Transforming Trainstation: Enhancing AWS Operations and Platform Development for Optimal Performance
When Trainstation approached us, they faced significant challenges with their AWS operations and platform development. Lacking in-house developers, they needed robust support to improve and maintain their existing AWS-based platform, which was in poor condition. They also sought better insights into their platform usage and required a solution that was cost-effective, scalable, and secure. By partnering with Epical, Trainstation successfully transitioned to a new AWS Organization, enhanced their platform’s security and functionality, and gained valuable business insights, all while optimizing costs and ensuring high availability through the strategic use of serverless services.
The Challenge
When Trainstation came to us they had the following problems:
- Trainstation needed a partner to assist them with Operations of their AWS Accounts
- While they had an existing platform built on AWS the code was in a poor state. With no developers of their own they needed assistance with continued development of their platform.
- Assistance with development
- Trainstation wanted better insights into usage of their platform.
- Their platform needed to be cheap, scalable and secure.
The Solution
We moved their AWS Accounts to a brand-new AWS Organization managed by Epical. Service Control Policies were applied to the accounts to block undesired actions. Standard security services such as AWS CloudTrail, AWS GuardDuty, AWS Security Hub and Access Analyzer were activated for all accounts. User access for developers/management to the accounts was centralized to an AWS Identity Center setup.
Trainstation does not have any developer. Epical DevOps was brought in bought to improve the current state of the platform but also for the purposes of continued development. Together they work in an agile manner making continuous improvements to the platform.
Their platform was already built using Serverless services from AWS but had numerous security flaws. Epical DevOps refactored the code to use best practices. AWS CloudFront serves contents with AWS WAF protecting it. S3 is used for hosting files for the website. AWS API Gateway is used for API management with AWS Lambda Functions handling the requests. The Lambda Function code had to be rewritten, moving away from AWS IAM User Access Keys being stored as unencrypted environmental variables to using per-function IAM Roles. For storage a combination of DynamoDB, AWS S3 and RDS is used. Bitbucket Pipelines were set up for CI/CD purposes, utilizing OpenID Connect to access build IAM roles in AWS.
For insights, we utilize Amazon CloudWatch metrics and visualize them in Amazon QuickSight. CloudWatch provides detailed monitoring and logging for AWS resources, while QuickSight enables the creation and sharing of interactive dashboards. Additionally, we poll data from S3, RDS, and DynamoDB to further enhance visualizations in QuickSight, offering comprehensive insights into their data and operations.
With one of the requirements being low costs and high uptime, Serverless services were selected as a strategic solution to optimize resource management and scalability while ensuring minimal operational overhead. This allows the platform to scale based on usage with little to no effort from the development team.
Beyond saving money through the use of serverless services, we also migrated Trainstation's database workload from AWS RDS to AWS DynamoDB. Before the migration, we provided Trainstation with a cost forecast using the AWS Pricing Calculator to illustrate the cost differences between RDS and DynamoDB. Ultimately, this migration resulted in a 90% reduction for Trainstation.
The Outcome
- Easy administration of AWS by an AWS partner
- Access to development team proficient in AWS
- Clean rebuild of the service to rely on native AWS services using best practices
- Business insights via Quicksight Dashboards
- Low costs using Serverless services
- High uptime using Serverless services
What is Trainstation?
Trainstation is an open space for digital creation. They use digital tools in combination with psychological and pedagogical models to awaken dreams, create inner drive, and support people in both recognizing their own worth and creating unique value for others. Their philosophy is simple: be inspired by possibilities, challenged by tasks, and grow through experiences. While their services are mainly aimed at young people anyone can join. A goal for Trainstation is to give young people in exposed areas something to inspire them. Their services are therefore offered at physical locations in such areas.