Cloud managed services for innovators and startups
When we talk about cloud managed services, tech startups are the heroes and protagonists of corporate America. Their innovations and persistent hard work empowers the ever growing demands of every industry, along with earning them the well deserved trust of outside investors.
The investors put additional requirements on these startups to reduce the time-to-market for these innovations to gain an edge over their competitors.
High Plains Computing (HPC) enables the budding startups to reduce the time-to-market for their products by empowering startups’ engineers with cloud managed services, tools and skills to create infrastructure for their application needs that:
- Can be developed quickly
- Tested early and efficiently
- Released Early
This short case study describes how we achieved the above mentioned pointers for one of our clients.
Background and Challenge
HPC was engaged by a startup that was planning to develop a very comprehensive web based mental healthcare solution that ensures quick and efficient delivery of services at their clients doorsteps.
The client assembled a high energy and talented team of product/project managers, development leads, and full-stack developers to build this web application. At the time of the HPC team’s engagement, the application had already met most of the primary requirements laid out by stakeholders/investors.
Client however had limited budget, knowledge and skills to turn this application into a highly secure, scalable, reliable, and production-ready cloud managed service.
After completing a complimentary review of business objectives, plans, and release dates, HPC team found the following:
- Build and release pipelines were to be optimized such that the released application makes it quickly to QA and various other test teams, so that it can be released to production fast.
- Implementation of automated infrastructure provisioning was needed so that the project management team can provision/scale-up/scale-down their Dev/QA/Performance environments as needed.
- Cost of provisioned cloud managed services and resources far exceeds the allocated budget.
The HPC Team took a multipronged approach to address the needs of the project:
- Engaged AWS Partner alliance team and secured the maximum possible AWS credits for the client’s POC work, as well as AWS infrastructure funding that is offered by AWS programs for the most innovative tech startups. This is accomplished by building and completing all paperwork and process requirements setup by AWS.
- HPC tech lead worked with client architects/dev-leads to understand the current application development workflows, limitations/roadblocks, and technical challenges. Once a complete understanding of the environment was stated, HPC team quickly provided a comprehensive technical solution to rectify identified issues.
The next section elaborates HPC technical solution
Following diagram illustrates the technical solution we devised to get a solution to production readiness. The illustration below shows a set of software development pipelines we set up to speed up development process
Salient Points of our solution are:
- We used a Terraform module that would read a template file and generate a continuous build/deploy (CI/CD) release system for client projects. Many projects with different technology stack were CI/CD enabled via this reusable template.
- We used AWS CodeCommit repos for source code management. The client was already using AWS single-sign-on for authentication purposes, so CodeCommit offered least administrative overhead as compared to all other available options for git based source code management system.
- We used AWS CodeBuild to build application images. AWS CodeBuild is a fully managed and serverless declarative build system. This retired the old Jenkins pipelines and reduced a lot of admin overhead to maintain, patch, and secure Jenkins server.
- AWS CodePipeline is a declarative and visual way of releasing and approving the release of software in new environments. We added steps that would ensure the release environments are properly initialized and match with terraform state. With this changing , scaling-up , or scaling-down an environment becomes as simple as making a change in terraform scripts and commit it in the git repository.
- Private ECS repo was used to build, store, and tag application images. This allowed rollback and roll-forward of application release without any application downtime.
- ECS Cluster was used to run applications. Please see the next diagram and related notes for more info on ECS.
Following figure shows the deployed final solution:
- AWS CloudFront based Content distribution network (CDN) provided caching to enhance application performance, and reduced data transfer costs.
- Web Application Firewall (WAF) protects applications from vulnerabilities and exploits such as SQL injection/cross scripting and top vulnerabilities as Identified by PCI DSS. It also protected applications from denial of service attacks.
- Web Application Load Balancer (ALB) made applications available to global traffic as ECS Cluster operates in inaccessible private networks. ALB would balance traffic between multiple availability zones of a region to make solutions reliable and highly available.
- An ECS Cluster app which shows scalability, HIPAA compliance, and minimal operational costs. Fargate was chosen as a compute provider that ensured clients don’t have to patch and maintain a fleet of EC2 Virtual machines and it significantly reduced surface area for OS level security vulnerabilities for exploitation. The exponential increase in zero day attacks and CVE notifications to patch OS means , client is future-proofing itself from future operational costs by choosing fargate. The build pipelines would scan containerized application images for any vulnerability.
- RDS is a scalable, secure, and highly reliable database service which eliminates any need for a dedicated DBA.
- AWS Managed services including DNS records and certificate manager simplified environment creation using Terraform. SSM Store Parameters, and AWS Secrets Manager were used for environment agnostic mechanisms to store environment variables and secrets . AWS Cloud Watch monitoring and log aggregate were used to manage the application.
AWS Cloud managed services by HPC
At HPC, we specialize in launching all sorts of applications in the AWS. Our team of AWS DevOps is dedicated to AWS automation using Infrastructure as code, AWS security, and setting up dev environments on AWS. Our team has built/accumulated a vast repository of Terraform modules that are pre-tested and can provision infrastructure for any application or service within days/weeks rather than months.
Our AWS Certified Solution Architect professional and DevOps professional staff will ensure all AWS infrastructure code, as well as the application that is getting deployed, follow “AWS well Architected” program guidelines and best practices to achieve operational excellence, security, reliability of operation, cost efficiency, and sustainability.
High Plains Computing (HPC) professionals work with your team to deploy your amazing application on AWS infrastructure.
Committed to delivering the best
Thousands of AWS and CNCF-certified Kubernetes solution partners have unique expertise and focus areas. Our focus is on best practices in security, automation, and excellence in Cloud operations.
Please reach out to us if you have any questions.