Developing an end-to-end experience with service integrations

YLD utilised its expertise in cloud infrastructure and web application development to support Astrada in building a scalable, robust infrastructure.‍

Scalable Infrastructure

During our collaboration, we implemented services such as a payment network data product and a global payment network. Using Node.js and TypeScript, we developed and deployed these services on AWS Lambda through GitHub Actions, Terraform, and Atlantis, creating a robust, scalable solution ready to adapt to Astrada’s evolving needs.

Astrada wanted to migrate to Kubernetes, and we facilitated this transition by employing Docker images in AWS Lambda. Docker images provided consistent, portable, and isolated application environments, easing their migration to Kubernetes while enhancing developer experience (DevEx). Each release was tagged as an immutable Docker image, ensuring a seamless migration path to Kubernetes clusters. The integration of Docker's microservices compatibility, scaling capabilities, and CI/CD support enabled automated pull requests for vulnerability resolution and lifecycle maintenance.‍

Setting up a PCI-Compliant Environment‍

To meet PCI standards and global payment service compliance requirements, YLD collaborated with Astrada’s infrastructure team to design a secure, PCI-compliant environment. This involved redesigning systems and utilising Terraform to deploy secure infrastructure via GitHub Actions. A centralised tokenisation service was a key component, designed to ensure seamless PCI compliance.

Cryptographic measures were central to meeting PCI guidelines, ensuring tokens were irreversible, convergent, and rotatable. The infrastructure incorporated efficient APIs for ease of maintenance and advanced security features such as Hardware Security Modules (HSM). These measures reduced the risk of data breaches and ensured robust protection of sensitive payment data.‍

Enhancing developer efficiency

Astrada’s reliance on the Serverless framework presented challenges for their development workflows. Following PCI compliance, we aligned with Astrada's infrastructure team to use Terraform to build a new, complete process. Although we deployed it on GitHub Actions, all provisioning was performed via Terraform, which we also expanded into the developer side, automating infrastructure provisioning for application deployments and aligning processes with security and compliance requirements. GitHub Actions further streamlined CI/CD pipelines by automating pull requests for vulnerability management, improving lifecycle maintenance.

By adopting containerisation, we simplified application maintenance across teams. Using AWS Elastic Container Registry (ECR), we enabled vulnerability scanning to strengthen security processes. We also created and implemented design patterns, integrating them with the TokenEx application to support their delivery architecture.

YLD also guided Astrada in adopting Site Reliability Engineering (SRE) principles, including runbooks and fire drills, to enhance preparedness and minimise downtime. These practices improved consistency, reduced errors, and supported compliance, resulting in faster incident resolution and enhanced system reliability.‍

Building a secure tokenisation architecture (TokenEx)‍

YLD created a tokenisation service as the cornerstone of Astrada’s data security architecture. Built with the community edition of HashiCorp Vault and PostgreSQL on AWS RDS Aurora, the service was deployed to a Kubernetes cluster. This system exclusively stored encryption/decryption keys, enabling the secure transformation of Primary Account Numbers (PANs) into tokens.

The tokenisation service, deployed on AWS Lambda, operated within an isolated AWS account, incorporating traffic inspection, audit logging, and key rotation. This ensured tight control over key access, authenticated through trusted sources. The centralised service provided an SDK for secure data handling, abstracting sensitive operations and facilitating seamless key renewals. These measures reinforced data security and streamlined sensitive data processing across Astrada’s ecosystem.