The client – a Leading Tier 1 European Investment and Retail Bank, was creating a new digital banking app. With its enormous client base and sensitive data, the app backend is complex and requires careful planning from a DevSecOps standpoint. Coupled with a complex organization, the project was not progressing as expected.
Technically, there were multiple hurdles that the client developers faced: deployment time was high, meaning that new changes and bug-fixes were hard to ship. Code changes were messy because of a large, monolithic architecture. Both of these issues stemmed from the lack of proper cloud architecture.
As a result, the backend had many performance issues and outages. Most crucially, internal security checks were not passing, and there was no way for the product to launch in time.
We worked directly with the client’s lead solutions architect to redesign his vision into specific, actionable AWS architecture specifications. We reduced the number of services and components, greatly simplifying the system. Specifically, services and components with no business use case were removed from the solution design.
Having simplified and refined the design, we distilled components into distinct microservices, and specified the interfaces between the services. Cloud native components were used to maximal effect.
We then worked with internal teams to distribute project items, clarifying the use cases supported both by the overall system, and the particular microservices.
The following diagram illustrates the implemented solution, as presented at Re:Invent 2018.
The backend successfully launched only after our redesign. It was a cloud first, serverless real-time event processing and alerting platform. Running entirely using cloud-native components, the stack ingests and performs advanced analytics on over 35 million events per hour.
Continuous integration and continuous deployment (also known as CI/CD) was crucial to the improvement in development speed. We dramatically improved the iteration time from code to QA from 2 weeks to over 100 pushes a day.
External penetration testing firms came in to audit the system. Working alongside the client’s internal security team, they awarded the system with their best assessment – there was nothing to fix.