How Swiss Life Germany automated knowledge governance and collaboration with Amazon SageMaker

Information has change into an indispensable strategic asset for all the monetary companies trade, driving innovation and aggressive benefit in an more and more digital market. At Swiss Life Germany, maximizing the worth of this asset means empowering inner groups to derive actionable insights and ship personalised monetary options to numerous clientele. This led to the necessity to set up seamless knowledge sharing workflows that improve cross-departmental collaboration whereas sustaining strict safety and compliance requirements. To perform this, Swiss Life Germany determined to implement superior knowledge processing and governance capabilities utilizing Amazon SageMaker.

Integrating SageMaker right into a extremely regulated enterprise setting required aligning the service’s agility with Swiss Life’s rigorous infrastructure as code (IaC) automation requirements. This put up demonstrates how Swiss Life Germany addressed these refined deployment necessities by growing a {custom} Terraform sample designed particularly for platform engineers and knowledge architects.

Swiss Life Germany cloud journey

Swiss Life Germany is a number one supplier of personalized pension merchandise and monetary recommendation. Constructing on over 100 years of delivering insurance coverage, retirement planning, and wealth administration options, a key driver of the corporate’s current evolution was the strategic transition from legacy on-premises knowledge facilities to a contemporary, cloud-centric structure. After an intensive analysis of varied suppliers, Swiss Life Germany chosen Amazon Internet Companies (AWS) because the strategic basis to modernize their knowledge operations. By utilizing AWS, the group was in a position to transition from capital-intensive knowledge facilities to a versatile pay-as-you-go mannequin, considerably lowering the operational prices.

Following their complete AWS cloud migration over the past two years—combining 30% re-platforming with 70% lift-and-shift methods—Swiss Life Germany modernized infrastructure administration by IaC. The corporate launched the governance idea of an IT System. An IT System is a basic unit of administration that defines a software program element no matter its origin. Whether or not a element is bought from a vendor, self-developed or consumed as software program as a service (SaaS), it’s built-in into this single governance construction. This ensures that off-the-shelf merchandise and custom-coded functions are held to the identical excessive requirements of visibility and accountability. Each IT system is required to keep up particular attributes that enable for seamless oversight comparable to distinctive identifiers, assigned possession and the related AWS assets logically grouped beneath the IT System they assist.

The place conventional approaches would retailer and expose this data in configuration administration database (CMDB)-like techniques to retailer static snapshots of asset knowledge, Swiss Life adopted a extra dynamic mannequin. By utilizing GraphQL API as a unified meta-model, the corporate queries software knowledge immediately from its main supply techniques. This strategy eliminates the delays widespread in batch-processed databases, guaranteeing most freshness. The API serves as a single entry level for infrastructure knowledge, documentation, organizational metadata, and even inter-application dependencies. The transparency and automation gained by this everything-as-code and API-first strategy supplied a blueprint for the Swiss Life Information Platform: full transparency, reproducibility, and end-to-end automation.

This strong technical basis served as a catalyst and prerequisite for Swiss Life’s broader strategic objectives and ruled framework.

Defining the imaginative and prescient for a unified knowledge answer

With the architectural foundations in place, the subsequent problem was to determine environment friendly knowledge flows from manufacturing techniques by knowledge engineering groups to finish customers throughout varied enterprise divisions, with a whole bunch of particular use instances demanding consideration.

For example, Swiss Life’s buyer portal specialists needed to validate the effectiveness of marketing campaign administration and push notification techniques in real-time, requiring safe and quick entry to interplay knowledge.

Safety necessities added one other layer of complexity, as a result of Swiss Life’s answer wanted to include strong compliance requirements together with two-factor authentication, session-based entry controls, and granular row and column-level safety protections.

To align with the overarching Swiss Life Germany cloud technique, the corporate aimed to construct a contemporary knowledge answer atop their current AWS knowledge and analytics companies. AWS launched SageMaker to Swiss Life Germany following its announcement at AWS re:Invent 2024. A proof-of-concept rapidly validated that this was the suitable software to advance Swiss Life’s knowledge journey. By deploying a completely automated framework, Swiss Life Germany sought to create a safe, compliant framework with SageMaker democratizing knowledge entry for licensed customers, finally enabling quicker enterprise insights and extra responsive buyer experiences throughout all the knowledge setting.

Having met the infrastructure necessities, let’s take a look at what SageMaker seems to be like for finish customers and the way knowledge platform directors can management entry and assets at a granular degree.

Customers and their sorts of tasks

A typical finish consumer expertise inside Amazon SageMaker Unified Studio begins with making a undertaking. A undertaking is a logical boundary inside a area the place the information groups can collaborate and work on a enterprise use case. Directors would provision the blueprints and undertaking profile templates for the information groups, as proven within the following determine.

Nonetheless, at Swiss Life, they’ve prolonged the information platform administrator’s position to additionally create tasks to allow them to keep regulatory compliance and take away preliminary onboarding hurdles. The tip consumer expertise in SageMaker Unified Studio is simplified with knowledge groups choosing their respective tasks to work on a enterprise initiative, as proven within the following determine.

To implement this answer successfully, Swiss Life recognized completely different consumer teams:

• A answer staff growing an IT System that may act as producer or client of information belongings.
• A knowledge scientist doing superior knowledge processing. They’ll more than likely devour numerous knowledge belongings and may produce some excessive aggregated knowledge belongings. The info processing software program can also be categorized as an IT System.
• Enterprise customers who’ve some SQL expertise and need to course of knowledge to get insights for his or her day by day enterprise.
• A platform staff administering the information platform. They supply core companies to all customers to make participation as simple as attainable.
• A knowledge officer who desires to have a single level of interpretation for knowledge.

Given this numerous set of consumer teams, the ensuing knowledge platform needed to assist a federated knowledge group with a centralized governance, decentralized knowledge shops and data-processing organized on the IT System degree. This structure means the SageMaker administration account—which orchestrates the information area—incorporates no precise knowledge, as an alternative, knowledge and compute assets reside within the particular person IT System AWS accounts. Swiss Life’s implementation distinguishes between two basic undertaking varieties:

• IT System tasks (for technical customers)
• Workforce tasks (for non-technical customers)

Swiss Life determined to align staff tasks with particular organizational models and function them with out staging environments, offering devoted workspaces for departmental knowledge initiatives. In distinction, IT System tasks are related to particular options comparable to buyer portal or CRM techniques. These observe a structured staging methodology, with every answer staff managing devoted DEV, TEST, and PROD environments to keep up correct improvement lifecycles and high quality management.

This federated structure is designed to deal with the immense scale and variety of Swiss Life’s knowledge panorama. Swiss Life’s knowledge platform would then purpose to supply unified entry to over 180 database servers with over 1,800 databases and 18 thousand tables throughout all phases (DEV, TEST and PROD).

On this put up, we deal with the IT System tasks.

How Swiss Life constructed the automation framework

As a result of Terraform is the popular IaC software throughout Swiss Life Germany, the staff confronted an fascinating architectural problem: whereas the present infrastructure framework incorporates quite a few AWS companies which might be readily supported by Terraform, SageMaker required a {custom} integration strategy to align with Swiss Life’s superior automation patterns.

Quite than adopting a handbook ClickOps strategy to infrastructure administration, Swiss Life developed an progressive answer to maintain all the infrastructure—together with SageMaker—inside their Terraform automation, preserving key advantages like state administration. The staff completed this through the use of Terraform’s AWS Lambda invoke perform useful resource with a create, learn, replace, delete (CRUD) lifecycle scope. By utilizing this strategy, the group might keep a single supply of fact for infrastructure, whereas accommodating particular necessities of SageMaker. This element is named the Administration Lambda and it serves as a bridge between Terraform’s declarative configuration and SageMaker, in order that Swiss Life can provision, modify, and decommission Amazon SageMaker assets by established Terraform workflows.

The next is the snippet of a brand new area creation utilizing Terraform and Administration Lambda:

useful resource"aws_lambda_invocation" "area" {
  function_name = "management-lambda-function-name"
  lifecycle_scope = "CRUD"
  enter = jsonencode({
  useful resource = "area"
  domain_name = "SwissLife"
  domain_execution_role = "arn:aws:iam::012345678912:position/sus_domain_execution_role"
  domain_service_role = "arn:aws:iam::012345678912:position/sus_service_role"
  })
}

Utilizing this strategy, Swiss Life efficiently automated each facet of deploying a whole SageMaker area set up inside the Swiss Life cloud knowledge platform. The automation encompasses all the area creation course of, utilizing the SageMaker area unit function as an organizational framework for numerous undertaking portfolio.

Deployment structure

Let’s dive deeper into the person steps of the automation course of itself. As mentioned, all assets inside SageMaker are managed by the Terraform-invoked Administration Lambda whereas different assets are immediately managed by Terraform itself. The Administration Lambda and SageMaker assets comparable to domains, metadata fields and others stay within the central SageMaker account. Customers of the information platform have their very own AWS accounts. To start out with, AWS Lake Formation needed to be enabled throughout all AWS accounts, which might then act as client or supplier to the platform. Utilizing the established AWS Touchdown Zones mechanism, this was achieved by a single deployment to the administration account. This early step additionally verified the administration position being current in all accounts and assumable by the Administration Lambda.

The next steps are used to arrange Swiss Life’s knowledge platform from scratch, as proven within the following diagram:

1. The Administration Lambda is deployed to Swiss Life’s designated SageMaker account. This Lambda perform makes use of the described CRUD sample for all subsequent SageMaker-specific operations.
2. The area provisioning begins by creating the service and area execution roles, after which the Administration Lambda creates the area and makes use of these roles. Throughout this step, administrative customers and their related permissions are additionally configured.
3. Upon profitable area creation, the Lambda perform returns the area identifier as output. This identifier is then used to let all AWS accounts of the corporate be part of this area. These can now act as suppliers or customers on the platform, leading to a frictionless onboarding of groups.
4. As a result of Swiss Life determined to stage knowledge merchandise in a single area, the DEV, TEST, and PROD area models are then created, establishing the hierarchical construction beneath which IT System tasks are subsequently created within the subsequent implementation part.

All tasks and groups with the required conditions arrange are then created mechanically. That is achieved through the use of the enterprise GraphQL API talked about to retrieve all IT merchandise, their groups and roles. With that, every staff already has their ready-to-use undertaking in place upon singing into the platform. Intimately this course of seems to be like the next:

Persevering with with the sooner instance: the shopper portal staff must share their knowledge with others within the group and is utilizing their devoted undertaking for this function. The method is proven within the following determine.

1. The deployment initiates with a cross-account position assumption by the Administration Lambda to activate the blueprint configuration within the staff’s AWS account. A standardized creation course of was constructed to assist facilitate all accounts are configured identically, sustaining consistency throughout the setting.
2. Subsequent, a undertaking profile particularly tailor-made for the shopper portal undertaking is created. This profile establishes the foundational settings and permissions framework that can govern the undertaking’s operations.
3. With the profile in place, the precise undertaking inside this beforehand established undertaking profile can now be provisioned, instantiating the working setting, the place knowledge sharing and collaboration will happen. This ends in an equivalent quantity of undertaking profiles and tasks within the SageMaker Unified Studio area.
4. Lastly, an automatic membership administration course of is triggered. The system once more queries Swiss Life’s Enterprise GraphQL API to determine all members of the answer staff and mechanically provides them as undertaking members with applicable permissions. This course of executes day by day, to assist be sure that undertaking entry permissions stay present and precisely replicate staff composition adjustments.

Within the third and last deployment step, the consumer expertise is enhanced by making the information platform instantly usable for groups in manufacturing. When groups and their members first entry the area URL, they discover a undertaking setting already populated with all crucial belongings, to allow them to start working immediately. That is completed by the next steps, proven within the following determine:

1. An automatic discovery course of is triggered that identifies all Amazon Easy Storage Service (Amazon S3) buckets and AWS Glue belongings related to the precise buyer portal IT System. This stock is created through the use of the AWS Useful resource Tagging API with particular filters concentrating on these asset varieties, so that each one related assets for precisely that IT System are captured.
2. When recognized, all found S3 buckets are registered as knowledge lake areas inside the platform. For every location, they create an AWS Identification and Entry Administration (IAM) position with exact entry permissions, adhering to the least privilege safety mannequin.
3. Then grantable permissions are granted to the SageMaker undertaking position for these belongings, establishing a permission delegation framework that enables undertaking members to handle entry inside their undertaking scope—managing cross undertaking entry—whereas sustaining total governance.
4. Lastly, the AWS Glue databases are added as knowledge sources inside the undertaking. These knowledge sources are configured with day by day synchronization schedules to mechanically load new metadata into SageMaker, serving to to make sure that catalog data stays present with out handbook intervention.

What a staff wants to start out with all of this

The overarching objective all through this implementation has been to simplify the adoption course of for the inner knowledge groups. To make sure the information groups might instantly use the highly effective capabilities of SageMaker with no need to handle its underlying structure, Swiss Life Germany streamlined the expertise by pre-packing all the onboarding course of right into a high-level Terraform module. Groups can then use the module to deploy a whole, production-ready setting with minimal configuration, accelerating their path from setup to perception.

The next is an instance of the code utilized by the module.

module "membership" {
	supply = ""
	it_system_labels = ["kundenportal"]
	domain_name = "SwissLife"
	vpc_id = "vpc_id"
	subnet_ids = ["subnet_a", "subnet_b", "subnet_c"]
}

To provoke this, the information groups outline their primary parameters comparable to community configuration or their IT-System identifier as outlined beforehand and submit a pull request within the central Git repository. After the Swiss Life knowledge platform staff evaluations and approves the request, the automated processes run within the background, getting ready the whole setting. This automated strategy has diminished deployment time for brand spanking new environments from a number of weeks of handbook coordination to beneath 20 minutes.

Quite than requiring customers to grasp the intricate deployment steps and managing the infrastructure, the automated deployment course of empowers enterprise models, just like the buyer portal staff, to deal with deriving insights. On the identical time, the Swiss Life Germany knowledge platform staff additionally maintains exact management over useful resource allocations, entry rights and value administration.

Future enhancements

Trying forward, Swiss Life plans to raise its automation to the next degree of enterprise abstraction. The following main enhancement focuses on eradicating the requirement for groups to request particular technical belongings. As an alternative, the imaginative and prescient is to implement an intuitive interface the place groups can specify the enterprise phrases or knowledge domains they require. The system will mechanically determine and provision the proper underlying technical belongings related to these enterprise definitions.

This semantic layer will create a extra pure interplay mannequin, in order that enterprise customers can suppose and work in acquainted ideas quite than technical constructs. For instance, quite than requesting entry to particular S3 buckets or AWS Glue databases, a advertising and marketing analyst may point out they want buyer interplay knowledge or marketing campaign response metrics. An automatic system will then map these enterprise phrases to the suitable technical assets, provision entry, and configure the setting accordingly.

By elevating automation to this enterprise terminology degree, Swiss Life goals to additional cut back friction within the knowledge entry course of whereas sustaining its strong safety and governance framework. This evolution represents Swiss Life Germany’s dedication to constantly bettering how knowledge serves the enterprise, making refined knowledge capabilities more and more accessible to all elements of the group.

Conclusion

By the excellent automation of Amazon SageMaker, Swiss Life Germany has reworked their utilization of information from a posh technical problem right into a streamlined enterprise enabler. By utilizing AWS companies and their progressive Terraform-Lambda integration strategy, Swiss Life created a safe, compliant knowledge platform that maintains governance whereas democratizing entry throughout the complete group. The automated deployment course of helps guarantee consistency throughout environments whereas dramatically lowering the technical data required for groups to start utilizing superior knowledge capabilities. Enterprise models, such because the buyer portal staff, can now deal with deriving insights quite than managing infrastructure, accelerating data-driven determination making all through the corporate. This implementation represents a major milestone in Swiss Life Germany’s cloud journey, demonstrating how considerate automation can concurrently improve safety, enhance operational effectivity, and speed up enterprise outcomes.

As of at present, 5 organizational unit groups and 15 IT System groups had been onboarded to the platform. To hurry issues up, Swiss Life has determined to onboard all 180 database clusters and devour knowledge utilizing SageMaker over the approaching months. This growth is designed to allow groups to make use of the information platform and improve the effectivity of information discovery and knowledge sharing processes throughout the group.

Concerning the authors