Building a Stable, Flexible, and Secure Environment on AWS for a Cloud-Native Application  

One of the main project goals was to ensure the stability and availability of the client’s application through adequate environment design on the AWS cloud and utilisation of automation tools. Given that the application collects sensitive data such as financial, medical, and personal data, the security of the hosting environment was a critical aspect of the project. 

Results   

  • Security: In accordance with the client’s requirements, Mainstream designed an environment that was compliant with the SOC 2 standard. 
  • Simplicity and Faster Development: Easier and faster development of new features with automated infrastructure provisioning and expertly designed CI/CD pipeline. 
  • Scalability: Enabled automated scaling of Kubernetes clusters using AWS EKS managed service.   

Development of the AWS Environment for Hosting the OoPE Application   

Presta developed a cloud-native application for out-of-pocket expenses (OoPE) reimbursement, which required an infrastructure environment on the AWS cloud. The company decided to engage Mainstream for this project due to our previous successful collaboration and proven expertise in AWS cloud, DevOps processes, and tools implementation. 

Approach and Technologies   

With a focus on rapid development cycle and autonomy in resource configuration, Mainstream leveraged a combination of Terraform, Kubernetes, and GitHub technologies.

1. Using Terraform, we set up development and staging environments without relying Terraform modules – we manually configured the components of each resource (ECR, EKS, IAM, RDS, REDIS, S3, etc.). Our team recommended Terraform to automate the processes of setting up, updating, and scaling resources, thereby reducing the possibility of errors and speeding up IT infrastructure delivery. 

2. For each environment, we created one Kubernetes cluster in two different regions. To ensure the security of the application which processes sensitive data and must not have internet access, we configured access so that only our team and the client’s development team could access instances and servers. This was achieved using one bastion instance serving as the sole access point for authorized users. 

3. To automate the deployment of code to the Kubernetes cluster, we created a GitHub Actions workflow, ensuring that all code changes are immediately implemented in the production environment, providing a significant advantage: faster publication of code changes. 

Security in Focus  

Given that the client’s business is based in the United States and the application is subject to local regulations, including the SOC 2 data protection standard, one of the critical project requirements was to establish a secure environment. Through close cooperation with the client, implementation. of the most rigorous security standards, and thorough checks of all implemented mechanisms, all requirements were successfully met. The application passed an audit which included automated security checks and manual reviews of aspects such as AWS and GitHub, as well as a CI/CD design review.

Our security engagement included: 

  • CVE vulnerability check on all ECR images 
  • Elastic Load Balancer encryption in transit 
  • Integration of CloudTrail with CloudWatch logs 
  • CloudTrail S3 bucket MFA (verification of all rules within security groups) 
  • WAF and Internal Firewall review 
  • IDS/IPS configuration review 
  • Configuration of AWS Macie for detecting potential risks within S3 buckets 
  • Configuration of AWS Inspector for scanning potential security risks on containers 

In addition to the mentioned activities and measures, we used the Kubernetes Sealed Secrets tool for encrypting sensitive data.   

Results  

Our previous experience working with Presta resulted in smooth communication between our teams, leading to the swift realization of the project. Mainstream teams’ expertise in applying the AWS well-architected framework during infrastructure design, combined with recommendations for leveraging automation tools such as Terraform, enabled the client to achieve their goals: a stable, available, and flexible environment for their application.

"When it comes to planning, deploying and optimizing public cloud infrastructure, Mainstream has been our choice for almost 10 years. From verifying a production-ready cloud environment to ensuring maximum uptime and peak application performance, their team provided end-to-end expertise to get the most out of any public cloud.”

Vladeta Radovanović

CEO

Discover how Mainstream can improve your business.

Contact us at sales@mainstream.eu or fill out our contact form.

Other case studies

Designing and building a hosting solution for an advanced e-commerce

How Gigatron, a leading e-commerce operator, achieved IT infrastructure stability, scalablity and security with Mainstream Managed Hosting.

Web platform modernisation: Stabilisation, Scalablity, Reliability

Halo Oglasi’s road to IT modernisation   Halo Oglasi had an old application that was maintained by an external partner and

Intelisale: Migration and management of Microsoft Azure subscription

Intelisale, the developer of an advanced B2B omnichannel platform, relied on Mainstream’s expertise for the migration and management of Microsoft Azure subscription.