Introduction
We are working with one of the leading fintech company based out of middle east region. Currently we are managing their infrastructure which comprises of multiple AWS accounts. We are also involved in the fresh setup of one of the accounts which will be involved in payment-related activities.
Infrastructure deployment planning:
⦿ We needed to set up an infrastructure which comprised of multiple components i.e. private EKS cluster, internal load balancer, deployment of multiple docker images in EKS including transit gateway set up with other accounts.
⦿ We used AWS CloudFormation templates to standardize the deployment for the components such as VPC, EKS, EKS worker nodes, IAM roles, KMS keys and RDS.
⦿ We used tagging standard as stated below to tag each of the components.
Implementation:
⦿ The various docker images consisted of multiple environment variables which have been handled using configmaps feature of Kubernetes itself.
⦿ The whole setup is onto a private EKS cluster and only the accounts with TGW peering are currently able to access the environment.
⦿ We are utilizing the AWS ALB path-based routing via Kubernetes ingress resource to route the traffic to the specific deployments.
⦿ For specific users, we have used openVPN to establish the authentication to the environment.
⦿ • The openVPN has an additional layer of MFA enabled to enhance the security.
