TagB: A scalable parking and valet management system
Services: Managed Engineering Teams, AWS Managed Service WAF, Cloud Architecture Design, and Review
- Reduced downtime by almost 99% with a reduction in failure rate
- Manual process eliminated, MTTR improved 10X.
- 95% decrease in security incidents.
Tag B Group is a well-known transportation, parking, garage management, and valet service provider based in Washington, D.C. It wanted to create a scalable solution to maintain a full parking and valet management system for multiple users and vendors, with a focus on multi-tenancy, security, database, and infrastructure as a code.
- TagB encountered challenges in securing and maintaining availability for their web applications and APIs.
- Lack of a robust security system exposed the applications to potential cyber threats and malicious traffic.
- Absence of real-time visibility into user behavior hindered data-driven decision-making for business growth.
- Manual infrastructure management resulted in errors and inefficiencies in handling parking reservations and valet services.
- The client sought reliable and secure code and a highly available, cost-effective infrastructure as part of the solution.
Proposed Solution & Architecture
- Simform leveraged AWS WAF to implement a robust security system for TagB’s web applications and APIs. This allowed us to protect against potential cyber threats, such as DDoS attacks, SQL injection, and cross-site scripting (XSS).
- Implemented secure and robust microservices-based architecture for seamless third-party integration.
- Created a safe and reliable payment management system that allows users to add several payment methods.
- By configuring AWS WAF rules and filters, we ensured that only legitimate traffic was allowed to access TagB’s applications, preventing malicious traffic from reaching the servers.
- Our team implemented rate-based rules in AWS WAF to control the number of requests from individual IP addresses, safeguarding the applications from abusive behavior and potential overloads.
- Ensured data privacy and security with multi-tenancy support using AWS CloudFormation.
- With AWS WAF, we provided TagB with a flexible and scalable security solution that could adapt to their evolving business needs, ensuring a safe and reliable experience for their customers.
- To efficiently manage our infra with high availability and low budget, our experts have set up frontend service on CDN networking which are serving private Amazon S3 bucket data. The backend services are running on Amazon ECS service. Apart from that Amazon RDS is set up for data tier.
- Another concern was that of minimum budget utilization. We have implemented an AWS ECS service container as a service (CAAS) platform for resolving this issue. We have used AWS cloud formation for automation of all our network resources.
Metrics for Success
Our solution delivered the following results for our client:
- Improved scalability: With our automated infrastructure provisioning and management using AWS CloudFormation, our client was able to easily scale its infrastructure up or down based on demand.
- Faster and more reliable releases: Our CI/CD pipeline using AWS CodePipeline and AWS CodeDeploy enabled our client to deploy changes faster and with a lower risk of downtime. Mean time to recover (MTTR) increases by 10x with faster rollbacks.
- Proactive monitoring and issue resolution: Our monitoring and alerting using AWS CloudWatch enabled our client to proactively identify and address issues before they affected end-users.
- Successful multi-tenancy implementation: Secure and scalable architecture using AWS ECS, with dedicated containerized environments and isolated databases per tenant, ensuring efficient management and data security.
- Achieved 99.99% Uptime: With AWS WAF’s protection against DDoS attacks and web exploits, the application maintained exceptional uptime, ensuring continuous availability for end-users.
- Amazon RDS: Amazon RDS was employed to store application and user data, including user account information, parking lot information, license plate number recording, and so on.In Amazon RDS, restricted access has been kept for specific IP addresses for security purposes.
- Amazon ECS: Containerized APIs were developed and hosted in Amazon ECS With EC2, which can be used by front end applications.For delivering new modules and updates, Amazon Elastic Container Service (ECS) manages the application’s microservices backend. Examples include various modules and functionalities such as advanced parking booking, payment and refund administration, parking lot creation, etc.
- AWS Task Definition: Task definition gives commands to ECS; for example, each task will have certain configurations such as data volumes, memory utilization required, and the number of containers required.
- AWS WAF: Leveraged AWS WAF to protect against cyber threats, implemented rate-based rules, and ensured data privacy with multi-tenancy support for TagB’s security needs.
- AWS Lambda & Lambda Edge Security Headers: The main function of AWS Lambda function is to compress users’ profile pictures. Lambda edge security headers add a security layer when content is displayed using CloudFront from an S3 bucket. For example, several users will book parking spots from various places using the app, posing a significant security concern.
- S3 Bucket: Documents belonging to various users, such as administrators, customers, and clients, were stored in an S3 bucket. Clients of Tag B, for example, will have access to data on revenue tracking, parking spots, and booking slots. These individuals will register as customers on the site and will need to upload documents, which will be stored in S3.
- Amazon CloudFront: CloudFront was used to distribute static and dynamic content across the application front ends. It helped create customized user experiences and deliver content with high speed using its edge computing capabilities across multiple channels. CloudFront distribution, for example, pulls files from S3 and displays them in the front end, as indicated in the diagram. Also, it chooses and restricts access to particular information for specific people. For example, admin users can not access the company’s financial information.
- AWS SES & SNS: AWS SES is a service that sends emails to users. An email will be sent to the user after a successful registration with the application, for example. Alternatively, bills will be delivered through email after consumers make a payment. Users receive notifications from AWS SNS. Notifications for communications about offers, payment refunds, pass expiration, and other topics will be sent.
- Amazon ECR: Docker images were stored in Amazon Elastic Registry(ECR) for deployments.
- Application Load Balancer: In the case of multiple requests from different users worldwide, the application load balancer distributes traffic across various targets, such as EC2 instances of ECS containers in multiple availability zones.
- Monitoring: CloudWatch is used to keep track of infrastructure-related logs, metrics, and data, while CloudTrail is used to keep track of operational actions in AWS accounts.