July 22, 2024

Mastering infrastructure for seamless product deployment

Elevate your digital product launch with our cutting-edge infrastructure management powered by AWS.

Fran Portillo

Fran Portillo

Devops Engineer at Z1

Fran Portillo

Fran Portillo

Devops Engineer at Z1

María Simó

María Simó

Team Lead & Front-end Developer at Z1

Mastering infrastructure for seamless product deployment

A robust and well-managed infrastructure is the backbone of a successful digital product.

At Z1, we manage the technical aspects of your digital product launch, and one crucial aspect is the infrastructure—a set of tools, services, and technologies supporting online applications.

Our team ensures optimal performance and a smooth user experience using cutting-edge technology, primarily relying on AWS, the world's largest and most secure cloud provider. While we manage the technical details behind the scenes, you can focus on your business.

Infrastructure from zero to hero

We start from a foundational base, defining basic needs. Then, we analyze what makes the application unique and customize our infrastructure to achieve specific business goals.

At Z1, we designed the infrastructure for our applications in a modular way, with interconnected parts that can be changed without affecting other elements much.

A modular infrastructure offers several key benefits that significantly contribute to the overall efficiency and effectiveness of a digital product. One of the notable advantages lies in the simplification of maintenance and updates.

We rely on AWS and Infrastructure as Code (IaC) to achieve a simplified system that is easy to maintain and update and ensures smooth operations, optimal performance, scalability, and faster, cost-effective deployments.

Deployment is the entire process that a part of the application (front/backend) undergoes from the creation of code until it lives on the internet and is accessible worldwide.

Deployment Process

To bring our application to life, we rely on two fundamental platforms: GitHub and AWS (Amazon Web Services). Let's dive into some specifics.

GitHub is where our application's code lives.

GitHub stores both our frontend repository, which contains the user web application, and our backend repository, which includes the admin application and API service. Each has its own detailed change history. GitHub serves as the starting point for deploying our app on the Internet.

Whenever our development team makes changes to the codebase, these modifications follow a streamlined pipeline. They get reviewed by peers and go through automated processes, such as a linter ensuring adherence to style guidelines, identifying programming errors, and confirming compliance with coding standards. Automated tests then check that the new code functions as intended. Once these checks are successful, the new code seamlessly integrates into our primary codebase, marking the start of the final deployment phase.

The Github-AWS connection

In a secure and transparent manner -without user intervention or any required interaction-, GitHub signs up to our AWS account. At this point, our code will be packaged, stored and updated into a live environment.

  • First, the code is converted to a Docker image, a self-contained virtual container with everything the application requires. It encapsulates not only the application's source code but also all dependencies, configurations, and tools needed for its operation. This makes the image a complete package that ensures the application runs the same way anywhere, whether on our local machine, a cloud server, or any other environment.
  • Then, the image gets uploaded to the AWS's Elastic Container Registry (ECR). ECR is a service provided by Amazon Web Services (AWS). It is a cloud container registry that allows you to store, manage, and deploy Docker container images. This facilitates the efficient distribution and deployment of our application.
  • After having our Docker image stored in the ECR repository, GitHub will activate a request to AWS to update a specific part (or module) of our infrastructure. Specifically, we are updating the AWS Elastic Container Service (ECS). When an ECS update is requested, AWS takes this Docker image stored in ECR and deploys it as a new version of our application in the runtime environment.

Automated and continuous service

Throughout this entire process, which may span from 8 to 12 minutes, contingent on the number of impacted services, our application never ceases to operate. The secret lies in our application of the Zero Downtime Deployments methodology—a strategy that facilitates implementing changes without disrupting service.

During the development process, the team gets notified through our internal Slack channels every time a new version gets successfully deployed to the work environments. This ensures that fellow developers can seamlessly proceed with their tasks, free from any downtime.

A serverless approach

Fargate is an option within ECS that provides a more simplified and "serverless" approach to running those containers.

In the traditional server-based model, managing infrastructure is a significant concern. However, with Fargate we get the scalability required to handle varying workloads, ensuring applications run without the need for manual intervention in server management.

The system dynamically adjusts resources based on metrics derived from resource usage. These metrics help predict and respond to changes in user demand and traffic.

The management of that traffic is handled by Application Load Balancer (ALB). ALB is a service within AWS that operates independently of ECS, providing an additional layer to efficiently distribute incoming requests among Fargate containers. It helps prevent bottlenecks by intelligently directing traffic, ensuring optimal performance and user experience.

Cloud providers vs. local management

Opting for a cloud provider brings numerous advantages over managing things locally. Cloud providers deliver scalable, reliable, and secure infrastructure services on-demand.

Additionally, AWS offers us a range of services, such as logging, data storage, networking, and security.

It’s important that we can gather information about how our app is performing, identify errors, and maintain records of every action. To achieve this, we leverage CloudWatch, a service that collects and stores all logs generated by our application or service. CloudWatch provides versatility with various precision filters and can be integrated with external services like Datadog.

To ensure a secure network for all the services within our application, we employ VPC (Virtual Private Cloud), establishing a small private cloud where all network configurations related to our app remain entirely private, except for the minimal globally required access.

For user data security, we store sensitive data using RDS (Relational Data Service). It's a self-managed and scalable database service that automatically applies security patches and updates to the database engine and scales based on demand, ensuring both versatility and security.

Another critical aspect involves accelerating information access and significantly improving application performance. Therefore, we employ ElastiCache (Redis), achieving these goals without compromising the security, scalability, and self-management standards we uphold.

In addition to the above, we believe it's essential to keep media (photos, videos, audio, documents, etc.) secure and easily accessible. To that end, we use S3 (Simple Storage Service), offering infinite scalability and security.

Infrastructure as Code (IaC)

Infrastructure as Code (IaC) is a key practice where the configuration and management of infrastructure are done through code. In the context of AWS, which is the cloud provider we mainly use, doing things with IaC offers multiple advantages:

  • It allows us to automate the consistent provisioning and management of infrastructure.
  • Ensures nearly identical replicated environments, reducing errors for each one.
  • Simplifies the management of scaling our infrastructure.
  • Enables the creation of numerous resources in shorter timeframes.
  • Tracks and version changes like code, fostering collaboration.
  • Guarantees consistent deployments across all work environments.

IaC enables the automation of these services, making it easier to deploy, scale, and manage infrastructure. In essence, IaC and cloud providers work hand-in-hand to streamline the development, deployment, and maintenance of robust and secure digital environments.

Consistent and purposeful work environments

Our development process incorporates distinct work environments, including development, staging, and production. These represent different stages in the software development life cycle, each with a specific role. Development is where new features and changes take shape, staging provides a controlled testing space, and production is the live environment accessible to users.

IaC enables us to replicate configurations reliably, ensuring that the development environment closely aligns with both the testing (staging) and production environments. This reproducibility minimizes errors and facilitates a smooth transition across the various stages.

Leveraging cloud-based services allows us to automate the creation and maintenance of these environments. The ability to monitor and manage performance, facilitated by services like CloudWatch, empowers us to adjust environments dynamically, responding to the evolving needs of our applications without compromising stability.

Lots of moving pieces, what about security?

Connecting these elements, our secure integration of numerous interconnected services is made possible through the implementation of Identity and Access Management (IAM)

IAM is a service that helps you securely control access to AWS resources by managing users, groups, and permissions. It ensures that users have the least amount of access necessary for their tasks, following the PoLP. This principle dictates that each user and service in a system should have the minimum access rights required to perform their functions, reducing potential security risks.

Secret Manager, on the other hand, is an AWS service designed to help you protect access to your applications, services, and IT resources without the upfront investment and ongoing maintenance costs of operating your infrastructure. It allows you to rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.

By harnessing the power of these advanced technologies, we ensure that your apps are robust, scalable, and secure, providing an optimal user experience from development to production.

At Z1, our commitment to mastering infrastructure management through AWS and leveraging Infrastructure as Code (IaC) sets the stage for seamless digital product deployment. By harnessing the power of these advanced technologies, we ensure that your apps are robust, scalable, and secure, providing an optimal user experience from development to production. Our automated processes, modular infrastructure, and zero downtime deployments not only streamline the launch but also maintain continuous service and security. Partner with us to elevate your digital product launch, and let Z1 manage the technical complexities while you focus on driving your business forward.