Architecture Improvements for a Startup

Prior to working at this company, I earned four AWS certifications and participated in several projects that required AWS knowledge, but nothing compared to what I achieved during my time here.

You might be wondering how I ended up collaborating on architecture and infrastructure, given that I was originally hired as a backend engineer. The truth is, I was extremely lucky. There were managerial changes within the company, and a few months after I started, a new CTO joined the team. We were also a pretty small team and always needed an extra pair of hands.

During a 1-on-1 with the CTO, we discussed hiring someone to help us with DevOps. I’m glad I had the courage to ask if I could assist with some related tasks. At that point, he didn’t know what I was capable of, but he took a chance and gave me the opportunity to work on something.

I remember initially offering to migrate our main application from EC2 servers to containers, as I had worked on dockerizing the app during my first months. Deploying our EC2 servers was a mess, and moving to containers would also improve scalability and availability. So, I got the green light and started working on it.

I’m really grateful that the CTO trusted me with the task of working on architecture and infrastructure. This was a real game-changer for my professional career. Below, you’ll find a list of contributions I made to the company in different areas like Observability, Cost Savings, Security, and DevOps, among others. They are not listed in any particular order, but the cost-saving initiatives are grouped at the bottom for easier reference.

The following posts tell the story of how I completed these challenges and significantly reduced billing.

Index⌗

[!attention] Not all posts are written yet, and my goal is to publish them as quickly as possible.

Observability⌗

• Grafana Implementation.
• Datadog Frontend Implementation.
• Datadog Backend Implementation.
• Uptime Kuma Implementation.

Security⌗

• Fraud Mitigation.
• CSRF Tokens implementation.
• Google reCaptcha Enterprise.
• WAF Implementation.
• Bot Control with Captcha.
• SQL Injection rules.
• Block requests based on Regex Patterns.
• Block Requests based on IP.
• Fraud Detection Panel on Grafana.
• Content Security Policies.
• Security - SSH Access from external Big Data Apps

DevOps & CI/CD⌗

• No Blame Culture.
• Cloudformation Implementation.
• Make Pattern.
• App Containerization.
• Pipelines.
• Trunk-based deployments.
• Feature Branch deployments.
• Hotfix Deployments.
• Docker Multi Stage Pipelines.
• Empowering our QA team in order to prevent our flow to production from getting stuck
• Empowering non technical users by allowing feature branch deployments from Slack
• Sonarqube.
• AB environment.
• Speed up the main website by implementing Image Transformations
• Varnish as an Easy Way to Boost Pagespeed with Incredible Results
• Improving Page Speed by Turning Vue.js Production Mode ON
• Early Fraud Detection with Slack Notifications

Cost Savings - Saving over 191k yearly.⌗

• Savings over $3,600 by Scheduling Feature Branch environments removal
• Saving over $3,000 yearly by Removing unused IP addresses
• Saving more than 80% in bandwidth costs by implementing a CDN - $13,192.32 yearly
• Saving $23,640 by just optimizing queries
• Saving $7,338 yearly by implementing OpenVPN
• Saving $8,220 and increasing high availability by migrating the main app to containers.
• $6,120 in savings by moving a database to the private subnet
• How I avoided the company to pay $100k yearly on Aurora RDS
• Saving over 26% in Compute Reserved Instances ($4,600 yearly)
• Saving 42% in RDS instances by Reserving Capacity - $16,240 yearly
• Saving $5,473 by Removing Redundant Application Load Balancers
• Total Costs Savings - over $191k Yearly.

These are a few of the remarkable stories I have collected during my time with the company, and they are proof of what we can achieve when willing to improve.