Sadecemotor: Infrastructure Transformation with the Well-Architected Framework

Overview

As LimonCloud, we implemented the Well-Architected program to strengthen and optimize the infrastructure of Sadecemotor’s comprehensive digital platform for motorcycle enthusiasts. With the platform’s growth, the need for a secure, scalable, and high-performance infrastructure to accommodate increasing user traffic arose. To meet this need, we managed the transition to AWS within the framework of Well-Architected principles and designed a system focused on speed, security, and efficiency using modern cloud technologies.

Challenges and Requirements

The key issues identified in Sadecemotor’s existing infrastructure through the Well-Architected Program were as follows:

• DNS Provider Restrictions: Inability to set a CNAME record for the Load Balancer
• CDN Performance Issues: The need for an optimized CDN structure for global content distribution
• Workload in Container Architecture:  The customer faced excessive workload in managing clusters, node scaling, Kubernetes updates, and performance tuning on containers.
• Need for RabbitMQ, Aurora PostgreSQL, and OpenSearch: The necessity of leveraging fully managed services to reduce workload, enhance performance, and ensure high availability.
• CI/CD Processes: The requirement for fully automated CI/CD workflows to be managed entirely within the AWS environment for integration, speed, and flexibility
• Using External ALB with gRPC Services: A Load Balancer configuration compatible with the gRPC protocol was needed.
• System Vulnerabilities Against Potential Attacks: The need for a Web Application Firewall (WAF) to protect the system from potential attacks and security threats.

Solution and LimonCloud’s Contributions

To address these requirements, we transitioned to an AWS Best Practice architecture through the Well-Architected approach and implemented the following solutions:

• Migration to Route 53:  Route 53 is a reliable, fast, and highly available DNS service that integrates with the AWS ecosystem. It offers advanced features such as geographic routing, health checks, and global low-latency response times.
• CDN Migration to CloudFront:  CloudFront is a global content delivery network (CDN) that provides low latency and high data transfer speeds. It integrates with AWS to offer security (WAF, DDoS protection) and scalability.
• Migration to ECS:  ECS is a fully managed container orchestration service that offers deeper integration with the AWS ecosystem, reducing management costs and simplifying configurations.
  Compared to Kubernetes, ECS requires less management and maintenance, reducing operational costs and complexity.
• Migration of RabbitMQ to Amazon MQ:  Amazon MQ offloads the management of messaging infrastructure to AWS, reducing administrative burdens and ensuring high availability. Features such as automated backups and monitoring help mitigate operational risks.
  Amazon MQ was chosen to eliminate RabbitMQ’s management complexities and ensure high availability.
• Database Management with Aurora PostgreSQL:   Amazon Aurora is a PostgreSQL-compatible, high-performance, and automatically scalable database solution that optimizes database workloads and ensures 99.99% availability.
  Aurora PostgreSQL was selected to provide low latency, high performance, and cost optimization.
  Daily database backups are taken and retained for seven days.
• Migration from Elasticsearch to OpenSearch:  OpenSearch is AWS’s fully managed, secure, scalable, and flexible data analytics service. It maintains full compatibility with Elasticsearch.
  OpenSearch was preferred due to its full AWS integration and long-term support.
• CI/CD Processes with ECR, CodePipeline, CodeBuild, and CodeDeploy:  AWS CI/CD tools provide full automation, speed, and efficiency. Storing Docker images in ECR accelerates the continuous integration and delivery process.
  AWS’s CI/CD tools ensure that the entire software development lifecycle is managed within AWS, simplifying integration.
• Using External ALB for gRPC Services:  gRPC is a modern communication protocol offering low latency and high efficiency. External ALB is an AWS-compatible solution for managing gRPC requests.
  External ALB was chosen to leverage gRPC’s performance advantages and enable load balancing for external traffic.
  This architecture ensures applications are reliable, scalable, and high-performing while optimizing operational costs. Full integration with the AWS ecosystem simplifies management processes and establishes a more sustainable structure.
• AWS WAF (Web Application Firewall) Implementation:  WAF was implemented to protect the application from various security threats, including SQL injection, XSS (Cross-Site Scripting), DDoS (Distributed Denial of Service) attacks, and bot traffic.
  These types of attacks can slow down the system, lead to data breaches, and cause service disruptions. AWS WAF continuously monitors traffic and blocks malicious requests based on predefined security rules.
  Additionally, the rate limiting feature helps prevent bot attacks by restricting the number of requests within a given time frame, ensuring optimal application performance.

Results and Benefits

Through the AWS Well-Architected Program, the following benefits were achieved for Sadecemotor:

• Faster loading times and a low-latency service experience
• More efficient infrastructure management with reduced operational costs
• Enhanced security measures ensuring reliable and verified listing processes
• High scalability, allowing seamless service even with increasing user numbers

As LimonCloud, we have enabled Sadecemotor to provide its users with a more secure, fast, and scalable digital experience.