APSIS creates personal and scalable marketing solutions that help companies reach their audience better and grow their business faster.
They are known for always taking responsibility for what they deliver and for always finishing what they’ve set their mind on, providing scalable solutions for data-driven marketing in a complex world.
They have teamed up with multiple leaders in the tech-providing industry to craft the perfect solution for their customers’ needs.
To achieve excellence in their mission for simplifying the workloads of all their clients, APSIS had to overcome some challenges that were becoming an issue on the technical side of things.
Their ambition was to:
- Shift to modern microservice-based, DevOps-as-a-Culture organisation where small cross-functional teams manage the full software development cycle, including doing their own releases and managing large parts of their own Cloud Infrastructure
- Move from a monthly release cycle with week-long code freezes to incremental, multiple-times-per-day releases – while reducing error rates
- Manage to maintain enterprise-grade security and governance
Since most of their products, platforms and solutions are deployed in AWS, they felt the need for moving or reshaping their on-prem CI/CD solution for their frontend services into the cloud.
The end goal would be that they will be more ready to handle the future demands with increased scalability, robustness, high availability, security and performance.
To help our client address all the above-mentioned issues we prepared a solution specifically for their needs.
We decided to move the source code to GitHub and migrate the complete CI/CD for the frontend services to an AWS native pipeline. We organised the environments (stage, beta, prod) in different stages and separated the AWS accounts. Also, we introduced automated tests after deployment on each stage and added approval phases for reviewing/approving/rejecting the build/deploy sequence. To run things even more smoothly, we’ve introduced least privileges AWS cross-account roles and a central AWS CodePipeline.
The central AWS CodePipeline is scripted in CloudFormation, making it even more robust in case of disasters – so it can quickly get up-and-running again. Overall, we are using 99% CloudFormation scripts for all resources and processes.
To approach and improve the audit and security part, we introduced CloudTrail and CloudTrail alarms on each account included in the DevOps processes. The central logging placed in an encrypted AWS S3 bucket account, dedicated to logging only. Finally, we are using Athena for interpreting logs and running queries for audit purposes.
The pipeline source code stage is integrated with GitHub repo and is listening on certain branches, which then launch the pipeline on push, merge, etc.
In addition, the CodeBuild job for stage environment is followed by a test phase with an automated UI testing using Ghost Inspector and then by a manual approval phase – meaning release managers are informed on email or slack whether they should approve/reject a certain release.
After the approval, there is a separate stage for beta environment where we deploy and run all automated UI tests done by Ghost Inspector. Ultimately, we have a final approval phase for approving/rejecting deployment/release to production.
The services we used are the following: CodePipeline, CodeBuild, CloudFormation, CloudFront, S3, Lambda, SNS, CloudTrail, CloudWatch, Parameter store and Secrets manager.
Note: each environment (stage, beta, prod) is hosted on a separate AWS account.
Outcomes of the Project
The results clearly show that now APSIS has better control and insights into their frontend product services. The implemented CI/CD processes resulted in a more confident, secure, robust, scalable and highly available solution.
Other benefits were the efficient CI/CD, the control over all deployment/release approvals, the shorten release times and also shorten build job times.
We achieved an increased number of daily releases, high availability of the CI/CD underlying services while avoiding the single point of failure. We also improved the overall security and audit.