Cases – App Modernisation
Galax Pay: Migração para nuvem garante mega investimento para a empresa
Sobre a Galax Pay
Galax Pay é uma plataforma automatizada de gerenciamento de cobranças de cartão de crédito, boletos e pix. Como uma fintech brasileira, a Galax Pay é integrada às operadoras de cartão de crédito para facilitar o processo de cobranças recorrentes. A plataforma ainda oferece acesso a relatórios completos de dados de vendas, gateway de pagamentos para faturas únicas, relatórios customizáveis, gerenciamento automatizado e outras ferramentas que facilitam a gestão de faturamento.
A empresa entendeu que um dos maiores desafios enfrentados pelos empresários brasileiros é a dificuldade de previsibilidade financeira, o que impede investimentos e melhorias em seus negócios. Assim, o sistema de pagamento financeiro Galax Pay foi criado com o objetivo de acabar com esse problema, oferecendo às empresas segurança no recebimento de seus pagamentos mensais.
Em 2015, a inadimplência crescia a uma taxa alarmante em decorrência de uma crise econômica que atingiu o país. Foi então que Márcio Vinícius, atual CEO da Galax Pay, entendeu que era fundamental aprimorar os processos de cobrança e recebimento das empresas. A Galaxy Pay surgiu em um momento em que nenhuma companhia oferecia serviço de pagamento automático de cartão de crédito a um custo acessível para os clientes.
Sobre o sistema
O principal objetivo do Galax Pay é simplificar o gerenciamento de pagamentos através da automação e facilitar os processos de recebimento de pagamentos únicos e recorrentes. Atuando como um intermediário entre bancos, empresas e clientes, a plataforma Galax Pay possibilita que pagamentos sejam efetuados e recebidos por intermédio de vários métodos – incluindo débito direto autorizado e Pix, plataforma gratuita de pagamentos eletrônicos instantâneos administrada pelo Banco Central do Brasil.
A Galax Pay facilita a comunicação das companhias com seus clientes finais, além de oferecer controle total sobre todos os pagamentos por meio de relatórios. Atualmente, a Galax Pay processa mais de R$45 milhões mensais e atende mais de 2.700 clientes.
O Desafio da Empresa
O crescimento inicial da Galax Pay foi lento em decorrência de restrições em sua infraestrutura que estava hospedada on-premise. Problemas diários que a infraestrutura apresentava demandavam quase todo o foco da equipe, reduzindo o tempo disponibilizado para desenvolver a solução.
O time da Galaxy Pay tinha 27 pessoas, e pelo menos 10 delas tinham envolvimento direto com o lançamento dos processos, monitoramento de ambiente e criação de ambiente de teste e validação. Além disso, outros departamentos da empresa operavam com uma equipe muito enxuta, o que resultou na dificuldade de crescimento – pois quando se tem uma estrutura on-premise, quanto mais desenvolvedores são contratados, mais a estrutura tem que crescer para acomodá-los.
A ausência de implantações automatizadas (CI/CD pipelines) e de estratégias de implantação fizeram com que novas versões da aplicação se tornassem amplamente indisponíveis. O repositório estava sendo utilizado indevidamente – os conceitos dos branches de desenvolvimento do GitLab estavam sendo aplicados incorretamente. Na ausência de containers era necessária uma configuração na máquina do desenvolvedor (por aplicação), o que gerou problemas relacionados à disponibilidade no ambiente final. Isso acabou por envolver diretamente os ambientes criados em uma relação de ambiente de desenvolvimento versus ambiente de teste, levando a uma grande necessidade de ambientes de testes e uma grande quantidade de fusões até que uma versão pudesse ser produzida.
Um pacote gerado manualmente foi disponibilizado no servidor, sem nenhum tapete de integração (CI) ou de disponibilidade (CD) e sem nenhuma estratégia de implantação definida – como por exemplo, uma estratégia de implantação verde azul. Ao mesmo tempo, foi liberada uma versão distribuída a todos os clientes.
A maior parte dos lançamentos causou interrupção no serviço para o cliente final, o que pode custar muito caro para a reputação de uma fintech – há uma diminuição da percepção de eficiência e confiabilidade da empresa. Além disso, o próprio uso de repositórios no GitLab e a estratégia de ambientes non-prod também precisavam ser revistos para que a empresa pudesse gerenciar o controle de qualidade por meio do uso de ambientes de teste e aumentar a velocidade dos lançamentos por meio da automação.
A fintech também precisava estar em conformidade com as normas de PCI DSS no setor de pagamentos para atestar o seu comprometimento com o Padrão de Segurança de Dados da Indústria de Pagamento com Cartão. Embora ter um ambiente seguro seja o primeiro passo para obedecer aos padrões de segurança da indústria, o que realmente conta é a capacidade de se manter continuamente em cumprimento dessas regras.
Foi nesse contexto que a Galax Pay procurou a DNX para assessorar na migração de sua estrutura on-prem para a nuvem, algo que possibilitaria o crescimento que a empresa almejava. Através dessa transformação, a DNX influenciou diretamente na habilidade da Galax Pay de atrair investidores e escalar o seu crescimento comercial agregado ao aumento do investimento – resultando em um investimento da CelCoin.
O Processo
- Fase de Avaliação
Através de briefings executivos, a DNX entendeu e catalogou a infraestrutura existente na Galax Pay. Essa etapa exige muita habilidade e é uma parte crítica na jornada de migração. Contudo, ela permitiu que a equipe da DNX não apenas entendesse as dependências e problemas comuns no ambiente, como também estimasse um Custo Total de Propriedade (TCO), aumentando a visão da Galax Pay sobre o seu próprio negócio. Terminada essa fase, a DNX identificou os recursos e aplicações necessárias para realizar a migração.
A DNX também identificou redundâncias e recursos subutilizados, incluindo base de dados que foram replicadas em vários servidores e máquinas compradas para atender demandas de datas específicas – como por exemplo a Black Friday – e que acabavam sem uso pelo restante do ano. A identificação desses custos adicionais ajudou a Galax Pay a tomar decisões que aumentaram as oportunidades de redução de custos e escala.
O principal resultado dessa fase de avaliação foi a criação de um business case de alto nível que desenhou diversas estratégias para que o time atingisse os objetivos do projeto. A análise do negócio possibilitou que a Galax Pay avaliasse todas as opções disponíveis usando suas prioridades e necessidades como parâmetros, o que, em última instância, contribuiu para decisões mais sólidas para o projeto em questão.
Baseada na avaliação dos processos de interação com os clientes, a melhor solução encontrada foi a migração de as aplicações. Os containers disponibilizam uma forma padrão para o armazenamento de configurações, códigos e dependências das aplicações em um único objeto, compartilhando apenas um sistema operacional instalado no servidor. O uso de containers permite que a equipe faça implantações de forma rápida, confiável e consistente, independentemente do ambiente.
Com a evolução do processo de virtualização, os containers são capazes de redimensionar a aplicação rapidamente por precisarem de pouco tempo de inicialização. Esse método simplifica a automatização do processo de implantação – já que a aplicação fica empacotado e pode ser disponibilizado em diferentes ambientes, como o desenvolvimento, homologação e produção.
A DNX concluiu que esse era o melhor método para acompanhar o desenvolvimento da aplicação, já que uma vez feita a conteinerização, há a garantia de que tudo o que a aplicação necessita para operar está intrinsecamente ligada a ela. A estratégia maior era garantir a máxima disponibilidade para o usuário final.
- Fase de Mobilização
Após a avaliação, iniciou-se o processo de planejamento – o momento em que a DNX começou a desenhar a nova arquitetura e o plano de migração de acordo com as necessidades da Galax Pay. A DNX avaliou as lacunas de tempo de resposta da nuvem e interdependência entre aplicações, descobertas na fase anterior. Além disso, foram avaliadas todas as possíveis estratégias de migração para garantir que a mais adequada fosse selecionada e atualizada no business case. Durante a etapa de Mobilização, a equipe da DNX implantou a Citadel, uma infraestrutura na nuvem arquitetada nos padrões de Well-Architected da AWS, pronta para entrar em conformidade com as normas de órgãos reguladores internacionais como PCI DSS, HIPAA, ISO 27001, CDR. E em seguida trabalhou com o cliente para projetar a plataforma da aplicação.
A solução apresentada à Galax Pay foi a de performar a migração através da modernização da aplicação e da utilização de containers utilizando o Amazon ECS, que é executado utilizando o Fargate. O ECS permite a configuração de métricas como CPU, memória e número de conexões, que auxiliam no escalonamento automático. O Fargate foi escolhido para alcançar a elasticidade e agilidade necessárias para a aplicação Galax Pay, pois permite que dois containers sejam executados ao mesmo tempo sem a necessidade de gerenciar servidores ou clusters de instância EC2.
O Fargate simplifica o processo da Galax Pay ao eliminar a necessidade da escolha de um tipo de servidor e o tempo de dimensionamento e de empacotamento de clusters. Outro motivo pelo qual o Fargate foi a escolha perfeita nesse caso foi o atendimento aos critérios de conformidade de PCI exigidos pelo ambiente. O uso do Fargate significa que a Galax Pay não precisará atualizar continuamente o sistema operacional ou utilizar sistemas de anti-vírus para a manutenção da segurança das máquinas.
Antes de iniciar a terceira e última fase do projeto, a DNX concluiu a configuração da zona de aterrissagem utilizando a fundação segura da Citadel e preparando o terreno para a migração de várias aplicações-piloto.
- Fase de Migração
Após a comprovação do sucesso dos aplicações-piloto, começou a migração do restante dos dados da Galax Pay para o ambiente seguro criado na AWS. Para que a Galax Pay se beneficiasse totalmente de tudo que a AWS tem a oferecer, durante o processo de migração o time da DNX realizou uma modernização. Ao modernizar dados e aplicações com conceitos nativos da nuvem, a Galax Pay se preparou para um futuro de sucesso – em que a eficiência de suas operações é otimizada.
Ao replicar o banco de dados, a DNX garantiu a sincronização ativa de dados – o que possibilita que os mesmos sejam replicados no ambiente operacional, reduzindo o downtime para cutover. Ou seja, ir além de uma simples estratégia de levantamento e deslocamento permitiu que a Galax Pay evitasse trazer os problemas do passado para o futuro da empresa.
A Galax Pay entrou em contato com a DNX Solutions do Brasil à procura de uma migração de on-prem para a nuvem, mas a entrega final superou as expectativas. O cliente buscava uma migração lift-and-shift para a AWS, mas entregamos uma modernização completa de acordo com os padrões de qualidade da AWS. A Galax Pay estava ciente dessa solução, mas imaginava que seria algo para o futuro. No entanto, implementamos essa solução nesse momento, evitando que a Galax Pay tivesse que se envolver em um novo projeto mais adiante.
Com o resultado alcançado, a Galax Pay:
- Aumentou a percepção de disponibilidade e performance da aplicação
- Diminuiu o tempo de resposta para melhorias e correção de bugs (bug fixes) e sua efetiva disponibilização. Isso foi refletido no aumento de sua nota na plataforma de avaliação online Reclame Aqui
- Maior segurança para o cliente ao atender os padrões PCI DSS
A modernização da aplicação foi entregue como parte do projeto de migração, aumentando a agilidade e segurança e permitindo que a Galax Pay atingisse metas projetadas para anos no futuro.
Aumento do Investimento e Crescimento
De 2020 a 2022, A Galax Pay cresceu 420% em receita do ano fiscal. Enquanto isso, o número de clientes aumentou aproximadamente em 150%, indo de 1.116 para 2.784 clientes.
Com os desafios operacionais causados por uma estrutura datada resolvidos pela migração efetuada pela DNX, as estratégias de negócio e promoção ganharam destaque. O resultado atraiu o investimento da CelCoin, que atuou como um catalisador financeiro impulsionando os negócios. A fundação segura e dimensionável entregue pela DNX Brasil garantiu que a Galax Pay estivesse preparada para lidar com aumentos de fluxo repentinos.
Estima-se que o aumento de clientes que a Galax Pay alcançou seria atingido em cinco anos, caso eles tivessem mantido sua infraestrutura on-prem.
Aumento de Entregas
Como uma fintech com uma solução digital sendo alimentada por um canal digital de aplicações, tecnologia é o cerne do negócio. O time da DNX implementou a automação de implantação e compartilhou conhecimento com a Galax Pay em relação ao GitLab e ambientes não produtivos. Isso permite a constante entrega de novas versões da aplicação diariamente.
Tranquilidade
Galax Pay agora opera a partir de uma estrutura segura de nuvem, a Citadel, que oferece tranquilidade operacional e de conformidade por meio de maior resiliência, confiabilidade e segurança.
Maior Desenvolvimento
A substituição da atualização manual pela automação otimizou o uso do tempo da equipe. Com as preocupações com a infraestrutura resolvidas, a equipe de desenvolvimento da Galax Pay agora tem tempo disponível para se concentrar nos objetivos principais da empresa e criar novos recursos para a solução.
A automação também permitiu que a Galax Pay implementasse novos recursos em um ritmo que atendesse aos desejos de seus clientes. O controle de qualidade também foi aprimorado por meio da criação de ambientes de teste e produção, permitindo que novos recursos sejam testados antes de serem liberados para o usuário final.
Antes do envolvimento da DNX, a Galax Pay estava restrita a liberar novas funcionalidades manualmente apenas aos finais de semana. Agora, o time tem a flexibilidade de liberar novas funcionalidades de três a quatro vezes por dia.
Conformidade PCI
O ambiente desenvolvido com a solução Citadel permite que a plataforma Galax Pay atinja a conformidade com PCI rapidamente, por esse ambiente ser compatível com PCI em sua construção. A Galax Pay também utilizou o DNX Managed Services, serviço oferecido pela DNX, para coletar evidências para uma empresa externa de auditoria, que confirmou sua conformidade. Isso garantiu a certificação PCI da empresa.
Uso Contínuo de Serviços Gerenciados
Reconhecendo a eficiência do trabalho da DNX ao longo do projeto, a Galax Pay optou por fazer uso contínuo do DNX Managed Services, que vem agregando valor à empresa há mais de um ano.
Atualmente, a DNX fornece um serviço de extensão SRE para a Galax Pay, onde a DNX é a parceira expert da AWS e DevOps da Galax Pay. Ao estabelercer uma parceria de confiança, a Galax Pay não precisa se lançar no mercado de trabalho em busca de mão-de-obra especializada. Isso garante benefícios ao cliente final da Galax Pay, já que o time pode manter o foco no que faz a aplicação rodar melhor – solucionar bugs, implementar melhorias e adicionar novos recursos que facilitam a vida dos das pessoas e empresas que contam com o serviço da Galax Pay.
Confira nossos projetos de open-source em github.com/DNXLabs e siga-nos no LinkedIn, Twitter e Youtube.
Bringing cloud native concepts through DevAx to accelerate cloud journey for Big Red Group
DNX Solutions delivered the AWS Developer Acceleration (DevAx) enablement program to Big Red Group (BRG). The program is aimed at increasing the customers’ developer skills for cloud adoption and building developer cloud native fluency across their organisation. A major focus of AWS DevAx is the developer patterns and practices of modernisation and distributed system design, to break down and rearchitect monolithic application architectures.
The DNX team delivered the AWS DevAx enablement as a structured program by running a structured enablement program, working directly with BRG’s development teams for six weeks. A comprehensive curriculum taught through workshops and co-development sessions resulted in the upskilling of BRG’s internal development community.
What is the “Monoliths To Microservices” Program?
The migration from a monolithic architecture to microservices requires both a willingness on the part of the developer and the business as a whole, as well as a thorough understanding of the way in which architectures such as microservices design patterns can be used and the tools that can be utilised in order to deploy them.
The AWS DevAx “Monoliths to Microservices” program aims to increase developers’ knowledge and experience in distributed system design patterns, or to assist developers in gaining more experience in developing on AWS in general. The program takes a theory and patterns-first approach, then introduces the AWS developer tools. It, therefore, targets experienced developers looking to increase their skills, which perfectly reflects the BRG team that undertook the program with DNX Solutions.
Over the 6 weeks that DNX delivered the program, BRG developers started with a Java Springboot Monolith with a large RDBMS backend and methodically broke the monolith into a series of decoupled microservices. The DNX team rehosted the application in AWS, and then refactored the application architecture to utilise application release automation, bounded context based microservices, refactor and rearchitect the databases, implement an event driven system, implement authentication and authorisation systems, and create AI driven services.
Topics like microservices security best practices are covered as a cross-cutting topic across all modules.
- Module 1: Lift & Shift – Migrating The Monolith
- Module 2: Application Release Automation
- Module 3: Create a Microservice
- Module 4: Refactor Your Database
- Module 5: Microservices Decoupled Eventing & Messaging Architectures
- Module 6: Creating an Authenticated Single Page App
- Module 7: Creating Immersive AI Experiences
What is the value of the AWS DevAx program to BRG?
The DevAx enablement contributed to a mindset shift in the BRG Java developers, where they received the knowledge and tools required to alter their way of working from monolithic applications to a microservices-based architecture. This gave them the chance to understand the new technology, the different opportunities it provides and why it is worth adopting. For a company that is dealing with multiple brands all with unique infrastructures and functionalities, merging the data was a mammoth task that required an open-minded and educated developer team. As stated by the BRG Head of Engineering, this complexity is the reason “Devax Academy was extremely important in changing our team’s mindset, encouraging them to get involved with the project”. In addition, the deep understanding and insight into the patterns BRG’s teams need to break the monolithic across different types of architectures at speed will allow developers to reuse those same patterns in the future.
To move from monolith to microservices was a breakthrough for BRG. By moving away from long-running environments and drastically altering the development life cycle, teams can begin doing development with whatever the code repository is, allowing developers to spin up the environments. In addition, the cost of non-production is massively decreased by maintaining production and changing non-production as development is undertaken. In BRG’s case, the new confidence in breaking up and re-architecting monolithic applications that cannot be easily rehosted in the cloud has opened up many more doors, such as making it possible for them to build a secure Infrastructure as a Service (IaaS) that is simple to use and maintain. An additional benefit of microservices is the ability to implement Straight-Through Processing (STP). STP uses automation to increase the speed of financial transactions, which not only simplifies financial processes but its implementation at BRG has also saved them a huge amount in operational expenditure.
Upon completion of the program, the BRG team had gained a thorough foundation of knowledge and insight, meaning they are not only willing but also able, to strive for continual improvement. These benefits are just some of those gained by BRG due to the move from monolith to microservice technology, all of which can be achieved by any business willing to commit to the change.
DNX Solutions values sharing knowledge and is proud to be able to deliver comprehensive programs through the AWS DevAx enablement. For businesses that want to take control of their assets without having to rely on external resources, completing enablement through DevAx is a straightforward and valuable way to increase in-house skills. To see how your business can benefit from this program, contact DNX today.
Big Red Group’s challenge to create a new infrastructure for multiple unique brands
Big Red Group (BRG) is the leading experience partner in Australia and New Zealand.
BRG is the parent company of major experience brands, such as RedBalloon, Adrenaline, Lime&Tonic, and Experience OZ. Each one of them have their unique value proposition to attract and engage diverse audiences, with exclusive distribution channels, B2C and B2B offerings, and unlock access to more than 10,000 experiences across Australia and New Zealand.
The Challenge
After acquiring new brands and inheriting their technology and infrastructure, BRG had to maintain multiple infrastructure sets resulting in the challenge of creating and maintaining new functionalities for each brand. In addition, they had the challenge of providing meaningful reports for the business due to their different data models.
BRG were seeking a cloud consultant partner that could assist them in building a secure infrastructure as a service that was simple to use and maintain from day one. They also sought increasingly leveraging microservices to ensure continuous, agile delivery and flexible deployment of complex, service-oriented applications.
DNX Solutions determined BRG’s business and technical capabilities, such as the interdependencies, storage constraints, release process, and level of security. With the required information at hand and BRG’s required technology, DNX developed a roadmap to meet BRG’s Technical and Business objectives, using AWS best practices “The 7R’s” (retire, retain, relocate, rehost, repurchase, replatform, and refactor).
The Solution
BRG’s project was implemented in two phases where an AWS Foundation, Application Platform (Containers), and Application BluePrints (Static frontEnd and Containers with full CI/CD PIpeline) were delivered.
DNX Well-Architected Foundation entails
- AWS Landing Zones
- 100% infra-as-code
- CI/CD for infrastructure
- CDK in Typescript
- Knowledge transfer
- Cost Report and optimization
- AWS ClientVPN Auditing Strategy
AWS Application Platform
- AWS ECS
- CloudFront + S3 (Static Application)
- Application CI/CD Strategy
- Monitoring strategy
- Auto-scaling strategy
- Logging strategy and retention
- Secrets management
- Application BluePrints
The Outcome
The DNX team designed and implemented a safe infrastructure as a code for AWS Cloud Development Kit (CDK) in typescript to run inside the AWS cloud Formation for their entire foundation as per BRG’s prerequisites.
The typescript was chosen by BRG’s team to provide them with an easier way to write and maintain not just the applications codebase but also infrastructure. TypeScript is a superset of JavaScript which primarily provides optional static typing, classes, and interfaces. One of the big benefits is to enable IDEs to provide a richer environment for spotting common errors as you type the code which BRG’s team was already very familiar with.
It offers all the features of JavaScript, plus an additional layer on top of these – the TypeScript type system. This can help companies to build more robust code, reduce runtime type errors, take advantage of modern features before they are available in JavaScript, and work better with development teams.
DNX also deployed Application Blueprints (Static frontEnd and Containers with full CI/CD Pipeline) so BRG’s team could deploy, migrate, manage and monitor their own applications in the AWS cloud in the future.
As with all of our projects, DNX delivered extensive documentation and sessions on transferring knowledge covering how DNX Foundations works, how to deploy applications, how to run CI/CD pipelines, and more.
Moreover, DNX delivered the AWS Devax Academy training program Monoliths to Microservices for Java developers for six weeks.
Conclusion
No matter your needs or requirements, DNX is able to deliver the right solution for your business.
Scalamed: Building a HIPAA compliance environment while migrating from Heroku to AWS

About Scalamed
Scalamed is an Aussie startup that allows patients to receive prescriptions directly from their clinician to their mobile phones.
Taking a patient-centred approach, Scalamed believes the company must empower patients with the right information at their fingerprints to make health personalised for them.
Combining the experience of patients, care-givers, doctors, pharmacists, and geeks in a single solution, Scalamed aims to provide a friendly, personal, intuitive, secure, and caring healthcare solution.
For Dr Tal Rapske, Scalamed Founder, the journey to helping patients manage their health simply, conveniently, and on-the-go starts with medication management. As Rapske explained it, ScalaMed is in-effect a ‘digital prescription inbox’, secured by blockchain technology, which patients can access from their smartphone and share with their treating doctors and pharmacists.
“We identified a gap where a next-generation technology could improve the experience of medication management and increase adherence. By allowing patients to securely store their prescriptions digitally, doing away with paper, we can reduce medication errors, allergy mix-ups, and unnecessary hospitalisations, while giving patients their prescription history and information, and improving the convenience and ease of managing and purchasing one’s prescriptions,” Rapske explained.
The Business Challenge
While uncovering the market’s needs, Scalamed identified that the main concerns and questions about the solution are around security, ease of use, administration burden, and how difficult the system is to use. In response to the security topic, Scalamed has decided to prepare the application to be compliant with HIPAA standards for sensitive patient data protection.
Another challenge is that Scalamed was scaling up the business globally, was looking to improve the resource-usage, looking to grow more dynamically, remaining light on infrastructure operations, and wanting more control in the long-run. However, as Heroku was the current cloud platform, Scalamed was not able to achieve this due to some Heroku platform limits.
So, Scalamed needed to find a partner that solves both challenges; building a HIPAA compliant environment and preparing the business for future growth. DNX Solutions was engaged to support these challenges using AWS as a cloud solutions provider.
The 5-step Solution
Step 1: Identifying issues, risks, and opportunities
DNX started by assessing the current state of the application infrastructure, delivering a Well-Architected Review Framework where DNX identified risks and opportunities against operational excellence, security, reliability, performance efficiency, and cost optimisation pillars. Also, a HIPAA Best Practices was considered while assessing the workloads.

About 39 items were classified as high risk. Security and reliability were the main focuses for the business, followed by solving performance efficiency. Some of those are identities and permissions management, network resources, networking configuration, security events, design workload service architecture to adapt to and perform better, and data protection.
With a clear understanding of both business and technical needs in-hand, DNX and Scalamed determined that an Application Transformation would be the best path to solve those challenges.
A Transformation journey was defined as a deliverable scope, with security as a main topic to be covered in order to achieve the desired outcome.
Step 2: Enhancing security through DNX.One Well-Architected Foundation
The project started by deploying DNX.One Well-Architected Foundation (aka DNX.One) – an automated platform built with simplicity in-mind, Infrastructure as Code (IaC), open source technologies, and designed for AWS with well-architected principles. It enables the application to thrive while the business can remain focused on customer solutions.
DNX.One is a ready-to-go solution that aims to solve the most common business needs regarding cloud infrastructure as it fits different application architectures (including containers), has flexibility and automation for distinct platforms, and enhances security and management to keep business under control.
Some high-level security best practices that were leveraged while building Scalamed’s infrastructure were:
- Networking using security best practices for VPC
- Multiple Availability Zone
- Security groups and network Access Control List as an optional layer of security for VPC
- IAM policies to control access
- AWS tools to monitor VPC components and VPC connections such as CloudWatch
- A secure dedicated and isolated subnet for the database which is not accessible to the public internet
- A Centralised CloudTrail to monitor events history
- GuardDuty to provide continuous monitoring of AWS accounts
- AWS Key Management Service (KMS) to create and manage cryptographic keys and control their use across AWS services
While building a HIPAA compliant environment for Scalamed, DNX provided substantial changes on DNX.One which is default for any new customer such as having account-level separation to isolate distinct environments, granular access control for each workload, and list-grants-permission.
Having a separate audit only account was another crucial topic to be covered, enabling the HIPAA audit team to access everything with integrity.

Figure 1- IAM – single sign-on

Figure 2 – Networking

Figure 3: account management and separation
Step 3: Application Transformation Strategy
With minimum infrastructure operations in mind, DNX started the application transformation strategy. A migration from Heroku to AWS while using Elastic Container Service cluster in EC2 instances was proposed as it enhances performance and resource usage. It is important to note that DNX used spot instances for the ECS cluster, focusing on availability while reducing AWS costs.
Upon deployment of DNX.One, we migrated Scalamed deployment to Docker containers using Elastic Container Service (ECS) bringing together both the existing automated tests and database migration scripts to its CI/CD pipeline.

An internal Application Load Balancer was used to control internal access through Network Access Control List (NACLs) and/or Security Groups.
As a security best practice, environment variables were used while passing secret or sensitive data securely to containers. SSM Parameter was used to store secret keys and variables (values in plaintext), enabling only authorised services to access this and change it when convenient.
An AWS Key Manage Service (AWS KMS) customer master keys (CMKs) was used to encrypt the data at rest.
To enhance security in this phase, the environments were separated into accounts (non-prod and prod), allowing better access control for the Scalamed team to the environments through roles and policies. VPNs were also implemented in each environment (non-prod and prod), so that access to resources such as databases were only carried out through VPN, allowing authenticity, confidentiality, and integrity of data in transit.

Step 4: Build a secure CI/CD Pipelines
We used AWS EC2 instances to run complex CI/CD pipelines using spot instances, optimising steps such as database migration and automated tests running in parallel steps via Gitlab. Hundreds of pipelines are triggered daily at minimal operational cost. Moreover, this reduced the number of production incidents, increased their current test capacity, and enhanced security while running the pipeline in a private instance, avoiding public or shared instances.
DNX uses its own runners to execute the pipelines. In summary, instances are created in AWS to execute the pipelines without the need to configure SECRETS within the CICD SaaS platforms. Our instances that are created for this purpose already have the specific policies and roles to execute the pipelines only with the necessary permissions, without the need to expose the execution of pipelines inside third-party runners.

AWS stack:
- AWS Identity and Access Management (IAM)
- AWS Key Management Service (AWS KMS)
- Network ACLs + Security Groups
- AWS Systems Manager
- AWS CloudTrail
- AWS Organisations Service Control Policy
- AWS Secrets Manager
- Amazon CloudWatch
- AWS CloudWatch Events
- Amazon GuardDuty
- AWS Certificate Manager (ACM)
- AWS Single Sign-On
- AWS Consolidate Billing
Step 5: Knowledge Transfer
DNX works closely with companies to spread the AWS Well-Architected Framework pillars, bring teams together, and focus on delivery. As part of DNX Transformation Journey, a showcase was delivered at the end of the project in order to upskill the Scalamed’ team regarding what was delivered.
Conclusion
From conception to conclusion, the migration project of Heroku to AWS was completed in approximately one month. Now they have a HIPAA compliant environment as well as Well-Architected. In order to address the first challenge, the critical issues identified on the previous assessment were fixed (under security and reliability pillars) while delivering a resilient, secure, and reliable foundation.
The new Docker+AWS environment implementation allowed Scalamed to improve performance and efficacy as compared to their previous Heroku environment. Their production quality and their ability to release more products frequently have increased. Furthermore, developer and QA productivity has improved significantly.
Building a HIPAA compliance environment, improving the security of application components, automating security components and CI/CD, and applying AWS cloud-based products have enhanced the environment to seat the customer data. It enables the Scalamed team to focus on delivering Dr Tal Rapske’s passion; to reorient healthcare towards the patient and empower patients with their data seamlessly, while addressing the quadruple aim of health – improved health outcomes, reduced cost, improved patient experience, and reduced paperwork for providers.
Na DNX Brasil, rabalhamos para trazer uma melhor experiência em nuvem e aplicações para empresas nativas digitais. Trabalhamos com foco em AWS, Well-Architected Solutions, Containers, ECS, Kubernetes, Integração Contínua/Entrega Contínua e Malha de Serviços. Estamos sempre em busca de profissionais experiêntes em cloud computing para nosso time, focando em conceitos cloud-native. Confira nossos projetos open-souce em https://github.com/DNXLabs e siga-nos no Twitter, Linkedin or YouTube.
Brighte Capital restructures its AWS organisations, improves security, and achieves a 50-60% cost reduction.

About Brighte
Brighte Capital is a rapidly growing Australian FinTech founded in 2015, making solar, battery, and home improvements affordable for Aussies all over the country.
Its mission is to make every home sustainable, offering Aussie families affordable access to sustainable energy solutions through an easy payment platform.
The company offers financing and zero-interest payment solutions for the installation of solar panels, batteries, air conditioning, and lighting equipment.
The process is simple and fast, all managed via Brighte’s website or smartphone app. Once your application is approved, you get access to highly vetted vendors offering interest-free products. Brighte recently received the Finder Green Awards 2021 in the category of Green Lender of the Year, an incredible achievement that recognises and solidifies its position in the Australian market.
As a company operating in both the Energy Industry and Financial Services Industry, Brighte must comply with numerous standards, rules, and regulations highlighting operations, security, and data protection as key topics. Australian Privacy Principles, Anti-Money Laundering and Counter-Terrorism Financing Act 2006, and National Consumer Credit Protection Act 2009 are just some examples.
But as a customer-centric company, Brighte goes beyond mere compliance requirements. Transparency and making life easier are two of its most important values, so Brighte is alert to other factors which can bring damage to their clients, well beyond compulsory minimum standards.
The Business Challenge: consolidate and improve the core digital platform architecture while prioritising security
Brighte’s business model is impressive and there has been considerable investment in a robust digital platform to support the different areas of the company. There is substantial technology in-place behind the scenes, with the business headed by a dedicated team of professionals with diverse backgrounds and skills, all contributing to a strong work culture.
As a relatively young company, Brighte has experienced exponential growth. Even with best practices in-place, it was difficult to continually manage or upgrade the various IT solutions the business was using.
Most of Brighte’s applications were developed in-house and based on a range of different programming languages and technologies. While its infrastructure was hosted on AWS, different services were being used to support each application, causing issues around ease of management and knowledge retention and sharing, but on top of that, increased vulnerability and manual interactions should have been fixed, retaining and improving security.
Brighte needed to revamp its landscape and reevaluate the current architecture of its core digital platform. The business reached out to DNX, seeking a solution that would improve its cloud strategy, apply DevOps best practices, reduce infrastructure operational overheads, and achieve overall cost optimisation. However, because of its financial conditions, these challenges need to go hand-in-hand with security. Therefore, DNX understood that the challenge is to provide those improvements while prioritising security.
The DNX Solution: infrastructure, pipelines, AWS Stack, deliverables, project, UI, frontend + backend
Prior to project kick-off, DNX began a discovery phase to maximise the information collected about the challenges faced by Brighte’s team. A Well-Architected Review Framework was delivered to identify risks and opportunities against operational excellence, security, reliability, performance efficiency, and cost optimisation pillars. This enabled DNX to ensure and maintain focus on the most important priorities, such as security and operational excellence, while the team went through the DevOps Transformation guidelines to draft a plan for the required changes, working towards continuous innovation during the course of the project.

Comparing best practices enables the team to identify new opportunities and highlight concerns that may not be apparent at the beginning.
From an infrastructure perspective, DNX recognised that Brighte needed to improve control over its AWS resources using IaC (Infrastructure as Code) and restructure its AWS organisation and accounts strategy.
To achieve this, DNX suggested its DNX.One Well-Architected Foundation (aka DNX.One) to provide the following benefits:
- New structure of AWS organisation following the best practices in the market.
- Ability to manage all infrastructure resources across all of their AWS accounts based on Terraform and CI/CD pipelines.
- Designed for AWS with Well-Architected principles
It is important to mention that DNX.One is a ready-to-go solution that aims to solve the most common business needs regarding cloud infrastructure, fitting different application architectures (including containers), has flexibility and automation for distinct platforms, and enhances management to keep business under control.
An extra layer of high-level security best practices as default for architecture guarantees continuous security at any stage. It ensures that regardless of the challenges that customers need to achieve, they will do it in a secure way.

From the applications point of view, DNX identified Brighte was using different types of AWS services to deploy their applications, including ElasticBeanstalk, ECS with Fargate, and EC2 instances.
Having these different types of application deployments is expensive, as the company needs to utilise multiple operational processes to manage the environment, but is also less secure because no single consistent security module is provided, effectively introducing risk.
With its Application Modernisation strategy, DNX suggested containerisation of the client’s main applications and deployment via ECS with spot instances. This change would substantially reduce Brighte’s costs, create a pattern for new applications that may be necessitated by future business growth, and improve security while having a single security pathway to improve the AWS responsibility under the Shared Responsibility Model, making security simpler by using ECS.
The CI/CD pipeline strategy was also evaluated and Brighte’s team demonstrated a willingness to adopt solutions that would reduce the complexity of managing new deployments and providing faster response times to deploy new applications in their landscape.
Key Project Phases:
Cloud Foundation (aka AWS Foundation)
With our automated solutions based on Terraform (IaC), DNX restructured Brighte’s AWS resources such as AWS organisation, accounts, network, domains, VPN, and all the security controls for account access via SSO using Azure AD as their Identity Provider.
Building a strong and secure foundation for Brighte’s applications was a critical first step prior to modernisation. With a multi-AZ strategy with ECS nodes running on spot instances deployed in their environments, Brighte was able to run a cluster of Docker containers across availability zones and EC2 instances, while optimising costs and simplifying the security operating model.

Security:
Although security is considered and addressed at many stages by now, and several cloud technologies have been put in-place to protect data, systems, and assets in a manner to improve security through best-practice guidance, there are some AWS services that still need to be highlighted.
AWS Cloudwatch
The logs from all systems, applications, and AWS services have been centralised in the highly scalable AWS CloudWatch service. It allows easy visualisation and filtering based on specific fields, or archiving them securely for future analysis. CloudWatch Logs enables you to see all of your logs, regardless of their source, as a single and consistent flow of events ordered by time, and you can query and sort them based on other dimensions, group them by specific fields, create custom computations with a powerful query language, and visualise log data in dashboards.
AWS Cloudtrail
All AWS events are reported to a centralised CloudTrail and exported to an S3 bucket in an Audit account.
AWS Organisations
The setup of new accounts has been automated by service control policies (SCPs) which apply permission guardrails at the organisation.
AWS Guardduty:
DNX implemented a centralised Guardduty to detect unexpected behaviour in API calls. The Amazon GuardDuty alerts when unexpected and potentially unauthorized or malicious activity occurs within the AWS accounts.
DNX has helped Brighte to strengthen its workload security along with a number of other relevant AWS resources, such as Amazon Cloudfront, ECR image scanners, AWS IAM identity provider, VPC endpoints, Amazon WAF, and AWS Systems Manager Parameter Store.
Cost savings:
There were three main cost optimisation drivers used for this project. The combined use of these three strategies brought savings in the order of 60%, compared with the same workloads on the previous environment, while allowing Brighte to use several new resources delivering more value with less cost to its clients.
- Using ECS clusters with EC2 Spot Instances: Spot instances are unused AWS capacity that is available for a fraction of the normal On-Demand prices on a bidding model. Spot instances can be reclaimed by AWS when there is no available capacity, so DNX uses an auto-scaling model with several instance types that ensure availability while saving around 75% compared with On-Demand. For instance, an On-Demand t3.xlarge instance costs $0.2112 per hour while the same Spot instance costs $0.0634.
- Savings plans for Databases: As the databases are stable and their use can be predicted over a long duration, AWS allows us to reserve a DB instance for one, two, or three years, with monthly or upfront payments, charging a discounted hourly rate saving from 30% to 60%, according to the chosen plan.
- Automatic scheduler for turning on and off resources according to a usage calendar: For Development and Testing environments, which are not meant to be used on a 24/7 basis, Brighte can easily schedule when these environments are available for the teams and when it should be turned off (scaling them to zero), saving around 50% compared to a full-time available environment. The scheduler mechanism allows the resources to be used at any desired time, bypassing the default calendar, in an easy to use way.
Application Modernisation:
Brighte had a good set of applications based on different technologies deployed across multiple AWS services. During this phase, the DNX team focused on the refactoring of the main applications to deploy the content via Docker containers and subsequently make use of ECS with spot instances.
They had previously adopted some of the 12-factor principles, but needed to improve their control over sensitive data and credentials. DNX proposed the use of AWS System Manager Parameter Store and adapted all the applications to follow this pattern.
A few serverless applications and UI static pages were deployed as part of this phase, even without demanding a strong code refactoring. We adapted the remaining apps to the 12-factor app methodology and made use of our CI/CD pipeline strategy.
Each environment in AWS was made identical, varying only in EC2 instance types in each environment (dev, uat, production). The same immutable application image was deployed and tested across these environments. By adopting this approach, Brighte has improved its operational resilience, greatly reducing production incidents to zero through its self-healing platform.
Logs:
Due to the high volume of logs, Brighte was using the ELK stack (ElasticSearch, Logstash, and Kibana) in legacy accounts to aggregate all of its application logs and avoid losing data during the process. The solution was working fine, but since it’s not a fully managed solution, the operational overhead was a point of impact.
DNX suggested the replacement of Logstash with Kinesis Firehose and CloudWatch Subscription Logs to send the data directly to ElasticSearch cluster. This way, Brighte was able to avoid the need of having dedicated resources to manage the solution and take advantage of the automatic transfer of logs between the applications, CloudWatch and ElasticSearch.

CI/CD pipeline:
Brighte was using Bitbucket as a provider for its applications pipelines. DNX adjusted the pipeline strategy reducing the complexity of deployments across different environments and included tools to automate the replacement of data used for automated tests using AWS System Manager Parameter Store. In addition, the bitbucket pipelines have been integrated with AWS using OpenID Connect (OIDC). As a result, there is no need for creating AWS IAM users and managing AWS Keys to access AWS resources. This strategy improved security and removed any kind of sensitive data from Brighte’s codebase.


Databases:
The databases were already deployed in RDS prior to this project, but DNX increased security by encrypting all of the database workloads and improving redundancy by activating Multi-AZ strategy during the database migration phase. Also, the databases were created in dedicated and isolated subnets which allow only incoming traffic from private subnets. Therefore, the network ACLS restricts inbound traffic for specific private subnet CIDR ranges and the RDS security groups allow only inbound traffic from ECS instances.

Conclusion
From conception to its conclusion, the project was completed in approximately five months, with the restructure of AWS accounts, infrastructure resources, and a total of 15 applications migrated to the new AWS environments.
The performance of the applications is working consistently based on auto-scaling of the clusters and without any risk of downtime due to the redundancy and self-healing strategies delivered by DNX products. The infrastructure and application deployment operational overhead has reduced significantly and this is reflected directly in Brighte’s ability to release products more frequently.
With the new pattern adopted across all applications and the use of ECS clusters with spot instances, Brighte has achieved a cost reduction of 50-60% – an outstanding result for such a large set of applications and infrastructure resources used by its digital platform.
Finally, having a very secure foundation helped Brighte to provide operational cost reduction through security and best practices, as Brighte fundamentally is saving money on operating it as the complexity was going down, therefore now they are able to run faster and safer.
Na DNX Brasil, rabalhamos para trazer uma melhor experiência em nuvem e aplicações para empresas nativas digitais. Trabalhamos com foco em AWS, Well-Architected Solutions, Containers, ECS, Kubernetes, Integração Contínua/Entrega Contínua e Malha de Serviços. Estamos sempre em busca de profissionais experiêntes em cloud computing para nosso time, focando em conceitos cloud-native. Confira nossos projetos open-souce em https://github.com/DNXLabs e siga-nos no Twitter, Linkedin or YouTube.
Plezzel: Migrating an on-premise application to AWS cloud

About Plezzel
Plezzel is a company that provides unique consumer journeys within the Real Estate sector. The Platform as a Service (PaaS) solution provides marketing automation software. Plezzel’s solution provides the time-saving and marketing tools that agents need to get more listings, grow their rent roll, and build better relationships with their prospects.
The Business Challenge
With the speed of innovation occurring in the Real Estate industry and the pace of change in Digital Marketing, the Plezzel management team decided to upgrade their platform infrastructure to cater for planned growth and uptake.
Running Plezzel’s platform on-premise technologies on the same server was challenging for the Plezzel team. This required lots of computing power and 3rd party supplier labour to manage the platform. The main challenges were their environmental complexity. DNX took up the challenge to build the best solution possible for Plezzel, designing and sharing a simple and efficient architecture on AWS with their team.
The Solution
There’s nothing better than starting your cloud journey with a fresh, Well-Architected account and getting your DNX.One Foundation in-place, leveraging all 5 pillars of the AWS Well-Architected framework, operational excellence, security, reliability, performance efficiency, and cost optimisation (check more about our AWS foundations here).
Moving to the cloud with the DNX.One Foundation established was a decisive step to improve Plezzel operations and made way for a series of DevOps automations, using Infrastructure as Code (IaC) – one of many DNX deliverables.
Then, the DNX team started to modernise Plezzel API workloads and prepare them for their new platform in the cloud. The application platform includes ECS for container orchestration using spot instances that are up to 70% cheaper with on-demand instances. It also has zero-downtime deployments in test and production environments using CodeDeploy and its own custom CI/CD pipeline for the application.
Once API workloads were relieved from the on-premise server, we enabled the team to migrate the on-premise hosting platform to AWS. Initially, it’s a complex ‘lift and shift’ task, designing the new equivalent services on AWS and converting any local application or service to cloud managed services.
As moving to a cloud-hosted solution was a priority for Plezzel, moving the on-premise hosting platform to AWS was critical.
As soon as DNX team got the on-premise hosted server up-and-running in the cloud, we started to convert a few services to AWS resources such as the database, to an AWS managed database service with multi availability zones for a Disaster Recovery Strategy. Email service was converted to SES reducing significant costs with storage and reducing the load in the server along with moving DNS services. These actions were necessary to relieve the load and operations contained in the server that was sharing hardware and network resources with other services.
Some of the AWS Services provisioned:
Conclusion
We achieved both high availability and disaster recovery in their new AWS cloud, plus a range of features. The Plezzel team can focus on improving their product in a new cloud-native way with modern architectures, now the main challenges have been solved by DNX and Plezzel teams. The new environments have AWS managing a few services like email, storage, DNS, deployments, and database, so Plezzel team can dedicate more time to what they do best – building solutions to connect their users with clients and innovate their features in a production-mirrored environment, eliminating variances from testing to release steps.
Na DNX Brasil, rabalhamos para trazer uma melhor experiência em nuvem e aplicações para empresas nativas digitais. Trabalhamos com foco em AWS, Well-Architected Solutions, Containers, ECS, Kubernetes, Integração Contínua/Entrega Contínua e Malha de Serviços. Estamos sempre em busca de profissionais experiêntes em cloud computing para nosso time, focando em conceitos cloud-native. Confira nossos projetos open-souce em https://github.com/DNXLabs e siga-nos no Twitter, Linkedin or YouTube.
Workstar: Modernising a Windows-based application by applying DevOps on AWS

About Workstar
Workstar is an Australian Company based in New South Wales (NSW) dedicated to assisting corporations in developing customised, digital learning solutions based on real-life, practical situations. Operating since 2002, Workstar remains deeply dedicated to a ‘hands-on’ approach, providing options based on first-hand experience.
From scenario-based learning to the gamification of the workplace, Workstar professionally tailors each proposal to their clients’ needs on an ad hoc basis, offering both excellent service and professionalism. Their clients include reputable organisations such as Telstra, Westfield and McDonald’s.
The Business Challenge
Workstar is a Microsoft-based company, and were manually delivering web application releases via RDP protocol, where the likelihood for human error is higher. The requirement for developers to manually use a maintenance window for safe operation extended an already lengthy lead time.
DNX Solutions was consulted and engaged to design and implement a tailor-made approach to achieve an optimal outcome for Workstar. During the discovery phase, the team noticed the absence of Load Balancers and Auto Scaling aspects. Additionally, their application at the time did not benefit from either elasticity or high availability aspects in the cloud; areas of focus that would be directly addressed by the team’s project outcomes.
After actively consulting the client to understand the challenges faced, and the key outcomes they hope to achieve, the team at DNX kickstarted the process to design a salient solution.
The Solution
The team at DNX started the project with a prerequisite DevOps test, measuring multiple factors of Workstar’s DevOps Maturity Levels. Key areas including lead time and the time taken if deployment had failed were duly considered. These leading indicators allowed the team to craft a substantive plan to satisfy both Workstar’s needs and wants.
Involving the client in the process is at the core of DNX Solution’s philosophy. The DNX team, in active collaboration with Workstar, worked together as one team to achieve optimal results in the project’s conclusion.
The solution starts with a solid AWS Foundation. Our team at DNX focused on fashioning a reliably strong platform called DNX.One which implements operational excellence, security, reliability, performance efficiency, and cost optimisation using Infrastructure as Code (IaC), so applications can thrive while the business can remain focused on customer solutions. Once the framework had been implemented, this was quickly followed by the modernisation phase. The process involved migrating Workstar’s workloads to Elastic Beanstalk IIS, which runs on the Windows Platforms on spot instances using IaC.
IaC is one of DevOps’ many important principles, as well as DNX Solution’s core deliverables.

It is crucial that Elastic Beanstalk was set up for zero-downtime deployments with monitoring and health checks for better telemetry and stronger control of environments. With the app platform built, we started to move the currently encrypted RDS database to its new home in a Secure Subnet, built during the AWS Foundation stage, which only the private subnet (where the application will run) has access to. Also, the SQL Server license was reduced from ‘Enterprise’ to ‘Express’, bringing cost-savings to the customer as the features utilised are available in the Express version.

Some of the AWS Services provisioned:
After the environments had been fully established, we started working on the application CI/CD. The CI/CD pipeline automates diagnostic testing, building, and deployment to nullify the risk of manual errors from occuring. Further complemented by Elastic Beanstalk’s blue-green deployments, Workstar now has the ideal environment to flourish financially.
The client can now focus on business endeavours without being preoccupied with background operations, and the maintenance of their web infrastructure. Additionally, unnecessary costs have been significantly reduced to a minimum.
Our CI/CD pipeline solutions are all original and independent of one another, relying on their proprietary stylings. Previously, Workstar’s resource content files had been updated manually during the maintenance phase. With active monitoring and alerts currently in place, releases are now easily deployed for testing, with automated production environments operating in a safe and secure manner. Additionally, resources and environments are now efficiently managed, operating at capacity. An improved developer experience is another crucial achievement for the development team.

Conclusion
The staff at Workstar are now able to experiment and test their deliverables in a safe and collaborative environment, encouraging both creativity and innovation. A production-like environment eliminates the likelihood of bugs and production hurdles. As a result, the final users can now enjoy a more stable solution. The costs associated with AWS and TCO were also substantially reduced, with spot instances being 70% cheaper than regular on-demand instances. The complete automation of the manual operand for deployments, releases or scaling on AWS has reduced lead times considerably.
Overall, the project took 45 days to complete, and the team at DNX has managed to deliver on all fronts, satisfying their client’s needs in a timely and professional manner.
Na DNX Brasil, rabalhamos para trazer uma melhor experiência em nuvem e aplicações para empresas nativas digitais. Trabalhamos com foco em AWS, Well-Architected Solutions, Containers, ECS, Kubernetes, Integração Contínua/Entrega Contínua e Malha de Serviços. Estamos sempre em busca de profissionais experiêntes em cloud computing para nosso time, focando em conceitos cloud-native. Confira nossos projetos open-souce em https://github.com/DNXLabs e siga-nos no Twitter, Linkedin or YouTube.
Sem spam - apenas novidades, atualizações e informações técnicas.Tenha informações das últimas previsões e atualizações tecnológicas
Airboard: Improving time-to-market on AWS, a DNX Startup Case

About Airboard
Airboard is a digital queueing application that removes physical queues to improve the passenger experience at airports and on commercial flights. It currently uses machine learning and its unique patent-pending technology to benefit airports and airlines around the world.
The Business Challenge
As a startup, Airboard had done their homework on the industry, created a great product using agile concepts, and achieved an excellent MVP (Minimum Valuable Product). Airboard was seeking a development team for expedient development (in a two-week timeframe) of a Well-Architected global framework to achieve performance excellence concurrently with high security, reliability, availability, and efficiency for its airline industry customers. A key priority for the digital queuing application is to achieve low latency across multiple, global locations with a highly scalable framework. This requires leveraging the capability of the AWS cloud, anticipating the potential for an exponential increase in the number of simultaneous users as sector adoption grows. Time savings are a significant benefit of the Airboard system, so the accuracy of timing in multiple simultaneous locations remains essential to its success. To achieve these conditions within their desired parameters, Airboard chose to team up with the highly skilled and experienced AWS architects and engineers of DNX to design and build a solution for their first release.
In the initial development phase, the Airboard team were using AWS Lightsail for front-end and back-end PHP applications running on a single EC2 instance, which enabled rapid prototyping in its initial product development phase. However, given the increased sector demand during COVID and as part of a post-COVID recovery solution for the aviation industry, the Airboard team were looking for a way to enable automated deployments that can support global adoption with enough elasticity to allow for spikes in usage during global travel seasons.
Furthermore, an ambitious customer deadline was imminent for the Airboard team and it was under pressure to prepare the application for its first release. DNX was engaged to not just design and apply a solution for these challenges, but requested by the Airboard team to assist in providing comprehensive documentation and further enhancing its DevOps best-practices on AWS. As a certified DevOps competency AWS partner, DNX pushed hard during knowledge transfer sessions and detailed documentation about our solutions.
At first, going for an event-driven architecture using serverless computing was tempting but required lots of refactoring in the current product at that time, so DNX elaborated a container-based solution on AWS. With critical compliance requirements and strict security concerns, especially in US airports, the due date was close and DNX could modernise the Airboard application while building its AWS foundations.
The Solution
DNX allocated more Cloud Engineers for this project due to its critical deadline, so while a team was building Airboard’s AWS Foundations from the ground up, another one started to modernise the application that was written in PHP with front and back-end separated, both using Laravel Framework and classic LAMP stack (Linux, Apache, MySQL, and PHP). Also, the Continuous Delivery strategy with CI/CD pipelines, essential to fulfilling the customer requirements, started to be designed as the team ran the App discovery phase by the DNX Cloud Architect.
Our well-known DNX.One Well-Architected Foundation was applied – leveraging our considerable developer experience, and using Terraform to manage our IaC, we could also accomplish high-standard compliance with Airboard’s clients as AWS IAM policies are version controlled and securely managed. Using our IAM topology, the access to AWS accounts are role-based where users assume one or multiple roles across accounts and environments.

Additionally, each policy role has its version tracked using GIT, where any modification or inclusion to a role is approved using Pull Requests. This is a benefit of using IaC, where any change in a policy is tracked and can be compared using git diff.

Application Modernisation
To achieve a cloud-native solution, the PHP application was enhanced with the modernisation process where our engineers review the code and apply 12-factor principles, preparing it for container orchestration on ECS and making sure that performance would not be compromised.
As a result, we could build the application containers for ECS orchestration, by moving configurations stored in the application to the environments using CI/CD pipelines and ensuring that no state was kept by the application processes. We also automated existing database migrations and deployments that were previously manual processes, providing the team confidence to release new features that can be easily tested in a production-like environment before every deployment.
Continuous Integration and Continuous Delivery
Airboard is a growing business with the foresight to build its foundations on a framework that can scale easily. When DNX were engaged, the team was ready to transition to enhanced pipeline architecture, to support new features and future releases. Prior to engaging us, the Airboard team would connect to the EC2 Instance manually to release new features, as the application was already living in Bitbucket with a pipeline solution. At DNX, we utilised the client’s existing CI/CD tool to provide the best pipeline architecture, focusing on the best approach for the client’s needs. Along with regular feedback, architecture reviews, and Knowledge Transfer sessions, the DNX team designed and delivered a long-term solution to secure Airboard’s scalability in the cloud.
AWS Pipeline

Application pipeline

Some of the AWS Services provisioned:
Customer Benefits
Now Airboard has a future-proofed, scalable solution on AWS with elasticity, global high-availability, CICD, and ongoing automation supporting their application. All infrastructure built in this project uses spot instances that can save up to 70% in costs, maintaining a great Developer Experience. Applying the multi-region strategy created during the AWS Foundation and CI/CD pipelines phase, Airboard can now scale its solution and development team seamlessly around the globe without a significant increase on the current TCO (Total Cost of Ownership), improving passenger experience, supporting the growth of the business, and keeping passengers around the world safe.
Na DNX Brasil, rabalhamos para trazer uma melhor experiência em nuvem e aplicações para empresas nativas digitais. Trabalhamos com foco em AWS, Well-Architected Solutions, Containers, ECS, Kubernetes, Integração Contínua/Entrega Contínua e Malha de Serviços. Estamos sempre em busca de profissionais experiêntes em cloud computing para nosso time, focando em conceitos cloud-native. Confira nossos projetos open-souce em https://github.com/DNXLabs e siga-nos no Twitter, Linkedin or YouTube.
Sem spam - apenas novidades, atualizações e informações técnicas.Tenha informações das últimas previsões e atualizações tecnológicas
Agyle Time: Protecting customer data while reducing TCO and computing costs

About Agyle Time
Agyle Time simplifies Workforce Management, ensuring cost optimisation of your resources and allowing you to better schedule to actual workload, manage costs, and improve customer satisfaction. Agyle Time uses a modern development approach with cloud technologies to engage teams and their customers with a secure and go-anywhere platform that takes just minutes to set up.
The Business Challenge
Agyle Time’s SaaS platform and its connectors are dynamic and fit different customers’ needs. However, tenant isolation along with their individual data was crucial and a mandatory requirement for large customers. In addition, due to the increase of demo requests and new tenants coming on board, building automation that delivers security was vital to keep innovating and delivering the best to Agyle Time’s users while protecting sensitive data.
Security Services on Cloud is critical for customer success in the cloud space. Data protection has become more important than ever before and every company will need high-level encryption capabilities for sensitive data, as the customers expect compliance and need governance, risk management and reporting.
DNX was engaged to elaborate and implement their new cloud operations, taking into consideration the AWS Well-Architected pillars:
- Operational Excellence
- Security
- Reliability
- Performance Efficiency
- Cost Optimisation
The Solution
Multiple perspectives should be considered while architecting automation for an SaaS arrangement like Agyle Time’s. Aspects like cross-tenant prevention, data protection, and tenant isolation are essential.
For a SaaS environment, these benefits extend beyond deployment configurations, including data encryption and security controls. This allows Agyle Time to ensure tenant isolation by encrypting their data during transit between services and in storage via their database and Amazon S3. Using Terraform also allowed Agyle Time to quickly automate their key management infrastructure, allowing employees to set up accounts for the system instantly with no third-party involvement or risk of misconfiguration.
Using Buildkite for CI/CD self-hosted pipelines, DNX has implemented automation on the CI/CD tool improving the security layer in the deployment process. For better pipeline control we decided to use self-hosted runners in our project with a custom hardware configuration which offers us better control on the builds.
It is feasible to check that secure code is deployed using CI/CD by imposing certain regulations during build time and deployment time. We’ve been able to enforce these checks with little effort because we’re utilizing Buildkite. To implement this security check, DNX used a number of plugins together with Buildkite.
The first step to an automated security architecture is to understand the kind of threats you need to protect against. Threat modelling is a technique for identifying and classifying threats that could impact your operations. It’s important to remember that any threat you document in this process is only one possible scenario out of many, but documenting it helps you better prepare yourself for how to handle it. It’s also not essential that you identify every threat, as long as you understand the general types of threats that are possible in your environment.
Going one step further, DNX has implemented a security plugin that takes care of the authentication process in Buildkite. This plugin adds some new functionalities to ensure that only authorized and authenticated users can access the CI/CD pipeline data.
The results were an automated data pipeline that brought the benefits of IaC to Agyle Time’s managed service. Each tenant’s data is isolated from the rest of Agyle Time, making it possible to enforce their multi-tenant architecture and hosting strategy using Terraform. The pipeline also allows each tenant to manage their own key infrastructure, removing any single point of failure in the account creation process.






Images regarding Buildkite demo
DNX.One Foundation
We started assessing the existing Agyle Time infrastructure against the five pillars of AWS Well-Architected Framework. It enables DNX Solutions to understand customers’ environments and identify best practices gaps, then provides a remediation plan and roadmap to resolve issues based on Security, Operational Excellence, Performance Efficiency, Cost Optimisation, and Reliability.
With a thorough awareness of and recognition of infrastructure issues, DNX delivered the DNX.One Well-Architected Foundation (aka DNX.One) – an automated platform built with simplicity in mind, Infrastructure as Code (IaC), open-source technologies, and designed for AWS with well-architected principles. It means that the platform is already built based on reference architectures and continuous assurance testing to regulatory audits and analytics, removing many regulatory and compliance hurdles involved throughout an organisation’s entire lifecycle.
The following illustrates an example of the IAM topology implemented for Agyle Time. As AWS IAM policies are controlled and securely managed, accomplishing high standard compliance was possible. The access to AWS accounts is role-based, where users assume multiple roles across accounts and environments.

Delivery Networking using security best practices for VPC, plus the extra ‘DNX layer’ of protection, is another advantage of DNX.One. Multiple Availability Zone, security groups and network ACLs, IAM policies to control access, and tools to monitor VPC components and VPC connections are the default for DNX.One and were automatically deployed to the infrastructure. In addition, having a dedicated and isolated subnet for the database and file system was considered to enhance the security around the networking infrastructure. Therefore, there are policies, permissions, and flow access to have access to sensitive data.

Another DNX.One best practice implemented for the customer was account management and separation. This practice isolates production workloads from development, test, and shared services workloads and also provides a robust logical boundary between workloads that process data of different sensitivity levels. The granular access control determines who can access each workload and what they can do with that access. In addition, it allows the customer to set guardrails as its workloads grow.

Some of the AWS Services provisioned:
Business Outcome
One of the most important topics around CI/CD pipelines is security. In public runners, provided by the pipeline tool, we cannot have control of or know if our builds are running in an isolated environment, or sharing resources across several other customers. Bringing the runners in-house, we have a stable and secure environment that enables the customer to run all the application build and deployments in isolating workspaces. Everything wrapped around the DNX.One foundation, bringing more control and confidence to the customer. Now, Agyle Time’s team can deploy releases for current and new customers automatically in a secure, elastic, and highly available way on AWS and their customers can take advantage of the workforce management platform with no data concerns.
Na DNX Brasil, rabalhamos para trazer uma melhor experiência em nuvem e aplicações para empresas nativas digitais. Trabalhamos com foco em AWS, Well-Architected Solutions, Containers, ECS, Kubernetes, Integração Contínua/Entrega Contínua e Malha de Serviços. Estamos sempre em busca de profissionais experiêntes em cloud computing para nosso time, focando em conceitos cloud-native. Confira nossos projetos open-souce em https://github.com/DNXLabs e siga-nos no Twitter, Linkedin or YouTube.
Sem spam - apenas novidades, atualizações e informações técnicas.Tenha informações das últimas previsões e atualizações tecnológicas
Law of the Jungle: Applying modern DevOps concepts in AWS

About Law of the Jungle
Law of the Jungle (LOTJ) is a cloud-based solution for risk-proofing marketing and making compliance agile and effortless. Their solution encourages effective compliance by improving productivity and reducing time to market. LOTJ brings agile methodologies to marketing teams and guides them through compliance using artificial intelligence on AWS.
The vision behind LOTJ is to allow its clients to turn marketing compliance into a competitive advantage.
The Business Challenge
Law of the Jungle was already running workloads in AWS, however they experienced challenges with configuration management and complex deployments. So, LOTJ looked to reduce time to market by reducing the environment complexity. Another challenge which was brought to the table was how to improve and make the best use of knowledge and information management.
DNX Solutions was engaged by LOTJ to provide support and implement solutions for these challenges. Together, we decided to push immutability concepts on a new AWS platform which uses an Infrastructure as a Code (IaC) process improving knowledge and information management. Building a demonstration environment for potential LOTJ customers will enable the sales team to expand their reach.
The Solution
Before starting the project, DNX’s team evaluated the organisation’s requirements and utilised DNX’s DevOps approach. This approach guides the team through the DevOps journey while building a perfect foundation, standardising and automating processes, and uses technologies to deliver applications quickly and reliably.
Our solution for this scenario was to modernise the current Java microservices leveraging Docker containers and orchestrate them using AWS Elastic Container Service clusters.
With a focus on reducing configuration management, we modernised the application by applying the 12-factor concepts and we improved the continuous deployment process by using environment variables in SSM Parameter Stores. The ECS Service uses task definitions, a powerful tool to achieve immutability and run multiples containers across the cluster instances sharing the same file system, where EFS have mounted targets across the different availability zones.

AWS Foundation
As with most projects at DNX, we start with deploying our AWS platform as this is the first layer of modernisation. DNX built the AWS Well-Architected Foundation by applying effective infrastructure code patterns, bringing instant value to our clients as it covers the essential aspects for an organisation which has DevOps culture in its DNA.
AWS Well-Architected Framework Pillars

AWS Well-Architect Framework pillars
You can see more details about our AWS Platform solution at this link.
Once we have prepared the foundation, we start the modernisation phase in which the DNX team prepares the microservices for the new cloud environment. We eliminated the need for configuration management by applying immutable concepts into the building stage of the Bitbucket pipelines that deploy the application to production in AWS. There is no need to access production or staging servers once they are up-and-running. If an exceptional need arises, the connection is secured by the SSM Session manager.
DNX uses spot instances for the ECS cluster, generating an estimated 70% cost reduction on average. Our solution implements a well-architected account topology in AWS. Law of the Jungle can have testing and development environments identical to production with reduced or similar computing power. Adding a management account facilitates security and audit aspects, keeping production and non-production environments secure and available, even during an audit process or security tests.

Continuous Delivery:
The container built during the building stage will be deployed across both AWS accounts and environments. This ensures the same application that is tested is deployed to production, providing consistency during bug fixes and new releases.

Steps:
- Application build
- Application Docker Build and Push to ECR
- Application ECS Blue-Green Deployment using AWS Code Deploy
- Automatic deploy to QA / Staging
- Automatic deployment to production with manual approval
During the whole project, DNX executes knowledge transfer sections to Law of the Jungle with our AWS Certified professionals. DNX believes this builds a healthy relationship with customers and partners.
Some of the AWS Services provisioned:
- AWS ECS
- AWS Elastic File System (EFS)
- System Manager
- CloudTrail
- Aurora Cluster
- Cloud Watch
- Code Deploy
- AWS Config
Customer Benefits
DNX Solutions looked to provide a stress-free environment and a safe place for experimentation with faster time to market for new features. DNX provided the conditions and tools in AWS to apply modern and efficient DevOps practices for LOTJ. As a result, LOTJ was able to deploy more features to its users. We also provided a new demo environment where potential customers can trial the solution in a secure and isolated approach on AWS.
To help LOTJ with its knowledge management challenge, the AWS foundation phase and knowledge transfer sections with the DNX team accommodated all knowledge in the code, reducing time on-boarding new team members.
Na DNX Brasil, rabalhamos para trazer uma melhor experiência em nuvem e aplicações para empresas nativas digitais. Trabalhamos com foco em AWS, Well-Architected Solutions, Containers, ECS, Kubernetes, Integração Contínua/Entrega Contínua e Malha de Serviços. Estamos sempre em busca de profissionais experiêntes em cloud computing para nosso time, focando em conceitos cloud-native. Confira nossos projetos open-souce em https://github.com/DNXLabs e siga-nos no Twitter, Linkedin or YouTube.
Sem spam - apenas novidades, atualizações e informações técnicas.Tenha informações das últimas previsões e atualizações tecnológicas
Perx Health: Automated global deployments on AWS with HIPAA Best Practices

About Perx Health
Perx Health is pioneering a motivational health community made for everyone. They are using leading-edge behavioural science, understanding of consumer tactics, and technology to assist and motivate people living with chronic conditions to stick to their treatment plans. Notably, Perx has already helped to increase engagement with thousands of patients, improved their adherence, and achieved better health outcomes. Their goal is a future where managing a chronic condition can really be simple, exciting, and rewarding.
The Business Challenge
Already running healthcare solutions on AWS, Perx Health aimed to leverage an elaborated multi-region automated deployment strategy in a HIPAA compliant way, requiring a move from higher-level AWS services like Elastic Beanstalk to services with more operational control. Achieving this target without adding infrastructure operations overhead was crucial to maintain a collaborative, innovative and flexible environment for the development team. Security of all data was of primary concern to Perx Health and this became a major focus of the solution delivered. Another challenge was to identify opportunities for cost reduction while running the application in the new environment.
To accomplish these challenges, DNX Solutions was heavily involved in the new architecture solution. Together, we evolved the platform to container-based orchestration, pushing stateless applications through CI/CD pipelines along with IaC (Infrastructure as code) using Terraform. We can meet security and compliance standards through management and governance solutions, also take advantage of the AWS shared responsibility model, specially for security and operations topics.
The Solution
We started assessing the existing infrastructure using HIPAA Best Practices and our DevOps Transformation guidelines. The project started by deploying our DNX Well-Architected AWS foundation, also called DNX.One, which implements operational excellence, security, reliability, performance efficiency, and cost optimisation using Infrastructure as Code, so that applications can thrive, while the business can remain focused on customer solutions.
With minimum infrastructure operations in mind, Elastic Container Service on AWS was the service of choice for the application modernisation strategy. It is important to mention that DNX used spot instances for the ECS cluster, focusing on availability while reducing AWS costs.
As security and privacy were of paramount importance to Perx Health we were able to develop systems to ensure production data was well secured from development workloads and that access was only via a secure VPN to a secure subnet in their VPCs which is not accessible to the public internet. Additionally, high levels of security best practices were enabled during the Foundation stage, including; A separate audit only account, centralised cloud trail, AWS Config, AWS Guard Duty, and AWS KMS.

Taking the blue-green deployment approach in a multi-region environment, we automated existing database migrations and deployments that were previously manual processes, providing the team confidence to release new features that can be easily tested in a prod-like environment before every deployment.

Perx Health also required an analytics solution to manage its multi-region environment. Using Terraform to manage Infrastructure as Code (IaC) enabled simple provisioning of a Data Warehouse cluster, which was essential to bring automation, security, and information management and control.
Data Overview

CI/CD Pipelines
Previously, deployments were semi-manual where the team would use a 3rd party deployment tool and required short amounts of downtime. At DNX, we used the current hosts CI/CD tool to provide the best pipeline architecture for deploying to multiple environments and regions with maximum flexibility and confidence while ensuring 0 downtime deployments.
As security is a critical topic, DNX has ensured that security controls were considered around the pipeline build-in on DNX.One Foundation. An IAM role is created specifically for CI/CD and we have been making use of it to deploy Perx’s applications. Discover more accessing our GitHub here.

ECR – Docker image scanning
To avoid releasing a docker image with major vulnerabilities, DNX has implemented an image scanning for Perx’s deployments.
On bitbucket, a step was added prior to deployment. This step will check the ECR report created for that image tag and if it contains critical level vulnerabilities, the deployment of that image will be prevented.

To ensure compliance, each container is scanned for vulnerability using ECR in the pipeline.
Read this article to learn more: AWS ECR — Improving container security by using Docker image scanning
Some of the AWS Services provisioned:
Conclusion
Perx Health’s project was highly collaborative and ultimately delivered beyond expectation. With an engaged and helpful development team working together with DNX, we built a resilient, secure, and reliable AWS platform for Perx Health applications. Now the team is able to focus on what they do best, using leading-edge behavioural science, consumer tactics, and technology to help and motivate people living with chronic conditions to better adhere to their treatment plans on a HIPAA compliant platform and automated deployments. Using spot instances for the Elastic Container Service (ECS) has been generating an average of 50% cost reduction.
With modern and efficient DevOps-oriented practices, Perx Health can test and release new features to the market, faster. Reducing operational constraints on AWS, the new platform is prepared for a global HIPAA compliant strategy.
Na DNX Brasil, rabalhamos para trazer uma melhor experiência em nuvem e aplicações para empresas nativas digitais. Trabalhamos com foco em AWS, Well-Architected Solutions, Containers, ECS, Kubernetes, Integração Contínua/Entrega Contínua e Malha de Serviços. Estamos sempre em busca de profissionais experiêntes em cloud computing para nosso time, focando em conceitos cloud-native. Confira nossos projetos open-souce em https://github.com/DNXLabs e siga-nos no Twitter, Linkedin or YouTube.
Sem spam - apenas novidades, atualizações e informações técnicas.Tenha informações das últimas previsões e atualizações tecnológicas
Waterco: Moving from Heroku to AWS without adding infrastructure operations

About Waterco — Poolware
Established in 1981, Waterco is a global brand reputed for designing and manufacturing filtration and sanitisation systems. Waterco’s products are widely used in swimming pools, spas, aquacultures, and the water purification industry. Their products are used for residential, commercial, and industrial applications across over 40 countries.
One of Waterco’s applications is Poolware, a proprietary software which analyses, calculates, and diagnoses both the chemical interactions and current water conditions.
The Business Challenge
After about two decades operating the Poolware in a desktop format, Waterco was ready to improve its user experience offerings, providing users convenient access to Poolware across multiple smart devices. Instead of purchasing or licensing existing cloud-based solutions, Waterco developed its own independently, uploading it into the cloud in 2018.
From the beginning, Heroku was the go-to solution stemming from their developer experience (DX) and for reducing infrastructure operations overheads. Having used Heroku for a few years, Waterco believes it is necessitous to improve the efficacy of resource-usage, without increasing infrastructural operations, being able to grow more dynamically, remaining light on infrastructure operations, and having more control in the long-run. However, Heroku was limiting Waterco’s ability to achieve it.
DNX Solutions was tasked by Waterco to satisfy and achieve their main business objectives. One key decision was to transition from Heroku to AWS. With AWS, Waterco’s primary goals could be easily achieved with an elastic and cost-effective architecture uploaded to the cloud.
The Solution
Prior to starting the project, DNX’s teams ran a thorough evaluation of Waterco’s requirements, and reviewed their incumbent delivery processes through DNX’s DevOps. This approach provided adequate guidance to the team throughout the DevOps process. The journey entailed building a robust foundation and the standardization and automation of certain processes. This combination of technologies enables DNX solutions to produce applications efficiently and reliably.
The project started by deploying our DNX Well-Architected foundation, also called DNX.One. The platform incorporates a robust and extremely secure cloud environment, is fully automated using Terraform, and handles most of the infrastructure operations leveraging a well-architected AWS implementation, including Docker containers.
The plan for “Application Modernisation” proposes the movement of applications to ECS cluster in EC2 instances for better resource usage, vis-à-vis the operational model in Heroku titled “Dynos”.
Upon deployment of DNX.One, we modernised Poolware’s deployment design by moving it to Docker containers, bringing together both the existing automated tests and database migration scripts to its CI/CD pipeline.
AWS Foundations:
Building a strong and solid foundation for Waterco’s applications was a critical first step prior to modernisation. Using a multi-AZ strategy with ECS nodes running on spot instances, Waterco was able to run a Cluster of Docker Containers across availability zones and EC2 instances, while optimising cost.

Costs savings
Here’s a compute price comparison* of more or less similar instances and the cost per month:
-
AWS: t3.micro (1GiB) — $0.004 per hour ($2.88 per month)
-
Heroku (Dyno): standard-2x (1024MB) ($50.00 per month)
94.24% reduction
-
AWS: c5.2xlarge (16GiB) — $0.1382 per hour ($99.5 per month)
-
Dyno: performance-l (14GB) ($500.00 per month)
80.1% reduction
Application Modernisation
Poolware had previously adopted some of the 12-factor principles. So, we applied additional cloud-native concepts to it during the modernisation phase, focused especially on building, releasing, and running.
With better usage of the AWS resources, the developed application was able to benefit from improved operational excellence in AWS, and increased elasticity in the cloud.
Each environment in AWS was made identical to one another, varying only in EC2 instance types in each environment. Differences include development, QA/Staging and finally production. The same immutable application image was deployed and tested across these environments. By adopting this approach, Waterco has improved its operational resilience, greatly reducing production incidents to zero through its self-healing platform.

CI/CD Pipeline
We used AWS EC2 instances to run complex CI/CD pipelines using spot instances, optimising steps such as database migration and automated tests running in parallel steps via Gitlab. Hundreds of pipelines are triggered daily at minimal operational cost. Moreover, this reduced the number of production incidents while increasing their current test capacity.
Some of the AWS Services provisioned:
- AWS ECS
- AWS Elastic File System (EFS)
- System Manager
- CloudTrail
- Aurora Cluster
- Cloud Watch
- Code Deploy

Conclusion
From conception to its conclusion, the migration project of Heroku to AWS was completed in approximately one month. The new Docker+AWS environment implementation allowed Waterco to achieve twice the performance and efficacy as compared to their previous Heroku environment. Their production quality, and their ability to release more products frequently have increased. Furthermore, developer and QA productivity has improved significantly. Now, Waterco only needs to run half the number of servers, cutting the hosting bill by approximately 25%.
*prices comparison performed in 11/06/2020 sources:
Na DNX Brasil, rabalhamos para trazer uma melhor experiência em nuvem e aplicações para empresas nativas digitais. Trabalhamos com foco em AWS, Well-Architected Solutions, Containers, ECS, Kubernetes, Integração Contínua/Entrega Contínua e Malha de Serviços. Estamos sempre em busca de profissionais experiêntes em cloud computing para nosso time, focando em conceitos cloud-native. Confira nossos projetos open-souce em https://github.com/DNXLabs e siga-nos no Twitter, Linkedin or YouTube.
Sem spam - apenas novidades, atualizações e informações técnicas.Tenha informações das últimas previsões e atualizações tecnológicas