To address these challenges and meet our client’s needs for scalability and security, we developed a cloud infrastructure based on Amazon ECS. This infrastructure provided scalable platform services and underlying virtual computing resources, and was carefully protected from external threats through the thoughtful selection and design of security components.

To ensure successful implementation, we first performed the following activities:
– Cloud Infrastructure Audit
– DevOps and DevSecOps integration strategy

The architecture of the proposed solution included the following components:
– Amazon ECS with Auto-Scaling Group of EC2 instances – for the platform’s application services
– Amazon ECS on Fargate – for the execution of scheduled and on-demand data pipelines
– Amazon RDS Aurora for PostgreSQL – a scalable and resilient database cluster
– EC2 Image Builder pipelines – for automatically producing the hardened (secure) base AMIs and container images on a predefined schedule, thus meeting the regular security patching requirement
– Amazon Cognito – as the application-level Identity Provider and a point of extensibility for integration with customer’s SSO solutions and IdP’s
– Amazon OpenSearch – as a managed application-level document storage. Separate instance of OpenSearch was installed to act as a SIEM solution for the platform.
– AWS Secrets Manager, SSM Parameter Store – for storing application-level secrets and environment variables
– Amazon CloudWatch with OpenSearch subscriptions – as a temporary storage for all account-level application and service logs, and as a source of data for CloudWatch Alarms
– AWS Security Hub – for compliance monitoring (SOC 2, HIPAA)
– AWS GuardDuty – for intelligent threat monitoring
– CI/CD pipelines for all application and data science (ML) components built on GitHub actions; with deployment capability to 5 different environments – development, staging, and 3 production environments.

The infrastructure was created using the IaC (“Infrastructure as Code”) approach following the best Secure SDLC practices, and was provisioned to 3 different AWS regions to ensure low latency access for Sparta Science customers: United States (North Virginia), United States (San Francisco), Australia (Sydney).

This infrastructure allowed engineering team to ensure successful implementation of applications and data science components. Additionally, our client enjoyed the ability to easy spin up / shut down new environments of such complex infrastructure in different geographic regions for their customers, for both demonstration and production purposes.

– Scalable and Resilient Cloud Infrastructure Architecture
– High Availability: 95%
– Efficient Multi-environment CI/CD pipelines
– Operational Observability and Alerting
– Strong Security Posture
– Well-defined RTO/RPO
– Portable Cloud Infrastructure (IaC, Terraform)

Initial costs: 3 FTE during 12 months
Ongoing development: 0.5 FTE / month
Support: 1 FTE Senior DevOps + 1 Part-time DevOps

Lesson: Implementing continuous monitoring and establishing feedback loops are essential for maintaining system health and performance.

Example: The project initially lacked robust monitoring tools, leading to undetected issues that caused system downtime. Integrating monitoring solutions later helped quickly identify and resolve problems.

GitHub – source code repository
SonarQube – for source code scanning
Wazuh – as an XDR
Docker – for containerization of the app services
Terraform – for IaC