Our work was really challenging as the system lacked documentation, automation and non-application codes were outside of source control. This required exploratory efforts to find out the system’s current functionality.

After our initial review of the infrastructure, we returned to the drawing board, analysed our findings, and discovered we could improve a lot on cost-efficiency and security. The client was happy to accept the suggestions for improvement.

In our commitment to transparency, we committed all created artefacts, code and documentation to the client’s central source control system, to help any future development endeavours.

Even following the successful establishment of the new environment, our strict testing procedures uncovered several critical issues. Given our limited prior knowledge of certain aspects, we addressed these challenges with utmost urgency and resolved them expeditiously.

We undertook a comprehensive scope of work for our client, encompassing a holistic assessment of their infrastructure. This involved an in-depth examination, solution formulation, and ultimately, execution.

Our client proved to be highly receptive to communication and was already cognizant of the deficiencies within their infrastructure. We convinced them with two important reasons:

1. Enhanced Reliability: We guaranteed more dependable applications.

2. Cost Efficiency: We assured a substantial reduction in their monthly operational expenses.

In terms of quantifiable results, the outcome is strikingly clear. We effectively slashed their monthly expenses by a notable 30-40%, resulting in a much leaner operational cost structure. We believe lots of infrastructure have the potential to have their prices cut, this is due to the first iterations philosophy: just make it work, but somehow it is easy to forget optimisations, and they stay where they were.

The Well-Architected Review (WAR) was executed in the client’s AWS account, as advised by AWS. We identified and remediated dozens of medium and high risk issues to ensure maximum security and reliability of the system, while keeping costs to a reasonable level. Remediation took approximately 2 months to finish. Overall the client is satisfied with the results, their product is more reliable with lower costs, and in the end they also received AWS service credit for doing review with a certified AWS Partner!

The client's previous system can be succinctly characterized as follows:

The infrastructure relied heavily on on-demand EC2 instances, a practice extended to all applications, even static websites, which were dockerized and orchestrated using a self-hosted orchestration tool. This approach led to a constellation of challenges:

• Inefficient Resource Utilization: Maintaining 24/7 utilization of EC2 instances for applications with highly predictable usage patterns proved to be cost-inefficient.

• Ineffectual Static Website Hosting: Hosting static websites on EC2 instances not only incurred pricing inefficiencies but also compromised reliability.

• High Maintenance: Keeping EC2 instances up-to-date required a large overhead in operations

• Obscured Metrics: Visibility into application metrics was severely limited for both our team and the client.

• Absence of Self-Healing: Manual intervention was indispensable in the event of failures, whether on the application or infrastructure fronts.

• Generic Metrics: The absence of detailed usage or common error data rendered the available metrics overly generic.

• Overprovisioned Databases: Excessive database provisioning translated into unnecessary expenditure.

• Complex Application Deployment: Cumbersome application deployment processes, characterized by multiple labor-intensive manual steps, hindered operational efficiency.

Our strategic interventions were designed to address these challenges effectively:

• S3 and CloudFront: Static websites were transitioned to highly efficient hosting on S3 buckets backed by CloudFront distributions.

• ECS Implementation: For backend applications, we opted for Elastic Container Service (ECS), introducing scheduled and auto-scaling capabilities.

• Managed Services: Managed serverless AWS services, were leveraged to mitigate software update issues.

• Database Optimization: Database instances were right-sized based on available metrics, significantly reducing costs.

• Streamlined Deployment: We simplified the application deployment process, reducing it to a straightforward tagging of git commits.

While alternative solutions existed to address these challenges, our strategic approach was underpinned by a commitment to deliver a highly functional and well-operating system, recognizing that the additional effort invested would yield substantial benefits for the client.

The client had already established a presence within the Amazon Web Services (AWS) ecosystem, a strategic move that inherently offered a host of advantages. These benefits were, indeed, at their disposal and played a pivotal role in shaping the project's trajectory:

1. Cost Efficiency: Operating within AWS allowed the client to adopt a cost-efficient model, where they pay only for the resources they actively utilize. This granular cost control mechanism not only optimized their expenditure but also facilitated budgetary predictability.

2. Security Enhancement: Building upon the solid foundation of AWS, we implemented a series of security measures to fortify the client's infrastructure. Furthermore, we improved network isolation protocols to bolster the client's defense against potential threats.

3. Reliability: AWS's global infrastructure and redundancy capabilities offered the client a high degree of reliability. With data centers distributed across the world, AWS ensured minimal downtime and robust disaster recovery options, enhancing the availability and stability of their applications and services.

In summary, while the client had already embarked on their AWS journey, our engagement aimed to optimize and further harness the full spectrum of benefits that this cloud platform had to offer. These enhancements included precise cost management, fortified security, as well as improved network isolation, all of which played pivotal roles in achieving the project's overarching goals.