DevOps & Cloud
Secured Fintech platform with EC2, Redis Flavor and Aurora Postgres
Fintech company achieves a platform that meets the necessary requirements in terms of security and high availability.
About the client
Smart Structuring is a blockchain interface that stores trust ledgers in a perpetual, secure and transparent manner.
Smart Structuring was looking for a platform that would allow them to give their services to a larger number of users simultaneously.
They also needeed the application to be divided into two layers: An application layer and a Database Layer, with elasticity, high availability, and security. For initial sizing, since the application was being developed by a third party, Smart Structuring had no knowledge of the amount of resources that the application was going to need. As a result the third party company requested to have 2 virtual machines with 2 VCPU and 8GB of RAM.
Nubiral analyzed the customer pain points and propose to indeed have the application broken down into two layers, for the app layer the services to use were an application load balancer to distribute the traffic evenly between servers, EC2 instances to handle high peaks and high demand, a Bastion Host to allow safe connections to the application to do O&M. Each service in this layer has its own security group configuration.
For the Database layer, Nubiral proposed to use two services, an ElastiCache (Redis Flavor) to handle the frequently queries or consults and Aurora Postgres compatible do to the advantages that the service offers, whether it be the easiness to scale, to handle picks and high volume traffic, and also the ability to perform a failover to the secondary node without affecting the performance of the applications or the end-users.
In terms of security Nubiral decided first to use IAM policies to segregate the access of users to the AWS Console, as a second step to deploy the application and database into private subnets, use a bastion host to allow access to the application hosted in the EC2 instances, and to store the database password in secrets manager. Both the EC2 and the Aurora database have their own security groups.
In terms of networking, the setup configuration was:
– A public subnet for the bastion host and the EC2-APP.
The client had as a result a platform that met the necessary requirements in terms of security, high availability and fault tolerance. Thus, it was able to provide an optimal service to its clients.