Membership organisation migrates its rewards card programme to AWS, adopting cutting-edge security while delivering updates to members faster, growing member satisfaction and loyalty.

Services Provided: Amazon Web Services

Business Need

A new reward card programme required cutting-edge security and reduced maintenance that would grow the member organisation’s responsiveness.

Solution

Replatform the gift card ecommerce application to AWS, setting the stage for this membership organisation to extend its new AWS microservices architecture.

Outcomes

  • Establishes cutting-edge security with WAFv2 and AWS monitoring
  • Delivers updates to members faster, growing member loyalty
  • Reduces maintenance needs, freeing time for strategic initiatives
  • Furthers system efficiency and effectiveness

A membership organisation sped up its AWS migration while achieving security with agility and an extensible AWS microservices architecture for future innovation by leveraging NTT DATA Deploy Containers for AWS solution.

Serving nearly a million people, a membership organisation wanted to help members further their common interests. In its effort to serve them in new and creative ways, the organisation launched a rewards card programme that allows members to purchase reloadable gift cards from different vendors for everyday purchases like food and gas – while earning cash back.

Once activated, the card can be reloaded online. To further grow its member responsiveness, stay on the front-edge of security and reduce maintenance of the offering, the association sought to re-platform and migrate the gift card ecommerce application from Azure to Amazon Web Services (AWS).

To get started, the NTT DATA AWS consulting team conducted a proof of concept (POC) in which it tested the ecommerce application for compatibility with AWS. In the process, the team learned of several areas that needed attention before the Azure to AWS migration could begin. Indeed, this quick test resulted in a prioritised list of changes that needed to be made to the application code before it could be successfully moved. For example, the team made several changes to move the application from Azure SDKs to AWS SDKs.

With these initial changes made, the team could progress to address:

  • Automation like Infrastructure as Code (IaC) and CI/CD pipelines
  • Applying best practices
  • Building security in with encryption, AWS Secrets and monitoring with Amazon CloudWatch and managing access with Cognito and AWS IAM

The road from Azure to AWS Migration

The ecommerce application itself was built with .NET Core. While .NET is a Microsoft technology, it’s a misnomer to think it can only run on Microsoft Azure. In fact, .NET Core applications are easy to migrate to any cloud provider, including AWS. Given the .NET application’s agnostic nature, it was easily moved to the new AWS infrastructure where it gained enhanced scalability.

The team chose to containerise the application and run it on AWS Fargate – the AWS serverless platform for containers – in conjunction with Amazon Elastic Container Service (ECS). To speed up the deployment for the association, NTT DATA consultants used its Deploy Containers for AWS reference architecture, building multiple environments. Now, when a change is made to the application in the code repository in the development branch, it triggers the CI pipeline and the new container image can be promoted from the development environment to production environments.

Embracing AWS cloud security

Encryption, secrets management, scanning for vulnerabilities and monitoring a web application firewall are all key components of security for the new architecture. The teams:

  • Encrypted data at rest with encryption of Amazon S3, Amazon RDS and Redis data.
  • Encrypted data in transit with AWS Certificate Manager for SSL Certificates for external traffic.
  • Migrated secrets management from Azure Key Vault to AWS Secrets Manager, which allows the security team to easily rotate, manage and retrieve credentials, keys and other secrets.
  • Achieved application monitoring with Amazon CloudWatch which collates data into performance changes, resource utilisation and general operational health.
  • Protected the application against web exploits with AWS Web Application Firewall (WAF). Specifically, AWS WAFv2 was implemented alongside managed rules by Fortinet that protect against the OWASP Top 10 web application threats.
  • Container scanning was very easily implemented by enabling the feature in Amazon Elastic Container Registry (ECR).

Reaping the benefits of AWS

The Azure to AWS migration has enabled this organisation to embrace cutting-edge security with WAFv2 and AWS monitoring while delivering updates to members faster. In addition, automation has vastly reduced maintenance needs, freeing time for the client’s team to focus on strategic initiatives that deliver direct member benefits.

With the new application now running in production for member use, the organisation is looking forward to extending its new AWS microservices architecture to other components, furthering the virtuous cycle of greater efficiency and effectiveness the AWS migration has brought to the organisation.

EXPLORE CASE STUDIES