Goal
Vive – a promising new player on the financial market – empowers consumers to create the life they aim for by enabling them to shape their future financially. Using their innovative mobile app and platform consumers can create and manage the best possible investment strategies for all their financial goals and dreams. Vive uses the power of Cloud technology to let consumers comfortably and reliably reach their investment goals.
Proper security of their app is key, since Vive operates in a highly regulated sector. They chose AWS as their Public Cloud platform, which helped Vive comply with the security baseline benchmarks required to obtain an investment license.
People
Vive selected CloudNation to help improve its service architecture and to implement security best practices. The project involved generating their services and infrastructure using Infrastructure-as-Code. A newly created AWS organization was used to isolate workload environments. Furthermore, security guardrails were implemented to prevent misconfiguration.
CloudNation and Vive engineers worked side-by-side to create a deployment strategy that grants Vive maximum flexibility and ease of management. Additionally, CloudNation helped Vive develop their knowledge of security best practices, enabling them to maintain high security standards themselves.
Tech
The business requirement for reliable service deployments resulted in the choice for AWS Elastic Container Service for Vive workloads. CloudNation created the infrastructure for deploying Vive’s existing services using Infrastructure-of-Code.
By creating standardised CI/CD pipelines, CloudNation connected Vive’s existing codebases with the newly built AWS environment, enabling Vive development teams to have more control over their software deployments. In addition, the new CI/CD pipelines enabled Vive to automatically perform infrastructure deployments, in a safe, fast, and predictable manner.
Our Challenge
The Vive-Cloudnation challenge consisted of two parts. First, Vive’s workloads had to be containerized and deployed to AWS Fargate. The deployment of the Vive services needs to be flexible, requiring them to be independent of each other and of their underlying infrastructure, while remaining scalable. Fargate was the ideal solution to achieve this and remain a proper security posture without management overhead.
Secondly, Proper secret management needed to be designed for the services. Also, the Principle of Least Privilege had to be correctly implemented for the Vive services permissions. This was achieved using AWS KMS and Secrets Manager, which integrate seamlessly with the AWS services chosen to be used in the Vive landscape, such as AWS RDS.
Tools & Skills
The Vive environment is a combination of the following automation tooling and services:
- AWS Elastic Container Service
- AWS Elastic Load Balancing
- AWS Secrets Manager
- AWS Key Management Service
- AWS Config
- AWS CodePipeline
- AWS Fargate
- AWS Security Hub
- AWS SSO
- Bitbucket Pipelines OIDC Provider