Introducing our brand new AWS Launchpad. Be up and running in days. 70% less setup cost. Learn More

Home / Case Studies / Lovinmalta

Scaling WordPress sites using Amazon ECS.

About the customer

Lovinmalta is one of the leading news portals on the Maltese Islands. The portal also acts as an alternative guide to Malta and Gozo – celebrating the Maltese islands, their food and the people who shape them.

The Challenge

The challenge with Lovinmalta involved very tight project deadlines as well as the possibility of very fast surges of visitors when there is breaking news. The portal commonly has 5 to 10x traffic surges within a few minutes of breaking news. Since, for cost saving reasons, having a large pool of servers waiting for such traffic surges was not possible or ideal, another solution had to be found.

The Solution

Lovinmalta and 56Bit, decided to solve this issue by eliminating the need to do any significant predictions in the first place. By using AWS’s very mature, and ever-growing portfolio of container orchestration products we were able to provide a highly redundant, scalable and secure system whilst fully controlling costs.

Why AWS?

After evaluating various options, AWS was chosen as the public cloud provider of choice. The reason was not just based on costs, which were considerably less when compared like with like, but also the maturity, scalability potential and unparalleled feature set provided by the AWS service portfolio.

Why 56Bit?

56Bit provides peace of mind to technology-driven business through best-in-class cloud solutions. Lovinmalta, whose core business is totally dependent on the underlying technology required an experienced partner with profound knowledge on serverless technologies that could deliver a high-quality service on time and within budget. Lovinmalta teamed up with 56Bit to consult, design, build and maintain this platform, working hand-in-hand with the software development team.

Solution Details

The solution is based on the AWS Well-Architected Framework and includes the following components (see Figure 1 below):

CONTAINERIZED COMPUTE

Amazon ECS is used to orchestrate the containerized backend logic and frontend dynamic html logic. All containers, connected to VPCs, are run on multiple AZs to ensure high availability and maximum scalability. Very aggressive and strict scaling policies are used to scale the underlying EC2 hosts and the overlying containers. Multiple lambda functions are also used for internal tasks such as Development and Staging environment switch on and off which is key to reducing costs.

FULLY MANAGED SQL DATABASE

Amazon RDS (Aurora engine with MySQL compatibility) was chosen to host a fully managed cluster of MySQL servers on multiple availability zones.

SERVERLESS STORAGE

Amazon S3 is used as a static file storage system. Considering it was designed with 99.99% availability and 99.999999999% (that’s 11 x 9s!) durability, the decision was easy. Multiple buckets, some fronted by the Amazon CloudFront CDN are used for image hosting, logging and other miscellaneous uses.

SERVERLESS SECURITY AND COMPLIANCE

  • The system uses multiple AWS accounts, one for each of the Staging and Production environments. Another account acts as the master account with centralized billing, DNS, Single-Sign On, etc. Finally, 2 accounts are used for security logging, with one account acting as a black hole (i.e. an immutable highly secure dump of security logs) and another acting as a single pane of glass for everything security related.
  • Security logging is handled using AWS Config, AWS CloudWatch and AWS CloudTrail. The above accounts are provisioned using AWS Control Tower, which creates the AWS Organization, an SSO entry point, an AWS Account factory (using AWS Service Catalog), as well as a number of Guardrails to protect the accounts from unintended changes. All management users are assigned MFA-backed credentials onto the SSO endpoint which in turn provides role-based temporary access to the different accounts.
  • AWS Guardduty provides intelligent threat detection and AWS Security Hub acts a single pane of glass for security alerts and notifications.
  • All system components are deployed in private VPCs.
  • Non-public S3 buckets are encrypted with strong cryptographic keys (AES256) managed by AWS KMS. All data is encrypted at rest and in transit with TLS-enabled network protocols. Even the backups and its transfer to a second physical location are encrypted. All secrets like database passwords are encrypted and stored in a highly available and secure secrets vault provided by AWS Parameter Store (a sub-service of AWS Systems Manager) and automatically injected into ECS for consumption. PKI Certificates are provisioned using AWS Certificate Manager.

SERVERLESS DEPLOYMENT AND ORCHESTRATION

  • The infrastructure was fully built using CloudFormation, which is released using a CI/CD pipeline built on top of the AWS Code family of products (Codecommit, Codebuild, Codepipeline).
  • This Infrastructure as Code passes through the full commit-build-test-deploy lifecycle, incorporating the staging and production environments. The backend and frontend code bases also pass through multiple CI/CD pipelines, built using similar infrastructure.
  • Environment separation is implemented by using completely independent VPCs in different AWS accounts. New releases can always be tested in a staging environment, where unit and integration tests along with load and stress tests can be conducted by the same testing suite. This mitigates the risk of unexpected functional changes and performance degradation. The master account serves as a CI/CD single pane of glass for the teams working on the project, whilst cross-account IAM roles enable the pipelines to test, build and deploy code in different AWS accounts.

Possible future improvements

IMPLEMENT A DISASTER RECOVERY (DR) SOLUTION THAT HANDLES REGION-WIDE FAILURES.

Whilst the system is already highly-available, since everything runs in multiple AZs, this can be improved further with a cross-region solution. It will not be very hard to move to another region, since everything is implemented using IaC.

IMPLEMENT DATABASE CACHING

At the moment we do not envisage the need for database caching, but a database caching layer can easily be spun up using AWS Elasticache (Redis) to add a very fast caching layer between the ECS compute and the RDS database. This will increase performance, reduce database hosting costs and decouple the architecture even further.

GO COMPLETELY SERVERLESS

Moving to AWS Fargate (for ECS) and using Aurora Serverless (for Mysql) would remove all manual management of the underlying servers and provide us with the space to focus on improving and monitoring the infrastructure.

Reach out to us for additional information.
Get in Touch
Related

You might also be
Interested IN:

Prev: The power of Windows on AWS
Next: Sportradar Time System

We have a proven track record of success .

“We recently completed an AWS architecture review with 56Bit, and I must say, the experience exceeded our expectations. From start to finish, the team at 56Bit demonstrated exceptional technical expertise and a deep understanding of AWS best practices. The review was thorough and covered all critical aspects of our infrastructure, including security, scalability, performance optimisation, and cost-efficiency. They provided clear recommendations tailored to our specific needs, and their actionable insights have already helped us make improvements in key areas. Communication throughout the process was seamless. The 56Bit team was responsive, collaborative, and took the time to explain complex concepts in an easy-to-understand manner.”
Paul Mercieca Head of Engineering at SpinBet.
“We have found 56Bit to be an excellent partner in building our AWS environments, all work was on time and they have advised us very professionally on what we required.”
Francesco Mifsud Director at Cybergate International
“From the very first minutes of cooperation between my Company and 56Bit it was nice, professional and smooth. Even though our Legal department had some remarks after contract review 56Bit has stayed flexible and we managed to sign it. Their consultants are very experienced and professional, during the booked session we purely focused on my Company's needs which I wanted to address. Additionally I would like to mention that they do not insist and they understand that some of our internal processes need time. I would recommend them to any other Company which needs professional AWS consultancy.”
Pawel Slotorsz Technical Operations Manager at ComeOn.
Highly competent delivery that demonstrated a fundamental understanding that only comes from experience. All current project work being delivered on time and using high quality solutions. Well organised and professional.
Scott Dunbar Global Head DevOps Engineering at Sportradar
Good understanding of our requirements and clean implementation.
Mujahid Rupani CTO at 365Squared

Testimonials

The power of Windows on AWSSportradar Time System