AWS Serverless Infrastructure set up

Customer Challenge

The client Cortevo Technologies is a company established and launched in Florida (US), founded in 2019. Cortevo has been providing IT solutions required for education systems to thrive. They are partnered with schools and mission-driven organizations to solve their technical problem and provides the solutions such as Educational Technology and Data Management, Identity and Access Management, Strategy and innovation to meet a wide range of needs. As part of the Identity and Access Management solution, Cortevo is required to provide an automated solution of creating and managing the Identity and Access to a wide range of customers. They needed an automated dynamic, secure and robust cloud infrastructure solution where their customers can easily create and manage the required identities in the Active Directory seamlessly. They are focusing on serverless, secure and fault tolerant AWS infrastructure to serve massive customer requests.

Proposed Solution

  1. To establish secured connectivity between AWS and On-premises Active directories
  2. Highly scalable and serverless solution to be designed for several types of customer traffic
  3. Creating the On-premises Active Directory users from AWS serverless infrastructure
  4. Customer-friendly multiple approaches for creating the Active Directory users and One login user.
  5. Dynamic Rules engine development for different customer configurations.
  6. Storing and retrieving the user details in the NoSQL DB solution.
  7. Continuous Integration and Continuous delivery.

Third-Party Applications or Solutions used

  1. Deploying a highly available and scalable Serverless infrastructure on AWS.
  2. Deploying the AWS Lambda functions under custom VPC.
  3. Implementing the solution to access S3 bucket objects only from the resources under the same VPC.
  4. Creating the Active Directory users using PowerShell from AWS Lambda.
  5. Creating One Login users from AWS Lambda.
  6. Establishing the connection between AWS Lambda and On-premises Active directory using WinRM session.
  7. Active Directory user creation by multiple approaches as per the customer requirement.
  8. Implementing the mailing solutions for the customer to send the required credentials using AWS SES.
  9. Implementing the solution to access processed objects in the S3 buckets from the custom domains from AWS API gateway
  10. NoSQL database solution for storing the user details using AWS DynamoDB.
  11. BitBucket as the source code repository.
  12. Continuous Integration and Continuous Delivery using AWS Code Build and Codepipeline.

How AWS was used as part of the solution

  1. Amazon EC2  
  2. VPC  
  3. Amazon API Gateway
  4. AWS Lambda
  5. Simple Storage service
  6. Amazon Route 53  
  7. Amazon DynamoDB
  8. AWS CodePipeline
  9. AWS CodeBuild
  10. Amazon SES
  11. Certificate Manager

Architecture Diagram and Designs

Download Approach
Download Approach
Direct Approach
Direct Approach
OneLogin Approach
OneLogin Approach
Endpoint Approach
Endpoint Approach
Rules engine software architecture
Rules engine software architecture
Rules engine cloud architecture
Rules engine cloud architecture

Outcomes/ Lessons Learned

  1. Automated the existing manual process of creating the Active Directory users through AWS infrastructure.
  2. We had a good understanding of tools like AWS Lambda, VPC, PowerShell, Active Directory, DynamoDB, BitBucket.
  3. We learned infrastructure automation using Lambda functions and following best practices while deploying resources.
  4. We have built a highly secure and robust infrastructure to handle massive traffic. We have provided the scalable and dynamic configuration structure for customer requirements.