Metal Pay™ is a unique app that allows users to buy and sell cryptocurrency, trade crypto for other crypto, make payments to friends and send crypto to other users.
Case Scenario & Challenge
Metal Pay planned to expand its U.S. footprint to Ireland by rolling out its current solution to EU-based customers. As part of the new deployment, Metal Pay considered opportunities to optimize its AWS services including the following:
- Developing an optimal AWS services layout including AWS Organizations.
- Migrating from a self-managed Kubernetes KOPS cluster to AWS-managed EKS worker nodes and creating a CI/CD pipeline that automatically patched worker node EC2s and updated EKS Kubernetes versions.
- Updating and fixing the entire CI/CD pipeline process for all deployments from DEV to QA to PROD using the existing GitLab CI/CD infrastructure.
- Automating CI/CD integration and decoupling the micro-service CI/CD process and dependencies of helm charts to create efficiencies in deployments to each environment at reduced labor time and cost.
Challenge and Risk
Metal Pay had a multi-account structure on AWS with isolation between environments. The existing Metal Pay Production account was imported into the multi-account structure. Metal Pay was using EKS/Fargate as a Kubernetes platform with fully configured and functional clusters in the EU. Metal Pay needed Oak Rocket’s AWS migration expertise to deploy its solution in another region without affecting the existing platform.
Solution & Design
Oak Rocket proposed deployment and migration of AWS Organizations into Metal Pay’s cloud environment to facilitate the EU expansion.
AWS Organizations enables companies to centrally apply policy-based controls across multiple accounts in the AWS Cloud. Enterprises can consolidate all their AWS accounts into an organization and arrange all AWS accounts into distinct organizational units.
Oak Rocket provided services in a phased approach including:
A. Phase 0: Discovery and Architecture Alignment.
- Review the complete current architecture and propose target architecture model.
- Review Identity Access Management (“IAM”) roles and user credentials for all AWS accounts: Development, QA, and Production.
- Outline the execution plan with documentation and align on the target architecture
B. Phase 1: Multi Region deployment with Vault Integration
- Review the opportunities to refactor and enable a multi-regional functioning solution with focus around databases and message queues.
- Utilize Company’s newly created networking infrastructure provisioned three (3) regions: US-East- 1(Primary), EU-Central-1 (Secondary) and US-West-2 (Tertiary).
- Create EKS clusters for each environment in all three (3) regions using Terraform v1.0.6.
- Create a CI/CD pipeline for Company using the existing GitLab Runner for patching EKS EC2 worker nodes and updating EKS Kubernetes versions.
- Modify existing micro-service CI/CD pipeline to deploy 25 micro services to EKS to three (3) corresponding regions for DEV, QA, and PROD.
- Validate/develop manifest for each service so that it is deployed to one (1) of three (3) regions or all three (3) regions depending on if the service is a “Common Service” or a “Core Service.”
- Implement the solution across three environments (DEV/QA/PROD) in each region.
- Implement Terratests for all Terraform code created.
- Ensure GitLab CI/CD is deploying to selected micro-services for all regions for each environment.
- Assist with deploying and connecting micro-services to Vault, Aurora Global database, Redis and Kafka to ensure pods are getting tokens and gaining necessary access.
AWS Services in use
Third Party applications used
As a result of the project, Metal Pay expanded their use of AWS services and regions to accomplish a major step in its long-term strategic vision to make the cryptocurrency experience available to consumers in the EU. Metal Pay’s expanded use of automation and microservices created a secure platform with the agility needed to serve a dynamic market.
To ensure the long-term success of the Metal Pay team, Oak Rocket created documentation containing procedures of repeatable steps and diagrams that explained the process for migrating micro-services to EKS/Fargate and all other information regarding the target environment in conjunction with knowledge transfer sessions with Metal Pay’s IT team.
Metal Pay is from Metallicus.
Founded in 2016 in San Francisco, Metallicus believes that strong regulation, security, identity, and a simple customer experience are essential for integrating and scaling uses of digital assets and cryptocurrencies into financial services and economic activities. Metallicus builds compliant, secure technologies where banking, payroll and other financial and economic activities meld seamlessly with the world of cryptocurrencies, blockchain, DeFi and Web3. The company’s flagship products include the mobile apps Metal Pay and WebAuth as well as the Proton Blockchain, the only blockchain with Verified Decentralized Identity.