This is custom heading element
Industry: AWS
The Client: Wealthbird is a Fintech / Financial Services Company, which focuses on empowering Migrant population & other Underserved sections of the Indian economy. Wealthbird caters to a number of services such as Money transfer, Aadhaar Enabled Payment System, Bill payments, Recharge, travel bookings, POS, Insurance, Loans etc. Wealthbird believes in providing services as per 'Where their Consumers need it, when they need it & in the manner they need it'. Together with their network of agents, they speak their consumer's language and have a presence in our consumer's neighborhoods, by reaching extensively into the geographical segments through their 80,000+ Merchants to provide a hassle-free platform for the financial services.
The Challenge
Services from on-premises DC are running fine as of now but the challenges are also there:
- Architecting a cloud infrastructure and migrating the applications, databases, and other related data into the cloud infra
- A CI/CD Pipeline needs to be set up to facilitate the dev team for continuous development.
- Achieving highly secure cloud infrastructure to manage security-related threats.
- Scalability was the biggest challenge for the client which has been removed after opting EKS.
Solution
For every API CI/CD pipeline has been deployed in which code push and pull from the GIT repository. AWS Code pipeline manages the push and pull to/from GIT, AWS Code Build prepares the builds and then the S3 is used to store the build. The AWS Code Deploy, deploying the codes into the UAT, and Production environments.
We have eliminated each challenge by architecting the solution in the AWS cloud platform as:
Staging Environment AZ 1A
Here in the public subnet, the traffic coming to ALB via DNS and WAF and then gets forwarded to the App Server running in public subnet running in AWS EC2.
NAT Gateway is in place to make database server communicate to the internet whenever there is update or any software upgradation.
MYSQL Database is deployed on AWS EC2.
Production Environment AZ 1A
Here in the public subnet, the traffic coming to ALB via DNS and WAF and then gets forwarded to the pods running in AWS Fargate over which 7 pods are running.
NAT Gateway is in place to make private pods and database communicate to the internet whenever there is update or any software upgradation.
Database for MySQL is deployed on AWS EC2.
Security
- We have implemented an AWS WAF and all the traffic from the internet is coming through WAF towards infra.
- All the important instances are in the private subnet so that public access can't be achieved
- For the developer, VPN is provided to access the infra for development-related management and upgradations
- MFA is deployed to ensure the verified access on the infrastructure
- The infrastructure is well architected and as per the best practices of the AWS to achieve the security.
- All the monitoring and notification services are configured like CloudWatch, CloudTrail and SNS.
- AWS Guard duty is configured which is a threat detection service that monitors Foundational data sources such as AWS CloudTrail event logs, AWS CloudTrail management events, Amazon VPC Flow Logs, and DNS logs
- AWS Security Hub is configured to automate security best practice checks, aggregate security alerts into a single place and format, and understand your overall security posture across all your AWS accounts.
- ZAWS Config is configured to continually assess, audit, and evaluate the configuration and relationship of your resources on AWS, on premises, and on other clouds.
Resiliency
- Snapshots are being taken properly with a defined frequency and kept within S3, as-per-required retention period
The Solution/Architecture Diagram
Why AWS?
AWS is designed to allow application providers, ISVs, and vendors to quickly and securely host your applications – whether an existing application or a new SaaS-based application. You can use the AWS Management Console or well-documented web services APIs to access AWS's application hosting platform. AWS utilizes an end-to-end approach to secure and harden our infrastructure, including physical, operational, and software measures. For more information, see the AWS Security Center.
Using AWS tools, Auto Scaling, and Elastic Load Balancing, your application can scale up or down based on demand. Backed by Amazon's massive infrastructure, you have access to compute and storage resources when you need them. With AWS, you take advantage of a scalable, reliable, and secure global computing infrastructure, the virtual backbone of Amazon.com's multi-billion dollar online business that has been honed for over a decade.
Why i2k2
As an AWS Advanced Consulting Partner & Managed Amazon cloud services provider, i2k2 provides comprehensive folio of cloud solutions along with prompt and reliable support. Our partnership with AWS goes several years back, even before we formalized our association with the company in 2013. Key reason to choose i2k2 was 20 years of proven business. Talent is vast due to extensive IT exposure in India.
About i2k2 Networks
i2k2 Networks is the No.1 Dedicated Web Hosting company in India and a trusted name in the IT cloud hosting services industry that offers a full gamut of cutting edge enterprise solutions which drive business in today's Internet-powered world. Our folio includes Dedicated Servers, Cloud Hosting- Public, Private and Hybrid, Data Center Services, Business Email Solutions, Managed IT Services, Backup, and DR Solutions, DevOps Services, Cloud Enablement, Enterprise Hardware solutions, and various other integrated services. A team of dedicated and professionally driven IT experts conversant with diverse client requirements are available 24x7x365 to provide extended support. With superior technologies to host, design and develop high-quality websites and applications, we ensure to deliver unmatched value to our clients.