Project Description

Secure and scalable DevOps

APSIS is adopting DevOps to deliver scalable marketing automation in a faster & more secure way.  

About the client

APSIS delivers scalable marketing automation solutions that help companies reach their audience better and grow their business faster. 

They are known for always taking responsibility for what they deliver and for always finishing what they’ve set their mind on, providing scalable solutions for data-driven marketing in a complex world. 

The ambition to adopt DevOps 

To achieve excellence in their mission for simplifying the workloads of all their clients, APSIS had to overcome some challenges that were becoming an issue on the technical side of things. 

Their ambition was to:  

  • Shift to modern microservice-based, DevOps-as-a-Culture organisation where small cross-functional teams manage the full software development cycle, including doing their own releases and managing large parts of their own Cloud Infrastructure 
  • Move from a monthly release cycle with week-long code freezes to incremental, multiple-times-per-day releases – while reducing error rates 
  • Manage to maintain enterprise-grade security and governance 

Since most of their products, platforms and solutions are deployed in AWS, they felt the need for moving or reshaping their on-prem CI/CD solution for their frontend services into the cloud.

The end goal would be that they will be more ready to handle the future demands with increased scalability, robustness, high availability, security and performance. 

To help our client address all the above-mentioned challenges, we developed a scalable & secure AWS DevOps solution, made specifically for their needs. 

The technology behind it

We decided to move the source code of their platform to GitHub and migrate the complete CI/CD for the frontend services to an AWS native pipeline.  

 We organised the environments (stage, beta, prod) in different stages and separated the AWS accounts. We also introduced automated tests after deployment on each stage and added approval phases for reviewing / approving / rejecting the build / deploy sequence. To run things even more smoothly, we’ve introduced least privileges AWS cross-account roles and a central AWS CodePipeline. 

 The central AWS CodePipeline is scripted in CloudFormation, making it even more robust in case of disasters – so it can quickly get up-and-running again. Overall, we are using 99% CloudFormation scripts for all resources and processes.

To approach and improve the audit and security part, we introduced CloudTrail and CloudTrail Alarms on each account included in the DevOps processes. The central logging placed in an encrypted AWS S3 bucket account, dedicated to logging only. Finally, we are using Athena for interpreting logs and running queries for audit purposes. 

Continued…

The pipeline source code stage is integrated with GitHub repo and is listening on certain branches, which then launch the pipeline on push, merge, etc.

In addition, the CodeBuild job for stage environment is followed by a test phase with an automated UI testing using Ghost Inspector and then by a manual approval phase – meaning release managers are informed on email or slack whether they should approve / reject a certain release.

After the approval, there is a separate stage for the beta environment where we deploy and run all automated UI tests done by Ghost Inspector. Ultimately, we have a final approval phase for approving / rejecting deployment / release to production.

The services we used are the following: CodePipeline, CodeBuild, CloudFormation, CloudFront, S3, Lambda, SNS, CloudTrail, CloudWatch, Parameter Store and Secrets Manager.

The outcome 

The results clearly show that now APSIS has better control and insights into their frontend product services. The implemented CI/CD processes resulted in a more confident, secure, robust, scalable and highly available solution. 

  • Higher efficiency & availability of CI/CD pipelines

  • Increased number of daily releases

  • Shorter release & build job times

  • Full control over all deployment/release approvals

  • Avoiding a single point of failure

  • Improved overall security & audit

Got a project
we can help with?

Get in touch with sales