Secure file management system with fully automatic deployment
Babino fashion
Industry
Retail
Service
Cloud Native Development/ DevSecOps
Technolgies
RDS, OpenSearch, S3 bucket, Lambda
Customer Challenge
Managing files and images effectively is crucial for the business client, however, this task brings new challenges related to the integration with existing systems, security, accessibility, scalability, management, cost optimization and deployment.
Proposed solution
In the define and approval phase, CloudConseils’ AWS certified team collaborated with the client’s team to identify and analyze the project’s needs and possible solution. Then, a high-level architecture is proposed, validated and approved by the client.
Our proposed architecture is based on the usage of Serverless AWS services such as S3 Bucket, DynamoDB, API Gateway, Cognito, Lambda, and many more. A S3 Bucket with multiple prefixes is used to store the files and a DynamoDB is used to store the metadata of these files.
An API Gateway is used to manage and expose APIs to provide access to back-end resources. A Lambda Authorizer is implemented and integrated with the API Gateway to enable two Cognito pools as identity providers: Machine-to-Machine to allow existing website to read the files according to dynamic criteria and user-based to allow fine-grained authorization access (upload, download, delete, modify) for internal users via web pages (implemented in ASP.NET).
CloudConseils has introduced a fully automated CI/CD pipeline using AWS CloudFormation, CodePipeline and CodeBuild for the deployment in multiple environments from Bitbucket without manual human intervention. We deployed monitoring tools (CloudWatch and GuardDuty) threat detection and notify teams to respond quickly with the usage of SNS.
Results & mprovements
The client can securely store and manage the files and images in real time by integrating this new file management system into the existing website.
High auto-scalability, cost optimization and minimal management of resources are ensured using AWS serverless services. Fully automated deployment is ensured with maximum security using the power of monitoring tools.
More projects
The search engine is critical for the client from a business perspective. The current solution is to perform research queries directly in RDS SQL Server database.