Fully Managed Test and CI/CD using AWS CodePipeline and EKS

The customer is a global information technology company that solves complex IT challenges for

some of the world’s largest companies and government organizations, including the CIA, FBI,

INS, ICE, and the U.S. Military.

About the Customer

Problem statement/definition

The ‘Unav’ portal is used by the customer to evaluate architecture and infrastructure best practices for their clients applications, mainly apps hosted on AWS. It also has a questionnaire that acts as a checklist for the deployed applications and generates an extensive report on architectural, security and convention-based shortcomings as recommendations.

Unav being a multi-tenant app needed to have a consistent schema for all clients i.e. a common - superset schema for all use cases. The process was manual and minimizing manual touchpoints was important.

HashedIn’s Proposal

For minimizing multiple manual touchpoints, creation of CI/CD pipeline was needed. The customer also needed hybrid solution for applications deployed on-premise.

HashedIn proposed use of AWS Code Build, Code Commit, CodePipeline, and S3 to create an end-to-end CI/CD pipeline. We also proposed use of Terraform Scripts to provision infrastructure for EKS Cluster on AWS. Moved from ECS to EKS for application deployment as EKS is a fully managed service with auto-healing and autoscaling. The EKS Cluster has multi availability zone enabled for High availability. We proposed Helm charts on top of EKS to manage it. For storing secret credentials and values, AWS Parameter Store (SSM) was opted. For sending email notifications, we proposed to use SES, SNS, and Cloudwatch. The infrastructure was on-demand, and destroys itself after being used to save cost. Three environments were created for Development, QA and Production. Same artifacts would be promoted from Development environment to QA and finally to Production environment, if approved through multiple stages.

Every build triggers with commit on bitbucket using pipelines.yml. AWS codecommit replicates the code base, as Code build is not compatible with bitbucket yet. AWS Codecommit in turn invokes multistep build process using fully managed Continuous Integration. Once the build is complete, series of unit test cases and SonarQube analysis are run as per client specified standards.. Every build promote must pass all the checks before it is ready for deployment on development environment. Once all tests are passed, development build is triggered and checked by development team. Post this, the build is promoted manually to QA environment for testing team to check. Series of automated and manual tests are run. Once approved by testing team, QA lead clears the build for promotion to Production. The whole development and QA infrastructure can be deleted after archival of artifacts on S3. Once production build decision is taken, artifacts stored in S3 are pulled for Continuous Delivery on Production with a simple trigger of pipeline. With the employment of EKS, production environment is fully managed with inbuilt auto-heal and autoscaling.

Detailed Architecture

1. Developer pushes the Code to BitBucket and this triggers the first part of the pipeline which further pushes the whole code to AWS Codecommit as AWS Codepipeline does not have direct integration for Bitbucket.

2. Performs both frontend & backend unit & functional tests and stores the test case results in the S3 bucket. In case any test case fails, the pipeline fails as well.

3. Builds the docker image of the application and pushes the same to ECR.4. Image from ECR gets deployed to EKS Cluster via Helm Charts, and the URL is provided to

test the application, which is backed by Load Balancer for High Availability.5. The deletion of infra is done using Terraform for cost optimization and better resource

management.

Outcomes / Lessons learned

Business Outcomes

HashedIn has helped many promising firms across the globe by building customized solutions to give the users a completely hassle-free experience. Kindly let us know if you

have any specific problem/use case, where we can provide more information or consult you.

https://hashedin.com/contact-us/

CI/CD pipeline using AWS Code Build and Code Pipeline where Development, QA and Production environment was prepared on demand and deleted when not required to give significant cost savings to client.Infrastructure created on every trigger of the pipeline ensured that Done to deploy takes max of 20 mins instead of manual process that takes more than 3 days.Implemented multi-tenancy using different namespaces for Development, QA and Production in Terraforms. Multi-tenant infrastructure is fully compliant with FedRAMP.A production-ready TF script was formulated in line with the best practices to provision EKS & RDS Infrastructure. Flexible Terraform scripts that allows future addition of on-prem or other cloud infrastructureUsed AWS SSM Hierarchy to manage configuration of all tenants securing their sensitive information