teams to take control with DevOps capabilities.

Thanks to the expertise of Playground Tech, Kambi's Engineering Services team has gained the skills necessary to develop and maintain the solution independently.

With built-in self-service functionality, DevOps Engineers at Kambi have the freedom to modify firewall rules without relying on Engineering Operations, which is boosting their productivity, and enabling quicker time to market for new product releases.

The results speak for themselves: network changes that once took days are now completed in mere hours, and in some cases, minutes. Playground Tech has successfully transformed Kambi's networking and traffic management capabilities, increased developer productivity, and faster time to market.