{"id":29310,"date":"2024-08-07T13:03:12","date_gmt":"2024-08-07T13:03:12","guid":{"rendered":"https:\/\/mainstream.eu\/?post_type=case-studies&#038;p=29310"},"modified":"2024-08-27T09:13:25","modified_gmt":"2024-08-27T09:13:25","slug":"presta","status":"publish","type":"case-studies","link":"https:\/\/mainstream.eu\/en\/case-studies\/presta","title":{"rendered":"Building a Stable, Flexible, and Secure Environment on AWS for a Cloud-Native Application\u00a0\u00a0"},"content":{"rendered":"\n<div class=\"wp-block-group is-nowrap is-layout-flex wp-container-core-group-is-layout-ad2f72ca wp-block-group-is-layout-flex\">\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/mainstream.eu\/en\/case-studies\/presta\/#Goals\" >Goals<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/mainstream.eu\/en\/case-studies\/presta\/#Results\" >Results&nbsp;&nbsp;&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/mainstream.eu\/en\/case-studies\/presta\/#Development_of_the_AWS_Environment_for_Hosting_the_OoPE_Application\" >Development of the AWS Environment for Hosting the OoPE Application&nbsp;&nbsp;&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/mainstream.eu\/en\/case-studies\/presta\/#Approach_and_Technologies\" >Approach and Technologies&nbsp;&nbsp;&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/mainstream.eu\/en\/case-studies\/presta\/#Security_in_Focus\" >Security in Focus&nbsp;&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/mainstream.eu\/en\/case-studies\/presta\/#Results-2\" >Results\u00a0\u00a0<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Goals\"><\/span>Goals<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<\/div>\n\n\n\n<p>One of the main project goals was to ensure the stability and availability of the client&#8217;s application through adequate environment design on the AWS cloud and utilisation of automation tools. Given that the application collects sensitive data such as financial, medical, and personal data, the security of the hosting environment was a critical aspect of the project.\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Results\"><\/span><strong>Results&nbsp;&nbsp;<\/strong>&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Security: In accordance with the client&#8217;s requirements, Mainstream designed an environment that was compliant with the SOC 2 standard.\u00a0<br><\/li>\n\n\n\n<li>Simplicity and Faster Development: Easier and faster development of new features with automated infrastructure provisioning and expertly designed CI\/CD pipeline.\u00a0<br><\/li>\n\n\n\n<li>Scalability: Enabled automated scaling of Kubernetes clusters using AWS EKS managed service.&nbsp;&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"593\" src=\"https:\/\/mainstream.eu\/wp-content\/uploads\/2024\/07\/presta-laptop.jpg\" alt=\"\" class=\"wp-image-28587\" srcset=\"https:\/\/mainstream.eu\/wp-content\/uploads\/2024\/07\/presta-laptop.jpg 1000w, https:\/\/mainstream.eu\/wp-content\/uploads\/2024\/07\/presta-laptop-300x178.jpg 300w, https:\/\/mainstream.eu\/wp-content\/uploads\/2024\/07\/presta-laptop-768x455.jpg 768w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Development_of_the_AWS_Environment_for_Hosting_the_OoPE_Application\"><\/span><strong><strong>Development of the AWS Environment for Hosting the OoPE Application&nbsp;<\/strong>&nbsp;<\/strong>&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Presta developed a cloud-native application for out-of-pocket expenses (OoPE) reimbursement, which required an infrastructure environment on the AWS cloud. The company decided to engage Mainstream for this project due to our previous successful collaboration and proven expertise in AWS cloud, DevOps processes, and tools implementation.\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-text-align-left\"><span class=\"ez-toc-section\" id=\"Approach_and_Technologies\"><\/span><strong>Approach and Technologies&nbsp;&nbsp;<\/strong>&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>With a focus on rapid development cycle and  autonomy in resource configuration, Mainstream leveraged a combination of Terraform, Kubernetes, and GitHub technologies. <\/p>\n\n\n\n<p>1. Using Terraform, we set up development and staging environments without relying Terraform modules \u2013 we manually configured the components of each resource (ECR, EKS, IAM, RDS, REDIS, S3, etc.). Our team recommended Terraform to automate the processes of setting up, updating, and scaling resources, thereby reducing the possibility of errors and speeding up IT infrastructure delivery.\u00a0<\/p>\n\n\n\n<p>2. For each environment, we created one Kubernetes cluster in two different regions. To ensure the security of the application which processes sensitive data and must not have internet access, we configured access so that only our team and the client&#8217;s development team could access instances and servers. This was achieved using one bastion instance serving as the sole access point for authorized users.\u00a0<\/p>\n\n\n\n<p>3. To automate the deployment of code to the Kubernetes cluster, we created a GitHub Actions workflow, ensuring that all code changes are immediately implemented in the production environment, providing a significant advantage: faster publication of code changes.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Security_in_Focus\"><\/span><strong>Security in Focus&nbsp;<\/strong>&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Given that the client&#8217;s business is based in the United States and the application is subject to local regulations, including the SOC 2 data protection standard, one of the critical project requirements was to establish a secure environment. Through close cooperation with the client, implementation. of the most rigorous security standards, and thorough checks of all implemented mechanisms, all requirements were successfully met. The application passed an audit which included automated security checks and manual reviews of aspects such as AWS and GitHub, as well as a CI\/CD design review.<\/p>\n\n\n\n<p><strong>Our security engagement included:&nbsp;<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CVE vulnerability check on all ECR images&nbsp;<\/li>\n\n\n\n<li>Elastic Load Balancer encryption in transit&nbsp;<\/li>\n\n\n\n<li>Integration of CloudTrail with CloudWatch logs&nbsp;<\/li>\n\n\n\n<li>CloudTrail S3 bucket MFA (verification of all rules within security groups)&nbsp;<\/li>\n\n\n\n<li>WAF and Internal Firewall review&nbsp;<\/li>\n\n\n\n<li>IDS\/IPS configuration review&nbsp;<\/li>\n\n\n\n<li>Configuration of AWS Macie for detecting potential risks within S3 buckets&nbsp;<\/li>\n\n\n\n<li>Configuration of AWS Inspector for scanning potential security risks on containers&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><strong>In addition to the mentioned activities and measures, we used the Kubernetes Sealed Secrets tool for encrypting sensitive data.&nbsp;&nbsp;&nbsp;<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Results-2\"><\/span><strong> Results\u00a0<\/strong>\u00a0<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Our previous experience working with Presta resulted in  smooth communication between our teams, leading to the swift realization of the project. Mainstream teams&#8217; expertise in applying the AWS well-architected framework during infrastructure design, combined with recommendations for leveraging automation tools such as Terraform, enabled the client to achieve their goals: a stable, available, and flexible environment for their application.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignleft size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"500\" src=\"https:\/\/mainstream.eu\/wp-content\/uploads\/2024\/07\/5_years_in_Presta_digital_agency.png\" alt=\"\" class=\"wp-image-28591\" style=\"width:443px;height:auto\" srcset=\"https:\/\/mainstream.eu\/wp-content\/uploads\/2024\/07\/5_years_in_Presta_digital_agency.png 700w, https:\/\/mainstream.eu\/wp-content\/uploads\/2024\/07\/5_years_in_Presta_digital_agency-300x214.png 300w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/><\/figure>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>The previous experience of working with Presta resulted in a quick agreement and coordinated communication between our teams, and thus in the quick realization of the project.<\/p>\n","protected":false},"featured_media":30169,"template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[211,217],"class_list":["post-29310","case-studies","type-case-studies","status-publish","has-post-thumbnail","hentry","category-aws-2","category-cloud-troskovi"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Building a Stable, Flexible, and Secure Environment on AWS for a Cloud-Native Application\u00a0\u00a0 - Mainstream<\/title>\n<meta name=\"description\" content=\"Read how an AI startup improved application availability and reduced AWS infrastructure costs by 30%.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/mainstream.eu\/en\/case-studies\/presta\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Building a Stable, Flexible, and Secure Environment on AWS for a Cloud-Native Application\u00a0\u00a0 - Mainstream\" \/>\n<meta property=\"og:description\" content=\"Read how an AI startup improved application availability and reduced AWS infrastructure costs by 30%.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/mainstream.eu\/en\/case-studies\/presta\/\" \/>\n<meta property=\"og:site_name\" content=\"Mainstream\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-27T09:13:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/mainstream.eu\/wp-content\/uploads\/2024\/06\/blockade-labs-800.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/mainstream.eu\\\/en\\\/case-studies\\\/presta\\\/\",\"url\":\"https:\\\/\\\/mainstream.eu\\\/en\\\/case-studies\\\/presta\\\/\",\"name\":\"Building a Stable, Flexible, and Secure Environment on AWS for a Cloud-Native Application\u00a0\u00a0 - Mainstream\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/mainstream.eu\\\/sr\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/mainstream.eu\\\/en\\\/case-studies\\\/presta\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/mainstream.eu\\\/en\\\/case-studies\\\/presta\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/mainstream.eu\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/presta-case-study.svg\",\"datePublished\":\"2024-08-07T13:03:12+00:00\",\"dateModified\":\"2024-08-27T09:13:25+00:00\",\"description\":\"Read how an AI startup improved application availability and reduced AWS infrastructure costs by 30%.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/mainstream.eu\\\/en\\\/case-studies\\\/presta\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/mainstream.eu\\\/en\\\/case-studies\\\/presta\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/mainstream.eu\\\/en\\\/case-studies\\\/presta\\\/#primaryimage\",\"url\":\"https:\\\/\\\/mainstream.eu\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/presta-case-study.svg\",\"contentUrl\":\"https:\\\/\\\/mainstream.eu\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/presta-case-study.svg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/mainstream.eu\\\/en\\\/case-studies\\\/presta\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/mainstream.eu\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Building a Stable, Flexible, and Secure Environment on AWS for a Cloud-Native Application\u00a0\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/mainstream.eu\\\/sr\\\/#website\",\"url\":\"https:\\\/\\\/mainstream.eu\\\/sr\\\/\",\"name\":\"Mainstream\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/mainstream.eu\\\/sr\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Building a Stable, Flexible, and Secure Environment on AWS for a Cloud-Native Application\u00a0\u00a0 - Mainstream","description":"Read how an AI startup improved application availability and reduced AWS infrastructure costs by 30%.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/mainstream.eu\/en\/case-studies\/presta\/","og_locale":"en_US","og_type":"article","og_title":"Building a Stable, Flexible, and Secure Environment on AWS for a Cloud-Native Application\u00a0\u00a0 - Mainstream","og_description":"Read how an AI startup improved application availability and reduced AWS infrastructure costs by 30%.","og_url":"https:\/\/mainstream.eu\/en\/case-studies\/presta\/","og_site_name":"Mainstream","article_modified_time":"2024-08-27T09:13:25+00:00","og_image":[{"width":800,"height":400,"url":"https:\/\/mainstream.eu\/wp-content\/uploads\/2024\/06\/blockade-labs-800.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/mainstream.eu\/en\/case-studies\/presta\/","url":"https:\/\/mainstream.eu\/en\/case-studies\/presta\/","name":"Building a Stable, Flexible, and Secure Environment on AWS for a Cloud-Native Application\u00a0\u00a0 - Mainstream","isPartOf":{"@id":"https:\/\/mainstream.eu\/sr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/mainstream.eu\/en\/case-studies\/presta\/#primaryimage"},"image":{"@id":"https:\/\/mainstream.eu\/en\/case-studies\/presta\/#primaryimage"},"thumbnailUrl":"https:\/\/mainstream.eu\/wp-content\/uploads\/2024\/08\/presta-case-study.svg","datePublished":"2024-08-07T13:03:12+00:00","dateModified":"2024-08-27T09:13:25+00:00","description":"Read how an AI startup improved application availability and reduced AWS infrastructure costs by 30%.","breadcrumb":{"@id":"https:\/\/mainstream.eu\/en\/case-studies\/presta\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/mainstream.eu\/en\/case-studies\/presta\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mainstream.eu\/en\/case-studies\/presta\/#primaryimage","url":"https:\/\/mainstream.eu\/wp-content\/uploads\/2024\/08\/presta-case-study.svg","contentUrl":"https:\/\/mainstream.eu\/wp-content\/uploads\/2024\/08\/presta-case-study.svg"},{"@type":"BreadcrumbList","@id":"https:\/\/mainstream.eu\/en\/case-studies\/presta\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/mainstream.eu\/en\/"},{"@type":"ListItem","position":2,"name":"Building a Stable, Flexible, and Secure Environment on AWS for a Cloud-Native Application\u00a0\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/mainstream.eu\/sr\/#website","url":"https:\/\/mainstream.eu\/sr\/","name":"Mainstream","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/mainstream.eu\/sr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/mainstream.eu\/en\/wp-json\/wp\/v2\/case-studies\/29310","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mainstream.eu\/en\/wp-json\/wp\/v2\/case-studies"}],"about":[{"href":"https:\/\/mainstream.eu\/en\/wp-json\/wp\/v2\/types\/case-studies"}],"version-history":[{"count":0,"href":"https:\/\/mainstream.eu\/en\/wp-json\/wp\/v2\/case-studies\/29310\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mainstream.eu\/en\/wp-json\/wp\/v2\/media\/30169"}],"wp:attachment":[{"href":"https:\/\/mainstream.eu\/en\/wp-json\/wp\/v2\/media?parent=29310"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mainstream.eu\/en\/wp-json\/wp\/v2\/categories?post=29310"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}