Leveraging AWS and Containers to Develop a Secure and Robust Cloud Infrastructure for a Financial Platform
Jun 4, 2016
The need to develop and deploy software solutions when financial information is involved requires a fair amount of diligence and foresight to ensure that the applications that handle personally identifiable information, monetary transactional information, and the transmission of said data are secure. ClearScale knew that in order to meet the needs of one of our clients — a large financial institution — these concerns needed to be taken into account.
Our client approached us and asked that we create a cloud infrastructure for their financial platform. This AWS FinTech platform needed to support application development that leveraged existing microservices. It allowed the application to aid consumers with their financial investments and other financial services, connect to bank accounts, and purchase bonds.
Having the application interact with the microservices was the easier issue, but designing an end-to-end solution for the infrastructure was a complex undertaking. Being an AWS Premier Consulting Partner, ClearScale knew that there were many different ways we could approach this effort and the solution that we ultimately decided on was robust and scalable enough to exceed our client’s requirements.
In this particular instance, we realized we needed to use Docker containers in our solution design, along with Amazon Web Services to support our client’s development efforts. This would allow them to configure their own runtime environments, including choosing which platform to operate under, the programming language of choice their development team needed, and the definition of other application dependencies.
Leveraging AWS Container Services
This AWS FinTech solution is managed through Amazon EC2 Container Service (ECS) which allows running Docker containers on EC2 instances. This allowed their developers to maintain control over their Docker instances while allowing a clean integration with other AWS services such as Elastic Beanstalk, a service that allows for cluster creation, task definition, and execution.
To fully build out and maintain the development environment while allowing access to financial and consumer information, ClearScale implemented the Amazon API Gateway service to enable the micro-services the client was interested in. Using either the web app that had already been provided by the client which managed authentication and authorization information using SAML, or by directly hitting the RESTful API endpoints using the AWS IAM service, the API Gateway allowed for an exchange of information from the micro-services directly into the development environment, all while being encrypted using SSL and leveraging AWS API Keys.
For regulatory requirements and to reduce the number of attacks on the application, the AWS WAF was selected to provide website security. WAF security rules were put in place to provide control over which web application traffic to allow.
Unlike other implementations ClearScale has done, the client did not have a need for AWS Lambda as part of their infrastructure, but we did implement Lambda to aid in the deployment pipeline that the client’s Jenkins Continuous Integration (CI) servers needed, as well as the AWS Simple Notification Service (SNS).
The entire infrastructure environment was implemented in AWS Virtual Private Cloud (VPC) to allow for ease of access behind robust authentication and distributed across multiple physical regional locations for redundancy purposes. In addition, VPC allows for private connections with other AWS services without having to go over the Internet using a NAT device, a VPN connection, or AWS Direct Connect. It further allows communication between VPC and AWS services without impacting network traffic. We configured the Virtual Private Gateway in such a way that it allows the investment platform admin gateway our client chose to initiate the VPN request.
All client static file information was stored in a dedicated Simple Storage Service (S3) bucket and the environment was set up to utilize AWS Elastic Load Balancing (ELB), a load balancer for application and file servers. As the infrastructure environment was built out further, ClearScale also deployed AWS CloudWatch to monitor activity within the environment, as well as CloudTrail to log and audit all transactional information. By implementing and deploying all of this within AWS, we were able to take further advantage of other services, such as CloudFront and ElastiCache which, when utilized together, allowing for more scalability.
Using AWS Relational Database Service (RDS) with a MySQL engine, ClearScale was able to configure encrypted database replication manually through a VPN tunnel. This allowed for a configured RDS MySQL instance in the primary region to be copied over to a similarly configured RDS MySQL instance in a secondary region using the VPN tunnel, thus allowing for data redundancy and recovery should it ever be required. This paradigm allows for a “hot-swap” situation should disaster recovery procedures be initiated with minimal downtime.
See the diagram below for more details:
Delivering a New AWS FinTech Infrastructure
When all was said and done, ClearScale was able to deliver an AWS FinTech solution that allowed our client’s developers to build and test their code on local Docker instances. They then are able to push their code into the development pipeline using AWS CodeCommit, which triggers a notification using AWS SNS. Since CodeCommit cannot directly activate Lambda functions, the SNS trigger acts as the intermediary in this instance and performs this action; this activates the Jenkins build deployed within the AWS VPC. Jenkins pulls the fresh code in from CodeCommit, creates the application build, and runs the necessary tests before finally building the Docker image. Once complete, the Docker image is pushed to the AWS ECR repository and Jenkins sends a notification to Elastic Beanstalk to deploy the new application build.
Breathing life into a solution as complex and robust as the one we delivered for our client is something we at ClearScale do every day. Our developers and solution architects are experts at focusing on our client’s requirements and researching all avenues that will make our client satisfied with the end result. As an AWS Premier Consulting Partner, ClearScale can leverage any number of AWS services to meet and exceed your needs well into the future.
Contact us today to learn more about our AWS cloud containers services.