Grupo Familia began its customer relationship strategy in 2001 when the internet took its first steps in Colombia. At the time, the challenge was creating customer relationships through valuable content. Grupo Familia worked under an on-premise architecture that did not cater to their needs and planned projection.
An essential requirement in this project is that the solution must be able to deliver production updates agilely, reliably, and recurringly, be resilient in case of deployment errors, and recover quickly with minimal manual intervention.
The improvement process was leveraged on a CI/CD strategy focused on automating the deployment of the value stream agilely and without manual intervention, both for deployments and to automate system recovery.
It focused on designing a technological architecture backed by a fully cloud-based infrastructure that would allow for continuous adjustment and smoothly meet the growing demand for features and users.
The architecture is decoupled and based on microservices and micro-frontends, making the best use of the cloud from its different services, such as IaaS, PaaS, and SaaS. We could align processes, data, tools, and infrastructure and standardize integrations with third parties.
As a mainstay of the solution, a DevOps model leveraged on CI/CD was implemented with tools such as Jenkins. It deploys different business initiatives at optimum times, infrastructure as code with Terraform, and services such as AWS EKS with containers oriented toward elastic and scalable microservices according to traffic needs, thus favoring business continuity.
For backend solutions, which are built with Java SpringBoot and containerized with Docker, the pipelines include seven stages (Initialize, Get Code, Build Code, Unit Tests, Code Analysis, Build/Publish Image, and Deploy) and a final process to detect failures in the implementation.
In case of an error in the deployment process, a notification informs of the error so that it can be validated and corrected.
For backend tests, two types are performed: the QA team performs automated black box tests with Postman, with multiple tested scenarios, and the unit of the backend team delivers tests with a minimum coverage of 80%, evaluated by the SonarQube tool.
The IaC is implemented through Terraform using a module strategy to segment the infrastructure of each client site. The code is stored within a repository in GitLab.
By monitoring the solution with services such as AWS CloudWatch and AWS OpenSearch, preventive actions can be taken based on valuable metrics that help resources become cost-efficient.
Third-party applications or solutions
How AWS is used as part of the solution:
Presentation layer CloudFront delivers web content to end users with low latency and high transmission speeds. WAF is a web application firewall to monitor HTTP and HTTPS requests forwarded to CloudFront and the API Gateway. S3 is an object storage service that guarantees scalability, high availability, security, and performance. There we store each of the micro-frontends that make up the brand site.
Business layer API Gateway allows publishing services deployed in AWS infrastructure contained in a private security group. Through VPC LINK with the EKS balancer, we expose all our backend endpoints, taking advantage of the Cognito integration to authorize. Elastic Load Balancing distributes network or application traffic exposed as ingress by the EKS to ensure high availability.
Lambda runs function code. We use it for native integrations with services such as Cognito and SES. EKS is a self-managed, high-performance, scalable orchestration service for containers that runs and scales containerized applications on AWS. We deploy the entire business core of the solution, divided by business domains. Elasticache is an AWS service implemented to manage the cache in the solution.
Data layer Cognito: We create a user pool for each brand portal and migrate all user credentials there, improving their security and custody. RDS MYSQL:For each brand portal, a database was created, making them independent. Network: VPN is part of the security policies for access to all AWS services.
Content deliveries were achieved in less than an hour, reducing the time by approximately 80%.
Component deployments in AWS EKS within 10 minutes per microservice, improving delivery time by approximately one day compared to the previous legacy solution.
Another problem solved was the capacity we obtained from system recovery due to deployment failures by implementing infrastructure as code. Now, we have the entire site back on the air in just one hour and not several hours or days, as was the case with the previous architecture.