After migrating the workload from Heroku, the application was decoupled into microservices using Docker. Wellsheet, which used to be hosted in a single container in Heroku, could now have its backend functions deployed into multiple containers in Amazon Elastic Container Services (ECS) on EC2, using the compute-optimized c5.2xlarge instance type. Using CloudFormation, the workload was spread in private subnets over multiple availability zones in an Auto Scaling Group behind an Application Load Balancer in the North Virginia region for high availability in a three-tier VPC. IaC drift detection, built in-house, was configured to ensure that all infrastructure deployments and changes are standardized and made exclusively via CloudFormation.
The pipeline was orchestrated using CircleCI as the build server integrated with GitHub as the version control system. Cloud303 built the Docker image on CircleCI, pushed the Docker image to an Amazon Elastic Container Registry (ECR), and then deployed it to ECS on EC2.
Various forms of testing, such as unit, integration and UI layer tests, for all environments (dev, stage, prod) were implemented for the entire CI process, making software delivery smoother, faster and more predictable.
All testing of the application's backend was conducted in a development environment. Topic branches based off the main branch were used for feature and bug fixes. These feature branches isolate work in progress from the completed work in the main branch. Development and testing are isolated into stages to detect problems earlier, and feedback loops are faster, allowing for more efficient debugging.
ECS cluster auto scaling (CAS) was enabled to provide more control over the scaling of the EC2 instances within the cluster. The ECS Service was configured to send metrics to CloudWatch, which triggers an alarm to add more tasks to the ECS Service, with the capacity provider set up to target the autoscaling group.
As part of HIPAA compliance, the entire infrastructure was encrypted at rest and in transit. Encryption was managed with KMS-CMK, including automatic annual key rotation - a HIPAA requirement. Wellsheet also needed to access data from their partner hospitals in a secure fashion, so Cloud303 deployed Transit Gateway into a separate VPC, along with a Network Load Balancer, to ensure data remained in a private network and remained HIPAA-compliant.