π Achievements
- πΈ 60%+ cluster cost reduction via Karpenter autoscaling + Spot instances on non-prod environments
- π 4 environments, 15+ microservices across multiple AWS accounts and regions, all reproducible via Terraform
- π‘οΈ Full production reliability: automated rollbacks, real-time Slack alerts, latency/5XX dashboards
- π Enabled mobile, backend, and frontend teams to ship independently via isolated CI/CD pipelines
Client story
The client was building a Facebook-like social media platform.
They needed a secure, multi-account AWS platform: multi-environment deployments across regions, granular IAM access, clear documentation, DR readiness, and cost visibility.
On top of that, the platform had to be fully automated and scalable, with standardized environments, centralized observability, and end-to-end CI/CD for backend, serverless, and mobile apps, so releases could ship fast.
And finally, high production reliability: safe deployments, automatic rollbacks, real-time alerts, and enough visibility to keep a global social app stable.
Solution Used
- Multi-environment AWS platform management: granular IAM, cross-team access policies, documentation, DR procedures, and cost reporting for a distributed international team.
- Automated provisioning across several AWS accounts and regions with Terraform IaC and custom modules (VPC, Route53, S3, SNS/SQS, SES, OpenVPN, EKS, ECS), following remote state, versioning, modular design, and pipeline-driven deployments.
- Operated and optimized multiple EKS clusters: node groups, Karpenter autoscaling, Metrics Server, Secrets/ConfigMaps, NGINX Ingress, ALB Ingress, CSI drivers, AWS Container Insights, plus full observability via Prometheus and Grafana with Helm charts.
- Built end-to-end CI/CD pipelines for microservices (ECS/EKS), AWS Lambda, and mobile apps using GitLab CI with autoscaled EC2 runners and GitLab-managed macOS runners: caching, merge trains, release automation, integration testing with Docker, SonarQube, Slack, Jira, and Allure integrations, plus Helm-based deployments from a centralized deployment repo.
Kept ECS/EKS microservices reliable with safe deployments, automated rollbacks, Slack alerts, and monitoring dashboards for latency, 5XX errors, and JVM metrics, using Prometheus, Grafana, CloudWatch (dashboards, Log Insights, alarms), FluentD, FluentBit, Istio, and Kiali.
Architecture Overview
Code Organization
There were multiple environments, all following the gitflow branching and release strategy. GitLab CI handled the CI/CD pipelines.
SonarQube was integrated into the pipeline for code quality checks.
The infrastructure was entirely written in Terraform, using custom modules.
For simplicityβs sake, the chart below only shows production.
Infrastructure Chart
