Executive Summary
SavvyMoney is an online tool that provides users with free access to their credit score, explains factors impacting it and gives suggestions on how it can be improved. The company aims to empower the control of financial health with easily understandable advice about credits and debits, help monitor the credit score according to the interest rates and provide users with more economic options.
Challenge
The application works with sensitive data of real users and limited access to it is required. On one hand, all passwords for database access, API tokens or any other sensitive configuration parameters for Production instances must be securely stored with limited access to them only by authorized personnel and removed from the application code level.
On the other hand, there must be a way for effective development and testing on QA and Staging Environments. That’s why the strict separation of application’s codebase from its configuration is required here.
Solution
The huge variety of AWS services for different cases was a key reason the SavvyMoney team chose to work with AWS. Two of them, AWS Systems Manager Parameter Store and CodeCommit, were used to overcome this challenge.
Microservice architecture is built in Java Spring Boot framework. Each microservice is a separate REST API that performs required business logic and is running on EC2 instance in the Autoscaling Group. Launch Configuration has attached the IAM role with read-only access to the parameter store. So any sensitive parameter is known only for the application on startup and there is no way to see it.
All sensitive configuration parameters from classic *.properties files are moved into the AWS Parameter Store and all *.property files with other parameters are moved into the CodeCommit. Spring Cloud Config service reads properties from CodeCommit, and REST API application calls Spring Cloud Config for required properties on startup or on-demand refresh. The access to Parameters store and CodeCommit have only authorized persons.
Secure and Effective Development without Access to Sensitive Data
The List of AWS Services
Element | Description |
CodeCommit AWS repository. It contains all properties of the application, except for sensitive such as DB passwords, etc. | |
AWS System Manager Parameter Store. It contains sensitive data such as DB passwords. | |
AWS IAM role attached to EC2 instance with permission to Read parameters from Parameter Store. | |
AWS IAM User that has permissions to edit records in the Parameter Store. The development team has these permissions for Sandbox/Beta env. Only account administrator has these permissions for PreProduction/Production. |
|
Restful API, Spring Boot 2 application launched an EC2 instance within the Autoscaling group. The startup app performs two actions:
|
Tools and Frameworks
The following AWS services were utilized:
- Systems Manager Parameter Store
- CodeCommit
- EC2 in Autoscaling Group with Launch Configurations
- IAM Roles
- Identity Access Management (IAM)
- Virtual Private Network (VPC)
Benefits
- No access to sensitive data for a development team in Parameter Store and no way to see it being logged on the EC2 instance.
- The application code is separate from configurations. The same application with the same codebase can be launched in different environments: Staging, QA, Production.
- Separation parameters storage on Parameter Store and Code Commit allows better security, handling, and maintenance.
- There is a possibility to reload parameters from Code Commit on the fly without application rebuild or restart.
- There is a possibility to reload parameters from Parameter Store without application rebuild. Restart is required.