How Swiss Life Germany automated knowledge governance and collaboration with Amazon SageMaker

Knowledge has turn into an indispensable strategic asset for your complete monetary companies business, driving innovation and aggressive benefit in an more and more digital market. At Swiss Life Germany, maximizing the worth of this asset means empowering inside groups to derive actionable insights and ship personalised monetary options to numerous clientele. This led to the necessity to set up seamless knowledge sharing workflows that improve cross-departmental collaboration whereas sustaining strict safety and compliance requirements. To perform this, Swiss Life Germany determined to implement superior knowledge processing and governance capabilities utilizing Amazon SageMaker.

Integrating SageMaker right into a extremely regulated enterprise atmosphere required aligning the service’s agility with Swiss Life’s rigorous infrastructure as code (IaC) automation requirements. This submit demonstrates how Swiss Life Germany addressed these subtle deployment necessities by creating a {custom} Terraform sample designed particularly for platform engineers and knowledge architects.

Swiss Life Germany cloud journey

Swiss Life Germany is a number one supplier of custom-made pension merchandise and monetary recommendation. Constructing on over 100 years of delivering insurance coverage, retirement planning, and wealth administration options, a key driver of the corporate’s current evolution was the strategic transition from legacy on-premises knowledge facilities to a contemporary, cloud-centric structure. After an in depth analysis of varied suppliers, Swiss Life Germany chosen Amazon Net Companies (AWS) because the strategic basis to modernize their knowledge operations. Through the use of AWS, the group was in a position to transition from capital-intensive knowledge facilities to a versatile pay-as-you-go mannequin, considerably decreasing the operational prices.

Following their complete AWS cloud migration over the past two years—combining 30% re-platforming with 70% lift-and-shift methods—Swiss Life Germany modernized infrastructure administration by IaC. The corporate launched the governance idea of an IT System. An IT System is a basic unit of administration that defines a software program element no matter its origin. Whether or not a element is bought from a vendor, self-developed or consumed as software program as a service (SaaS), it’s built-in into this single governance construction. This ensures that off-the-shelf merchandise and custom-coded purposes are held to the identical excessive requirements of visibility and accountability. Each IT system is required to take care of particular attributes that enable for seamless oversight akin to distinctive identifiers, assigned possession and the related AWS sources logically grouped beneath the IT System they assist.

The place conventional approaches would retailer and expose this info in configuration administration database (CMDB)-like techniques to retailer static snapshots of asset knowledge, Swiss Life adopted a extra dynamic mannequin. Through the use of GraphQL API as a unified meta-model, the corporate queries software knowledge immediately from its main supply techniques. This method eliminates the delays frequent in batch-processed databases, making certain most freshness. The API serves as a single entry level for infrastructure knowledge, documentation, organizational metadata, and even inter-application dependencies. The transparency and automation gained by this everything-as-code and API-first method offered a blueprint for the Swiss Life Knowledge Platform: full transparency, reproducibility, and end-to-end automation.

This strong technical basis served as a catalyst and prerequisite for Swiss Life’s broader strategic targets and ruled framework.

Defining the imaginative and prescient for a unified knowledge answer

With the architectural foundations in place, the subsequent problem was to determine environment friendly knowledge flows from manufacturing techniques by knowledge engineering groups to finish customers throughout numerous enterprise divisions, with lots of of particular use instances demanding consideration.

For example, Swiss Life’s buyer portal specialists needed to validate the effectiveness of marketing campaign administration and push notification techniques in real-time, requiring safe and rapid entry to interplay knowledge.

Safety necessities added one other layer of complexity, as a result of Swiss Life’s answer wanted to include strong compliance requirements together with two-factor authentication, session-based entry controls, and granular row and column-level safety protections.

To align with the overarching Swiss Life Germany cloud technique, the corporate aimed to construct a contemporary knowledge answer atop their present AWS knowledge and analytics companies. AWS launched SageMaker to Swiss Life Germany following its announcement at AWS re:Invent 2024. A proof-of-concept shortly validated that this was the suitable device to advance Swiss Life’s knowledge journey. By deploying a completely automated framework, Swiss Life Germany sought to create a safe, compliant framework with SageMaker democratizing knowledge entry for licensed customers, in the end enabling sooner enterprise insights and extra responsive buyer experiences throughout your complete knowledge atmosphere.

Having met the infrastructure necessities, let’s have a look at what SageMaker seems to be like for finish customers and the way knowledge platform directors can management entry and sources at a granular stage.

Customers and their forms of tasks

A typical finish person expertise inside Amazon SageMaker Unified Studio begins with making a challenge. A challenge is a logical boundary inside a area the place the info groups can collaborate and work on a enterprise use case. Directors would provision the blueprints and challenge profile templates for the info groups, as proven within the following determine.

Nonetheless, at Swiss Life, they’ve prolonged the info platform administrator’s function to additionally create tasks to allow them to preserve regulatory compliance and take away preliminary onboarding hurdles. The tip person expertise in SageMaker Unified Studio is simplified with knowledge groups deciding on their respective tasks to work on a enterprise initiative, as proven within the following determine.

To implement this answer successfully, Swiss Life recognized completely different person teams:

• A answer crew creating an IT System that may act as producer or client of information belongings.
• A knowledge scientist doing superior knowledge processing. They’ll most certainly devour a variety of knowledge belongings and would possibly produce some excessive aggregated knowledge belongings. The info processing software program can also be categorized as an IT System.
• Enterprise customers who’ve some SQL abilities and need to course of knowledge to get insights for his or her every day enterprise.
• A platform crew administering the info platform. They supply core companies to all customers to make participation as simple as attainable.
• A knowledge officer who needs to have a single level of interpretation for knowledge.

Given this numerous set of person teams, the ensuing knowledge platform needed to assist a federated knowledge group with a centralized governance, decentralized knowledge shops and data-processing organized on the IT System stage. This structure means the SageMaker administration account—which orchestrates the info area—incorporates no precise knowledge, as an alternative, knowledge and compute sources reside within the particular person IT System AWS accounts. Swiss Life’s implementation distinguishes between two basic challenge varieties:

• IT System tasks (for technical customers)
• Group tasks (for non-technical customers)

Swiss Life determined to align crew tasks with particular organizational models and function them with out staging environments, offering devoted workspaces for departmental knowledge initiatives. In distinction, IT System tasks are related to particular options akin to buyer portal or CRM techniques. These comply with a structured staging methodology, with every answer crew managing devoted DEV, TEST, and PROD environments to take care of correct growth lifecycles and high quality management.

This federated structure is designed to deal with the immense scale and variety of Swiss Life’s knowledge panorama. Swiss Life’s knowledge platform would then intention to offer unified entry to over 180 database servers with over 1,800 databases and 18 thousand tables throughout all phases (DEV, TEST and PROD).

On this submit, we concentrate on the IT System tasks.

How Swiss Life constructed the automation framework

As a result of Terraform is the popular IaC device throughout Swiss Life Germany, the crew confronted an attention-grabbing architectural problem: whereas the prevailing infrastructure framework incorporates quite a few AWS companies which are readily supported by Terraform, SageMaker required a {custom} integration method to align with Swiss Life’s superior automation patterns.

Fairly than adopting a handbook ClickOps method to infrastructure administration, Swiss Life developed an progressive answer to maintain your complete infrastructure—together with SageMaker—inside their Terraform automation, preserving key advantages like state administration. The crew completed this through the use of Terraform’s AWS Lambda invoke operate useful resource with a create, learn, replace, delete (CRUD) lifecycle scope. Through the use of this method, the group may preserve a single supply of fact for infrastructure, whereas accommodating particular necessities of SageMaker. This element is named the Administration Lambda and it serves as a bridge between Terraform’s declarative configuration and SageMaker, in order that Swiss Life can provision, modify, and decommission Amazon SageMaker sources by established Terraform workflows.

The next is the snippet of a brand new area creation utilizing Terraform and Administration Lambda:

useful resource"aws_lambda_invocation" "area" {
  function_name = "management-lambda-function-name"
  lifecycle_scope = "CRUD"
  enter = jsonencode({
  useful resource = "area"
  domain_name = "SwissLife"
  domain_execution_role = "arn:aws:iam::012345678912:function/sus_domain_execution_role"
  domain_service_role = "arn:aws:iam::012345678912:function/sus_service_role"
  })
}

Utilizing this method, Swiss Life efficiently automated each side of deploying an entire SageMaker area set up throughout the Swiss Life cloud knowledge platform. The automation encompasses your complete area creation course of, utilizing the SageMaker area unit function as an organizational framework for numerous challenge portfolio.

Deployment structure

Let’s dive deeper into the person steps of the automation course of itself. As stated, all sources inside SageMaker are managed by the Terraform-invoked Administration Lambda whereas different sources are immediately managed by Terraform itself. The Administration Lambda and SageMaker sources akin to domains, metadata fields and others reside within the central SageMaker account. Customers of the info platform have their very own AWS accounts. To start out with, AWS Lake Formation needed to be enabled throughout all AWS accounts, which may then act as client or supplier to the platform. Utilizing the established AWS Touchdown Zones mechanism, this was executed by a single deployment to the administration account. This early step additionally verified the administration function being current in all accounts and assumable by the Administration Lambda.

The next steps are used to arrange Swiss Life’s knowledge platform from scratch, as proven within the following diagram:

1. The Administration Lambda is deployed to Swiss Life’s designated SageMaker account. This Lambda operate makes use of the described CRUD sample for all subsequent SageMaker-specific operations.
2. The area provisioning begins by creating the service and area execution roles, after which the Administration Lambda creates the area and makes use of these roles. Throughout this step, administrative customers and their related permissions are additionally configured.
3. Upon profitable area creation, the Lambda operate returns the area identifier as output. This identifier is then used to let all AWS accounts of the corporate be part of this area. These can now act as suppliers or customers on the platform, leading to a frictionless onboarding of groups.
4. As a result of Swiss Life determined to stage knowledge merchandise in a single area, the DEV, TEST, and PROD area models are then created, establishing the hierarchical construction beneath which IT System tasks are subsequently created within the subsequent implementation section.

All tasks and groups with the required conditions arrange are then created robotically. That is executed through the use of the enterprise GraphQL API talked about to retrieve all IT merchandise, their groups and roles. With that, every crew already has their ready-to-use challenge in place upon singing into the platform. Intimately this course of seems to be like the next:

Persevering with with the sooner instance: the shopper portal crew must share their knowledge with others within the group and is utilizing their devoted challenge for this function. The method is proven within the following determine.

1. The deployment initiates with a cross-account function assumption by the Administration Lambda to activate the blueprint configuration within the crew’s AWS account. A standardized creation course of was constructed to assist facilitate all accounts are configured identically, sustaining consistency throughout the atmosphere.
2. Subsequent, a challenge profile particularly tailor-made for the shopper portal challenge is created. This profile establishes the foundational settings and permissions framework that may govern the challenge’s operations.
3. With the profile in place, the precise challenge inside this beforehand established challenge profile can now be provisioned, instantiating the working atmosphere, the place knowledge sharing and collaboration will happen. This ends in an an identical quantity of challenge profiles and tasks within the SageMaker Unified Studio area.
4. Lastly, an automatic membership administration course of is triggered. The system once more queries Swiss Life’s Enterprise GraphQL API to determine all members of the answer crew and robotically provides them as challenge members with acceptable permissions. This course of executes every day, to assist make sure that challenge entry permissions stay present and precisely mirror crew composition adjustments.

Within the third and ultimate deployment step, the person expertise is enhanced by making the info platform instantly usable for groups in manufacturing. When groups and their members first entry the area URL, they discover a challenge atmosphere already populated with all essential belongings, to allow them to start working immediately. That is completed by the next steps, proven within the following determine:

1. An automatic discovery course of is triggered that identifies all Amazon Easy Storage Service (Amazon S3) buckets and AWS Glue belongings related to the precise buyer portal IT System. This stock is created through the use of the AWS Useful resource Tagging API with particular filters concentrating on these asset varieties, so that each one related sources for precisely that IT System are captured.
2. When recognized, all found S3 buckets are registered as knowledge lake areas throughout the platform. For every location, they create an AWS Identification and Entry Administration (IAM) function with exact entry permissions, adhering to the least privilege safety mannequin.
3. Then grantable permissions are granted to the SageMaker challenge function for these belongings, establishing a permission delegation framework that permits challenge members to handle entry inside their challenge scope—managing cross challenge entry—whereas sustaining total governance.
4. Lastly, the AWS Glue databases are added as knowledge sources throughout the challenge. These knowledge sources are configured with every day synchronization schedules to robotically load new metadata into SageMaker, serving to to make sure that catalog info stays present with out handbook intervention.

What a crew wants to begin with all of this

The overarching purpose all through this implementation has been to simplify the adoption course of for the interior knowledge groups. To make sure the info groups may instantly use the highly effective capabilities of SageMaker while not having to handle its underlying structure, Swiss Life Germany streamlined the expertise by pre-packing your complete onboarding course of right into a high-level Terraform module. Groups can then use the module to deploy an entire, production-ready atmosphere with minimal configuration, accelerating their path from setup to perception.

The next is an instance of the code utilized by the module.

module "membership" {
	supply = ""
	it_system_labels = ["kundenportal"]
	domain_name = "SwissLife"
	vpc_id = "vpc_id"
	subnet_ids = ["subnet_a", "subnet_b", "subnet_c"]
}

To provoke this, the info groups outline their fundamental parameters akin to community configuration or their IT-System identifier as outlined beforehand and submit a pull request within the central Git repository. After the Swiss Life knowledge platform crew critiques and approves the request, the automated processes run within the background, getting ready the whole atmosphere. This automated method has lowered deployment time for brand spanking new environments from a number of weeks of handbook coordination to beneath 20 minutes.

Fairly than requiring customers to know the intricate deployment steps and managing the infrastructure, the automated deployment course of empowers enterprise models, just like the buyer portal crew, to concentrate on deriving insights. On the identical time, the Swiss Life Germany knowledge platform crew additionally maintains exact management over useful resource allocations, entry rights and price administration.

Future enhancements

Trying forward, Swiss Life plans to raise its automation to the next stage of enterprise abstraction. The subsequent main enhancement focuses on eradicating the requirement for groups to request particular technical belongings. As a substitute, the imaginative and prescient is to implement an intuitive interface the place groups can specify the enterprise phrases or knowledge domains they require. The system will robotically determine and provision the right underlying technical belongings related to these enterprise definitions.

This semantic layer will create a extra pure interplay mannequin, in order that enterprise customers can assume and work in acquainted ideas quite than technical constructs. For instance, quite than requesting entry to particular S3 buckets or AWS Glue databases, a advertising and marketing analyst would possibly point out they want buyer interplay knowledge or marketing campaign response metrics. An automatic system will then map these enterprise phrases to the suitable technical sources, provision entry, and configure the atmosphere accordingly.

By elevating automation to this enterprise terminology stage, Swiss Life goals to additional scale back friction within the knowledge entry course of whereas sustaining its strong safety and governance framework. This evolution represents Swiss Life Germany’s dedication to constantly enhancing how knowledge serves the enterprise, making subtle knowledge capabilities more and more accessible to all components of the group.

Conclusion

By means of the great automation of Amazon SageMaker, Swiss Life Germany has remodeled their utilization of information from a fancy technical problem right into a streamlined enterprise enabler. Through the use of AWS companies and their progressive Terraform-Lambda integration method, Swiss Life created a safe, compliant knowledge platform that maintains governance whereas democratizing entry throughout the complete group. The automated deployment course of helps guarantee consistency throughout environments whereas dramatically decreasing the technical information required for groups to start utilizing superior knowledge capabilities. Enterprise models, such because the buyer portal crew, can now concentrate on deriving insights quite than managing infrastructure, accelerating data-driven choice making all through the corporate. This implementation represents a major milestone in Swiss Life Germany’s cloud journey, demonstrating how considerate automation can concurrently improve safety, enhance operational effectivity, and speed up enterprise outcomes.

As of at the moment, 5 organizational unit groups and 15 IT System groups had been onboarded to the platform. To hurry issues up, Swiss Life has determined to onboard all 180 database clusters and devour knowledge utilizing SageMaker over the approaching months. This growth is designed to allow groups to make use of the info platform and improve the effectivity of information discovery and knowledge sharing processes throughout the group.

Concerning the authors