FintechX, a digital banking platform, traditionally operated using publicly available virtual machines on another prominent cloud platform. However, the need for advanced networking, enhanced security, and better compliance drove their decision to migrate to AWS. The primary challenge was to complete this migration within a stringent two-week timeframe without direct access to FintechX's existing infrastructure, while also discussing and educating on the introduced services and solutions.

FintechX chose AWS over other cloud providers due to its superior networking and security features, user-friendly platform, extensive global footprint, and comprehensive support for cloud migration. These attributes were critical for ensuring fast application performance, secure identity access management, and the ability to quickly deploy new environments worldwide.

FintechX selected SnapSoft for their proven expertise in cloud migrations, particularly in setting up secure and efficient AWS infrastructures. SnapSoft’s experience with IaC and complex AWS Organizations setups made them the ideal partner to ensure a seamless and secure migration, tailored to FintechX’s stringent requirements.

Proposed Solution & Architecture:

• AWS Organizations Structure: SnapSoft established a detailed AWS Organizations structure to ensure resource isolation across different domains and environments. This included dedicated accounts for security, logging, and networking.
• Management Account: Used exclusively for organization management, billing, and implementing advanced Service Control Policies (SCPs) to restrict non-relevant services and regions.
• Network Account: Hosted instances for VPN/bastion hosts, interconnected instances using a Transit Gateway, and centrally hosted NAT gateways for private instances’ outbound networking.
• Security Account: Delegated for monitoring services like GuardDuty, Config, Security Hub, and central logging via CloudTrail.
• Logging Account: centrally collecting application telemetry
• DevOps OU and accounts: separate environment for FintechX’s internal systems
• Client Systems OU: each partner receives separate accounts for full isolation, also for their development and production environments

• Private Subnets: For instances requiring no inbound access.
• Public Instances: Placed behind Application Load Balancers with a Web Application Firewall (WAF) to enhance security.
• Outbound Internet Access: Managed through NAT gateways for private instances and local internet gateways for public instances.
• SSH Management: Centralized via the network account’s jump/VPN machine.

FintechX prefers to build their application stack from scratch. SnapSoft’s involvement concluded with the virtual machine setups, allowing FintechX to continue their CI/CD processes and application deployments independently. They self host the GIT repository they use for their stack, and execute CI/CD using other machines in the infrastructure. This CI/CD installs software for the partner machines. The base GIT and CI/CD instances are managed manually by FintechX, for the partner instances every time a new OS distribution comes out. FintechX sets it up for their own environment, creates an AMI, and then uses the template for further instance launch.

FintechX will continue leveraging SnapSoft’s expertise for ongoing support and potential expansions of their IaC practices. Future plans include exploring further AWS services for enhanced security and operational efficiency, and possibly transitioning to a serverless architecture to further optimize their infrastructure management. FintechX remains committed to continuously improving their infrastructure, ensuring robust security and compliance, and enhancing the performance of their digital banking platform to better serve their clients worldwide.

The migration was completed within the two-week deadline, enabling FintechX to start running their applications immediately. The setup’s efficiency was demonstrated by the minimal need for follow-up meetings. Key benefits included:

• Enhanced security and compliance through a well-structured AWS environment.
• Improved infrastructure management with the introduction of IaC practices.
• Optimized performance and resource allocation, reducing overall infrastructure costs.
• Empowered FintechX’s internal team to manage their software deployments without external interference.