Migration from Heroku to AWS
About Palace Skateboards
Palace Skateboards is a London-based skateboarding and clothing brand, established in 2009.
It has since expanded to include a distribution and POS presence in multiple regions around the globe, with an eCommerce platform and other web applications running in the cloud.
Palace operates a number of proprietary web services, built to support many Shopify online stores. The same group of services is responsible for managing product portfolios, stock & pricing and order fulfilment. Some workloads also serve static web content. These services all run on Heroku.
While Platform-as-a-Service (PaaS) vendors like Heroku offer a simple and convenient way to get started in the cloud, they do not typically allow customers control over specifics like networking, security, compute and certain environmental configurations. Consequently, Palace decided to migrate to AWS for greater control, though their lack of familiarity with Infrastructure-as-a-Service (IaaS) presented them with a challenge.
Palace approached Ubertas Consulting to provide migration consultancy as well as hands-on migration and modernisation of some of their incumbent workloads from Heroku to AWS. They also required enhanced security and networking.
Ubertas Consulting first conducted a series of requirement-gathering workshops, during which 5 distinct architecture patterns were identified: Slack integrations, static web content, dynamic web content, containerised API services, and webhooks.
A new set of AWS accounts was then created for Palace, providing separate accounts for pre-production and production environments, auditing and networking, and for services shared between accounts.
AWS security services (Security Hub, AWS Config, CloudTrail, GuardDuty) were deployed and configured across the new accounts, and a hub-and-spoke network was set up to allow authenticated traffic to securely transit between the accounts.
The 5 architecture patterns identified during requirements-gathering were then developed as modular, multi-environment Terraform projects, allowing each pattern to be re-used for future use cases. Command line tooling and CodePipeline CI/CD pipelines were added to each pattern.
Granular control of underlying infrastructure
Using the 5 bespoke architecture patterns, identified in collaboration with Ubertas Consulting, Palace are now able to confidently deploy IaC infrastructure whilst having full control of the resources deployed. A secondary benefit is that Palace will be able to freely evolve each pattern as they continue to modernise their workloads and cloud infrastructure.
With the development of the 5 Terraform patterns, the multi-environment CI/CD pipelines in CodePipeline and the ability to run single-command deploys from the command line (such as for DR purposes), deployment of AWS resources is now simpler than previous deployments to Heroku.
Improved scaling and resiliency
Auto-scaling multi-AZ ECS services, multi-AZ Aurora clusters and ElastiCache Redis provide elasticity and high availability. Terraform patterns are configurable per pattern and per environment, allowing Palace to easily convert from single-AZ static resources to multi-AZ auto-scaling ones.
Environments and business domains are now split into separate AWS accounts. Public and private VPC subnets ensure that private resources remain private, exposing only Application Load Balancers to public traffic. Between AWS IAM Identity Center (formerly AWS SSO), IAM roles and policies, unauthorised user actions are restricted across the estate.
AWS Security Hub provides a single pane for all security findings across the estate. Findings from other security services, such as CloudTrail, GuardDuty and others are surfaced with automatic severity scores and prioritisation, as well as remediation advice.
Improved cost and usage visibility
Consolidated costs for the whole estate can be easily dissected per service, per account or per environment, to name but 3 filters. AWS Budgets and alarms have been configured to ensure Palace are always aware of their spend.
Why Ubertas Consulting
Ubertas Consulting is a Cloud consultancy specialising in Amazon Web Services.
As an Advanced Partner, AWS Channel Reseller (Solution Provider Program) and Well-Architected Framework Program Partner, our mission is to assist companies drive innovation and build new capabilities through embracing Cloud-native technologies and modernising with Amazon Web Services (AWS).
Our consultancy services span the breadth of AWS technologies and range from advisory through to full implementation as we assist customers in applying the foundations of Well-Architected to migrate and operate their mission-critical workloads in the Cloud.