The solution:

As a centrally commissioned Professional Service Partner, PROTOS Technologie GmbH supported the planning, integration and transfer of the application to DevOps operation. In order to ensure a smooth process between all those involved, one of the main tasks was internal and external stakeholder management.

In addition, the existing customer organization was taken into account when creating and adapting processes. As a certified IT service provider according to ITIL, a continuously developed application cannot simply be handed over to the standardized processes. Instead, solutions had to be found within the framework of the existing processes in order to integrate a DevOps-based project into everyday company life.

In addition to organizational challenges, various IT infrastructure requirements had to be implemented. DB Regio Bus has been using the infrastructure-as-code framework Terraform for several years. Therefore, the entire infrastructure was mapped using Terraform and combined with the software versioning technology GIT to enable reproducibility, testability and automatic rollbacks. An advantage for the DB Regio Bus lies in the mapping of infrastructure as program code. Changes to the infrastructure code are made fully automatically using the AWS Developer Tools (AWS CodeCommit and AWS CodeDeploy) and can be stored and documented centrally. You are therefore no longer tied to the original programmers and enable independent work.

The use of Terraform enables portability of the infrastructure into different environments. As a result of best-practice approaches, a staging and production environment was provided in order to be able to test changes and new features of the application before rolling it out into the productive system.

In order to be able to roll out changes to the application automatically, the rollout for the frontend, backend and dedicated API was automated in the same way as the infrastructure and for both environments using AWS CodeCommit, AWS CodeBuild, AWS CodeDeploy and AWS Pipeline as a CI/CD pipeline. Unit and integration tests of the application artifact within the CI/CD pipeline are also automated.

In order to maintain compliance requirements of the Deutsche Bahn Group, requirements such as end-to-end encryption in transit and encryption of data at rest were taken into account when developing the infrastructure code. In addition, the “least privilege” principle would be implemented in connection with role-based access concepts. The logging implemented by PROTOS Technologie also ensured that access to S3 buckets, application logs and real-time monitoring are noticeable at all times. Corresponding alarms are generated and the log data is stored in an audit-proof manner in a dedicated AWS account.

AWS services were used for the infrastructure components, such as AWS Beanstalk in the application backend, Lambda functions in conjunction with AWS API Gateway for API requests, S3 in combination with CloudFront for delivering web content, and AWS Cognito as an authentication service for external access.

The development team of the external IT service provider has no direct access to the AWS account and the application components provided in it within the process described. However, the team is informed about the respective status of CodeBuild / CodeDeploy actions within the CI/CD pipelines for each deployment and can act in the event of an error depending on the status message. In addition, application events are transmitted in real-time via AWS Kinesis to the IT service provider’s AWS account to enable more effective debugging of the application.


Leave a Reply

Your email address will not be published. Required fields are marked *