Implementing AWS security solution for MFcentral

Name of the customer – MF Central

MFCentral is the investor services hub conceived by KFintech & CAMS powering a new era of collaboration by providing convenience to transact across all folios of an investor with unparalleled user experience. Leveraging best in class technology, MFCentral brings ease, convenience and speed to your service requirements across all the Mutual Funds. While investing in a mutual fund scheme has become a lot easier over the years, many investors still face difficulty in carrying out various non-financial transactions, such as updating nominee details, changing mobile numbers across funds, etc. But not anymore. Now with MFCentral, a new mutual fund platform, do all these activities and many more with ease. This new platform integrates all your investments into one single window, thereby enabling you to know various aspects of your investments.

Challenges faced by the customer:

  • CAMS and KFIN planned to have Prod Infra for MFCentral setup with enhanced security.
  • CAMS and KFIN need to host infrastructure on AWS Cloud. They didn’t have internal expertise on cloud native deployments and needed expert help to provision quickly, deploy and go live.
  • Implementing the CICD for project development.
  • Design and create application architecture and its networking.

Why AWS and Why ACC?

Amazon Web Services (AWS) is a secure cloud services platform, offering compute power, database storage, content delivery and other functionality to help businesses scale and grow.

AWS enables us to rapidly provision the AWS resources and help to get to production in a short span of time cost effectively. Using AWS managed services, they enable us to quickly deploy applications with headache of managing and maintain servers.

ACC had several successful migrations from the Banking and Financial Services sector under its belt. As an AWS Financial Services Competency partner, ACC became a preferred choice of recommendation from AWS.

CAMS and KFIN knew they were in good hands. It was a no-brainer decision for them to join hands with ACC and this decision continues to serve them well.

 Solution provided by ACC:

  • The network requirement to connect an on-premises data center with an Amazon VPC using AWS VPN Site-Site Connection both KFIN and CAMS. Another one is Direct Connect is also configured.
  • The security monitoring was enabled through the Amazon Guard Duty service also application monitoring was done using Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources. Amazon Cloud Watch is used to monitor AWS resources such as Amazon EC2 instances, Amazon RDS DB instances, as well as custom metrics generated by the applications and services, and any log files of applications. Also used Amazon CloudWatch to gain system-wide visibility into resource utilization, application performance, and operational health. These insights were used to react and keep your application running smoothly.
  • We configured the EKS cluster and Node group. Node group specific no of nodes and it always maintain it. Whenever one of the nodes goes it will create new ones and maintain the count. In the nodes microservices are running. We have also configured the ingress load balancer and the Route 53 having the domain mapping to DNS.
  • For the CICD in MFCentral AWS ECR is used for storing docker images of all the environment and versioning of docker image is also enabled. AWS Code-commit was implemented for storing the deployment files and for Code separation branching is used for different env. On the top of the EKS cluster backend microservices are running. For the backend container services the docker images are built accordingly. These services code is stored in AWS code commit. If any update in any service the updated code is pulled from AWS code commit and a new docker image is created and get deployed to the env accordingly. Different jobs are created for each microservice in Jenkins. For deployment jobs are built accordingly.
  • API and Activity usage tracking is done by using AWS CloudTrail. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. When activity occurs in your AWS account, that activity is recorded in a CloudTrail event.

 AWS Services Used:

API Gateway

CloudFront

CloudTrail

CloudWatch

CloudWatch Events

Config

Data Transfer

Direct Connect

EC2 Container Registry (ECR)

Elastic Compute Cloud

Elastic Container Service for Kubernetes

Elastic Load Balancing

Glue

GuardDuty

Inspector

Key Management Service

Kinesis Firehose

Lambda

Relational Database Service

Route 53

S3 Glacier Deep Archive

Savings Plans for AWS Compute usage

Secrets Manager

Security Hub

Simple Email Service

Simple Notification Service

Simple Queue Service

Simple Storage Service

Support (Business)

Systems Manager

Virtual Private Cloud

WAF

 Results and Benefits:

  • Created 3-tier application using static website hosting using S3 bucket (Frontend), microservices (Middle Layer) deployed in EKS and for database RDS (backend) is used.
  • Security Hub, Guard-Duty and Trusted Advisor used to enable best security practices.
  • Normal manual deployment takes 1-2 hours, were as automated deployment using CICD (Jenkins) takes only 10-15 minutes with minimal downtime. 

Start date of the engagement — 14-07-2022

End date of the engagement — 30-11-2023

We are using Amazon EKS for its robust scalability, managed Kubernetes service, and seamless integration with other AWS services

*Implementation Process*

A) AWS CodeCommit for Storing Deployment Files :

We use AWS CodeCommit to store our deployment files, leveraging its secure and scalable version control service. To maintain code separation, we employ a branching strategy tailored to different environments. For instance, we have distinct branches for DEV, UAT, and PROD.

Branching Strategy:

  • Development Branch (dev):Developers push their initial code changes to this branch. This environment is used for testing and validating new features and bug fixes.
  • UAT Branch (uat):Once the changes in the dev branch are stable, they are merged into the UAT branch for further testing. This stage involves comprehensive testing to ensure the application meets business requirements and functions correctly.
  • Production Branch (prod-version):After successful testing in UAT, the code is merged into the production branch for final deployment. This ensures that only thoroughly tested and validated code reaches the production environment.

B) ECR for Storing Docker Images: We use Amazon ECR to store our Docker images, enabling a secure and scalable repository for our containerized applications. The process involves building Docker images during the CI/CD pipeline and pushing them to ECR.

CI/CD Automation:

  • Build Stage:In this stage, the application code is compiled, and Docker images are built. The built images are tagged appropriately based on the environment (dev, UAT, prod) and pushed to ECR.
  • Test Stage:Automated tests are executed on the built Docker images to ensure code quality and functionality.
  • Deployment Stage:Once the images pass the testing phase, they are deployed to the respective environments (dev, UAT, prod).

C) S3 for Hosting Static WebsiteWe utilize Amazon S3 to host our static website, which stores our frontend code.

D) Multi-Environment DeploymentWe manage three distinct environments: DEV, UAT, and PROD. Our deployment process follows a structured approach:

    • Development Deployment:Developers deploy the application to the dev environment first. This allows for initial testing and validation of new features.
    • UAT Deployment:After successful deployment and testing in the dev environment, the application is deployed to the UAT environment for further testing and validation by business stakeholders.
    • Production Deployment:Once the application passes UAT testing, it is deployed to the production environment. This ensures that only thoroughly tested and validated code reaches production.

Rollback Strategy: In the event of issues in the production environment, we have a robust rollback strategy. We maintain previous versions of Docker images in ECR, allowing us to quickly switch back to a stable version if needed. This ensures minimal downtime and disruption to our production services.

About ACC:

Applied Cloud Computing (ACC) is an advanced AWS consulting partner. ACC accelerates end-to-end cloud adoption with the best implementation services, software, and processes available. ACC’s comprehensive framework for cloud adoption and dedicated software development capabilities help clients achieve business results faster, no matter where they are in their cloud transformation.

Applied Cloud Computing (ACC) is an advanced AWS consulting partner. ACC accelerates end-to-end cloud adoption with the best implementation services, software and processes available.
Contacts

Our Location:

508/509, New Era Business Park Road No. 33, Wagle Industrial Estate, Thane, 400604

Phone Number:

+91 9158732121

Mail:

Sales: Connect@acc.ltd

Careers: TA@acc.ltd

Services
Digitalization
Cloud Computing
Market Research

Applied Cloud Computing Private Limited | Corporate Identification Number (CIN) U72900MH2014PTC257649 | Registration number is 257649