One of the main project goals was to ensure the stability and availability of the client’s application through adequate environment design on the AWS cloud and utilisation of automation tools. Given that the application collects sensitive data such as financial, medical, and personal data, the security of the hosting environment was a critical aspect of the project.
Presta developed a cloud-native application for out-of-pocket expenses (OoPE) reimbursement, which required an infrastructure environment on the AWS cloud. The company decided to engage Mainstream for this project due to our previous successful collaboration and proven expertise in AWS cloud, DevOps processes, and tools implementation.
With a focus on rapid development cycle and autonomy in resource configuration, Mainstream leveraged a combination of Terraform, Kubernetes, and GitHub technologies.
1. Using Terraform, we set up development and staging environments without relying Terraform modules – we manually configured the components of each resource (ECR, EKS, IAM, RDS, REDIS, S3, etc.). Our team recommended Terraform to automate the processes of setting up, updating, and scaling resources, thereby reducing the possibility of errors and speeding up IT infrastructure delivery.
2. For each environment, we created one Kubernetes cluster in two different regions. To ensure the security of the application which processes sensitive data and must not have internet access, we configured access so that only our team and the client’s development team could access instances and servers. This was achieved using one bastion instance serving as the sole access point for authorized users.
3. To automate the deployment of code to the Kubernetes cluster, we created a GitHub Actions workflow, ensuring that all code changes are immediately implemented in the production environment, providing a significant advantage: faster publication of code changes.
Given that the client’s business is based in the United States and the application is subject to local regulations, including the SOC 2 data protection standard, one of the critical project requirements was to establish a secure environment. Through close cooperation with the client, implementation. of the most rigorous security standards, and thorough checks of all implemented mechanisms, all requirements were successfully met. The application passed an audit which included automated security checks and manual reviews of aspects such as AWS and GitHub, as well as a CI/CD design review.
Our security engagement included:
In addition to the mentioned activities and measures, we used the Kubernetes Sealed Secrets tool for encrypting sensitive data.
Our previous experience working with Presta resulted in smooth communication between our teams, leading to the swift realization of the project. Mainstream teams’ expertise in applying the AWS well-architected framework during infrastructure design, combined with recommendations for leveraging automation tools such as Terraform, enabled the client to achieve their goals: a stable, available, and flexible environment for their application.
Contact us at sales@mainstream.eu or fill out our contact form.
How Gigatron, a leading e-commerce operator, achieved IT infrastructure stability, scalablity and security with Mainstream Managed Hosting.
Halo Oglasi’s road to IT modernisation Halo Oglasi had an old application that was maintained by an external partner and
Intelisale, the developer of an advanced B2B omnichannel platform, relied on Mainstream’s expertise for the migration and management of Microsoft Azure subscription.
Mainstream is the largest provider of innovative cloud solutions and managed hosting services with a network of 8+ data centers in Southeast Europe.
Mainstream 2012-2024 All rights reserved.
