Sunray Group
AWS-Service-Catalog
Industry Vertical – Hospitality
The Client
Sunray Group is a family‑owned, multifaceted corporation specializing in hospitality and development. The company believes in the strength of brand equity and has built an award‑winning portfolio that includes Marriott, Starwood, Hilton, Radisson, Best Western, IHG, Wyndham and Choice Hotels. Sunray also operates well‑known franchises such as Tim Horton’s, McDonald’s, Fionn McCool’s, Shell and Petro Canada. With operations spanning multiple regions and brands, the group needed a cloud strategy that would scale and standardize infrastructure without sacrificing agility.
The Challenge
Sunray’s existing provisioning processes were manual and time‑consuming, resulting in weeks of delay when teams needed new development, testing or production environments. The lack of standardized templates led to misconfigurations and inconsistent security controls across their hotel and franchise systems. As a hospitality leader subject to stringent regulatory requirements (including data privacy and PCI compliance), Sunray needed to ensure that every infrastructure deployment met corporate and industry standards. The company sought a way to enable self‑service provisioning for internal teams while maintaining centralized governance, cost control and auditability.
The Solution
Hallmark implemented an AWS Service Catalog–based solution that provided Sunray with a governed marketplace of cloud resources. A series of portfolios were created containing products for common workloads—secure VPC architectures, EC2 instances with hardened AMIs, encrypted RDS clusters, and complete multi‑tier application stacks. Service Catalog constraints restricted instance sizes, enforced network segmentation, and mandated tagging. The products were shared across Sunray’s AWS accounts through AWS Organizations, and a private catalog was made available through the AWS Service Catalog portal.
To enhance automation, the catalog integrated with Sunray’s CI/CD pipeline and third‑party ITSM tools. Engineers could trigger catalog product launches directly from their deployment pipelines or via the ServiceNow interface with approval workflows. TagOptions ensured that cost and security tags were automatically applied. In addition, AWS Systems Manager automation documents were exposed as catalog actions, allowing operations teams to perform routine tasks (patching, backups, configuration drift remediation) via the same portal.
Security and Governance
Security best practices were embedded in every catalog product. Templates enforced encryption, multi‑AZ deployments and least‑privilege IAM roles. Launch constraints prevented unauthorized modifications, and approvals were routed through ServiceNow for production environments. Logs of catalog actions were captured via CloudTrail and analyzed in CloudWatch and AWS X‑Ray for visibility. Sunray used AWS Config Conformance Packs distributed via Service Catalog to continuously assess compliance across accounts and regions.
Benefits and Outcomes
- Rapid environment provisioning – new environments could be launched in under an hour, down from weeks previously.
- Reduced errors – standardized templates and automated tag application decreased misconfigurations by more than 90%.
- Enhanced compliance – use of Conformance Packs and enforced constraints ensured that all resources met HIPAA and PCI requirements.
- Cost transparency – TagOptions and centralized management improved cost tracking and budget adherence.
- Operational efficiency – – integration with CI/CD pipelines and ITSM tools streamlined deployment workflows and reduced manual effort.
By leveraging AWS Service Catalog, Sunray gained a governed self‑service model that empowered its teams to innovate quickly while maintaining strict security and compliance. The solution delivered faster time‑to‑market for new services, more reliable infrastructure and a simplified operational footprint.
