Automates Townhall Infrastructure and Management using AWS CloudFormation

Townhall Investment Adviser Private Limited incorporated with MCA on 27 November 2020. The Townhall Investment Adviser Private Limited is listed in the class of company and classified as Non Govt Company. This company is registered at Registrar of Companies (ROC), Jharkhand with an Authorized Share Capital of Rs. 10 LAC and its paid-up capital is 1 LAC.

Townhall Investment Adviser Private Limited is looking forward in hosting their Internal Business Application called Portfolio Management System (PMS) on to AWS cloud, to check its availability, performance, and scalability of the application. Townhall Investment Adviser Private Limited wants to leverage the cloud services to avail the benefits of its agility and reliability with minimum overhead.

1. Monolithic architecture of the application payload limited their scale of deployments.
2. Poor scalability and elasticity of the infrastructure.
3. All servers and systems had limited TCO therefore the option of cost-optimization within the infrastructure was extremely low.
4. The human error element was omnipresent and causing major issue in maintaining configurations across environments.
5. Major difficulties with configuration drifts and the management of vast infrastructures
6. Slow provisioning, in terms of implementing AGILE methodology of future releases/builds.

1. We based our solution approach by leveraging managed services in AWS, such as VPC, RDS, EC2 and CloudFormation. We used AWS cloud Formation templates to automate the process of provisioning infrastructure on AWS by developing templates using YAML.
2. The cfn template generated using the CloudFormation package command in CodeBuild stage was validated against cfn-lint to validate the syntax and to meet governance and compliance policy template was validated using cfn-guard before it was deployed.
3. Within all the template and ensured that no explicit naming was used for creating global resources such as S3 buckets and RDS.
4. All the templates includes output sections to make sure that we can import into other stacks (to create cross-stack references), return in response (to describe stack calls), or view on the AWS CloudFormation console
5. AWS Systems Manager Parameter Store was implemented to avoid exposing server credentials such as SSH keys and RDP Password. Also the SSM parameter was used as CFN parameter to get ECS optimized AMI ID.
6. AWS CloudFormation template for provisioning ECS Cluster and configuring Blue/Green deployment pattern within CodePipeline and CodeDeploy for future builds/releases, was implemented.

1. AWS IAM role-based access control to restrict users to only the required resources.
2. For any Administrative task Remote user have need to connect to VPN client for accessing the servers.
3. All the RDP/SSH port are bound with OpenVPN server, also default ports will be changed to the custom port.
4. AWS WAF was implemented on top of AWS ALB and CloudFront to protect web applications or APIs against common web exploits, DDOS attacks and bots.

1. The level of automation through the IaC deployment allowed faster time to market, and overall faster and more efficient development via infrastructure as code and devops
2. Our IaC approach allowed townhall to avoid ‘configuration drifts’ tends to cause mismatched development, test, and/or deployment environments due to ad-hoc configuration changes and updates. Thereby, enabling a more efficient development and production lifecycle.
3. Our approach towards DevOps methods helped Townhall implement CI/CD which ensured zero downtime and quality assurance.
4. AWS-specific parameter types were helpful in catching invalid values at the start of creating or updating a stack, at the early stages of CloudFormation deploy from CodePipeline.
5. A mutable infrastructure avoided the calamities caused by human errors, as IaC model allowed clear visibility of the changes occurred and the option to reverse the effects as well.
6. Townhall overcame the problems of slow provisioning by a leveraging microservices architecture with more agile deployment patterns for shipping new releases.