Implementation of a “Content Publishing Architecture” for Divine GmbH with AWS

The challenge

With its content publishing platforms, Divine supplies both large publishers and publishing groups with their own large marketing and IT departments as well as medium-sized customers and small publishers with little IT and infrastructure knowledge.

Adapting the Divine Platform IT infrastructure to accommodate rapid growth and future stability is challenging and places high demands on costs and scalability. Outages can cause lost revenue, so high availability and security are critical. In order to serve customer compliance, sensitive data must be protected from attacks and data breaches. Effective management and maintenance require expertise and resources.

One The biggest challenges for the infrastructure are integration with other systems and technologies as well as efficient processes for identifying and resolving problems and providing customer support.

Out of From a business perspective, in summary, the most important aspect is the fast, secure and automated provision of a high-performance infrastructure for customers and clients.

The solution: “Automated Infrastructure Provisioning”

Provision of the environment through AWS Organization and Control Tower

The entire environment is deployed via AWS Organization in combination with AWS Control Tower. The aim was to create a centrally available, multi-client capable and independent multi-account solution for Divine GmbH's customers.

Security and compliance framework

PROTOS Technologie GmbH worked with Divine to coordinate the necessary security and compliance framework. The AWS Best Practice specifications and the AWS Well-Architected Framework were used as a basis. Service control policies and GuardRail rules ensure that newly created member accounts comply with the specifications of AWS, Divine and ultimately the publisher and publisher customers.

Account automation with AWS Service Catalog and Cloudformation Stack Sets

Account automation works in conjunction with the AWS Service Catalog for provisioning and deploying Cloudformation Stack Sets. These generate the required CI/CD components within the member accounts. Terraform then uses the provided AWS pipelines to automatically provision the resources depending on the account.

Network configuration via the central infrastructure account

All necessary network configurations are covered via a centrally provided infrastructure account. The AWS Transit Gateway is used here, both for hybrid connections and for communication between the account-specific VPCs. Integrations with third-party providers that are not connected via API can be implemented at this point.

Firewall configuration and security functions in the infrastructure account

The firewall VPC (Virtual Private Cloud) configured in the infrastructure account takes over the functions “Intrusion Detection Systems” (IDS) and “Intrusion Prevention Systems” (IPS) via AWS Network Firewall and AWS Web Application Firewall Integration. The AWS Firewall Factory supports the central management of the configured rule sets for the AWS Network Firewall and the AWS Web Application Firewall.

Serverless and elastic cloud architectures

The high level of automation and potential of serverless/elastic cloud architectures are supported by the use of AWS Elastic Kubernetes Service (EKS), AWS Lambda in conjunction with AWS Step Functions. This architecture provides Divine customers with front ends and APIs with the highest reliability.

The advantages

Divine GmbH is able to provide their end customers with a state-of-the-art and secure multi-client platform solution based on AWS Managed Services. The cost-accurate and benefit-optimized billing per end customer in the -as-a-service model as well as the Compliance with the necessary compliance requirements creates transparency and trust with the end customers of Divine GmbH.