Alkimii develop and host a Cloud Based Software Application for Hotel Operations. They have successfully being providing these services for a number of years to hotel chains and brands across Europe.
Problem definition
TerraAlto was approached by Alkimii on behalf of a significant client. Their client as a publicly traded Hotel company, needed to have assurances that in the unlikely event of their critical application service provider going out of business, that they will continue to have access to the application and data. Thus they required a failsafe AWS account owned by the client with the most recent codebase and data deployed automatically & continously.
The client required a means by which to maintain the separate AWS account owned by them, in which the required network, security and application stack is deployed as IAC using AWS Cloudformation. Additionally they needed any changes to the application code base and the golden ‘AMIs’ maintained by Alkiimii to be reflected in this failsafe AWS account. The database and S3 data store also needed to be replicated to the failsafe AWS account on a daily basis. Specific security requirements were expressed by both customers for their data, including extraction of the client data subset at the database and S3 data store levels, which in the Alkimii account serves multiple clients, encryption of data in transit and at rest.
Solution
TerraAlto deployed the AWS Virtual Private Cloud (VPC), AWS Identity and Access Management (IAM) roles and application stack including AWS RDS, AWS Auto Scaling groups, AWS Application Load Balancers, AWS SQS and AWS Elasticache using AWS Cloudformation based ‘infrastructure as code’ (IAC). The instances are shutdown or auto-scaling groups are set to zero instances except during testing to minimize costs. AWS CloudFormation allowed us to duplicate the standard application stack build in the Alkimii AWS account.
We used AWS S3 and AWS IAM to provide secure data replication from the S3 datastore in the Alkimii AWS account to the Client AWS account. We shared golden ‘AMIs’ in the Alkimii account with the Client account for deployment and branched from the Alkimii Gitlab repository to an AWS CodeCommit repository in Client account for maintaining a copy of the application source code. AWS Lambda and data engineering with Python was used to create a snapshot of the source AWS RDS database with only the relevant DH data, copy this snapshot to the Client account and restore to AWS RDS in this account.
It was decided between Alkimii and Client that a daily snapshot of the source database was sufficient. The S3 datastore is replicating continuously. The golden ‘AMIs’ and applicaton source codebase are up to date at time of launching instances in the AWS Auto Scaling groups in the Client account.
Outcomes
- Using AWS Lambda allowed us to incorporate cross-account IAM roles, with data engineering to customize the data set and automate snapshot copy and restore in AWS RDS.
- This was a mutually agreeable, more effective and lower cost option to putting the application source code in an escrow account.
- Deployment will always use the most recent Production application codebase.
- Database data will be up to date with the most recent daily snapshot and S3 datastore will be current with cross account replication.
- The Client addressed business continuity concerns relating to dependence on Alkimii suite of applications.