This bespoke e-commerce application is used for the sale of specialty Christmas food products. It allows customers nationwide to pre-order their Christmas dinner, define a collection time, pay a deposit online and collect from their chosen store up to 3 days before Christmas day.
This high demand, critical service, generates several million pounds of additional revenue for the business during this important time of year.
Key Points:

• Lead Devops Engineer on the project
• Architected and implemented the whole platform for all environments with a comprehensive infrastructure-as-code approach using Ansible, Cloudformation and Vagrant
• Security remained a primary focus
  • Platform security was tested and passed by an independant Penetration Testing company
  • All data transferred between the client's browser and application servers was encrypted using a CA-signed, SHA-256 with RSA Encryption, SSL certificate
  • All environments contained within separate private VPC’s
  • Data-sensitive nodes like PostgreSQL RDS, Redis Elasticache and EC2 webservers were contained within private subnets
  • Database instances and snapshots were encrypted at rest
  • Non-production environment domains were IP restricted
  • DDOS, XSS, SQL Injection and other attack prevention was implemented at the infrastructure level using the AWS Web Application Firewall (WAF)
  • AWS console login enforced 2-factor authentication
• Scalable and robust performance was sustained at peak times by reacting to feedback from rigorous load testing before go-live. This allowed for meaningful auto-scaling thresholds and advanced database query optimisations that enabled the application to support over 2500 unique users an hour with zero downtime comfortably
• Full platform and application monitoring was implemented using AWS Cloudwatch, AWS SNS (Simple Notification Service) and AppDynamics software. This enabled automated text messages to be sent to the mobile phones of the development team when conservative, predefined thresholds for key metrics were exceeded in the production environment. This allowed us to rapidly (and discreetly) respond to potential events before the situation became significant enough for the official Support team or business to be involved. This internal self-support approach contributed to the project being incident-free and PR-nightmare-free. Thus giving the business immense confidence in the platform and the team.
• Disaster recovery measures were put in place including:
  • Multi availability zone database replication
  • Automated backups of key services like the PostgreSQL database and GOCD server
  • Full infrastructure-as-code approach allows for quick and precise redeployments of platform components if ever needed
• Implemented a continuous delivery pipeline with continuous deployments to QA environment and push-the-button deployments to Stage and Production using GOCD. This allowed even Product Owners and Project managers to trigger production builds.

Technologies Used

	AWS WAF		AWS Cloudformation		AWS S3
	AWS EC2		AWS Cloudfront		AWS R53
	AWS ELB		AWS Elasticache (Redis)		Vagrant
	AWS ASG		AWS Cloudwatch		GOCD
	AWS AMI		AWS SNS		Ansible
	AWS RDS (PostgreSQL)		AWS SES		Symfony2 (PHP)