Afreximbank’s infrastructure is running on AWS Cloud while leveraging multiple services of AWS like Elastic Compute Cloud to house the various VMs designated for different operations and applications of Afreximbank and provide secure and resizable compute capacity in the cloud.
Each EC2 instance is attached with the Elastic Block Storage Volume which is a highperformance block storage service designed for use with Amazon Elastic Compute Cloud (EC2) for both throughput and transaction intensive workloads at any scale. This duo of EC2 instances and EBS Volumes resides safely in the AWS Virtual Private Cloud which provisions a logically isolated section of the AWS Cloud where the resources were launched in a virtual network defined. There were primarily 2 subnets created, a public and a private subnet which in turn included different subnets for various applications and grouped VMs.
Afreximbank also used various other services of AWS like CloudTrail which is a service that enables governance, compliance, operational auditing, and risk auditing along with a service for monitoring and observability named Amazon CloudWatch. Amazon Relational Database Service (Amazon RDS) was used to set up, operate, and scale a relational database in the cloud hence providing cost-efficient and resizable capacity while automating timeconsuming administration tasks such as hardware provisioning, database setup, patching and backups. Along with RDS, Amazon Simple Storage Service (Amazon S3) was used which is an object storage service offering industry-leading scalability, data availability, security, and performance for the static contents of the application.
An Elastic Load Balancer was used to distribute incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions handling varying load of your application traffic across multiple Availability Zones. Amazon Elastic Container Service (Amazon ECS) which is a fully managed container orchestration service was used to run the most sensitive and mission critical applications because of its security, reliability, and scalability. Along with the above services, Amazon ElastiCache was implemented thereby allowing Afreximbank to seamlessly set up, run, and scale popular open-Source compatible in-memory data stores in the AWS cloud.
AWS Elastic Beanstalk was also used for the infrastructure architecture of Afreximbank for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. Along with the above-mentioned services, AWS CloudFormation was used to model and provision AWS and third-party application resources in the AWS cloud environment. AWS Lambda was used to run the application or backend service code without provisioning or managing servers as an optimization strategy for managing costs and paying for only the consumed compute time.
Apart from the above functional services, AWS Identity and Access Management (IAM) was used for the security purposed which enables Afreximbank to manage access to AWS services and resources securely. Using IAM, they can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources along with AWS Virtual Private Network (AWS VPN) to establish a secure and private encrypted tunnel from Afreximbank’s network or device to the AWS global network.
The resolution to the mentioned challenges was rendered via meticulous infrastructure designing phase with continuous communication with the concerned point of contact. Such customized infrastructure designs were created using numerous services of AWS which were compliant with both internal and external standards.
This was followed by the deployment phase post the concerned approvals. The deployment of High-Performance Computing Systems were distributed across multiple Availability zones, to ensure zero downtime and fault tolerance in real time. One such classic example of such a secure and fault tolerance system was the high-end connectivity establishment using AWS Direct Connect, whilst ensuring administration to the Core banking solution.