Amount (amount.com) is a Chicago-based financial technology company that is accelerating the world’s transition to digital financial services. Built on the AWS cloud, Amount makes digital financial experiences that align with the way consumers live, empowering banks and financial institutions with a cloud-based lending solution for personal loans, credit card payments, deposits, and point-of-sale lending. Amount’s platform seamlessly enables banks and financial institutions to traverse the digital divide, unify data, and gain insight to improve the consumer experience. This suite of turnkey solutions and Amount’s customizable interface enables established brands to accelerate digital transformation in a fraction of the time it would take banks and financial institutions to build similar in-house technology solutions. Amount began as a SaaS offering by Avant (avant.com), a leader in online consumer lending, to monetize its platform by working with financial institutions that are focused on adjacent, non-competing customer segments. In early 2020, Amount spun off from Avant to maximize access to capital, shareholder value, and growth opportunities
Spinning off Amount from Avant required a re-architecting of systems. The companies needed to separate their cloud infrastructure in order to enforce compliance requirements. Amount wanted to take advantage of the situation to build out a modern and enhanced cloud environment with appropriate governance and security. They also intended to develop a standard system to onboard new banking customers, and they saw the separation as an opportunity to identify outdated technology and processes and implement a host of modern DevOps best practices.
Cost analysis and cost management were nearly impossible when most of the resources were lumped into a single-payer account with no other organization. Even with resource tagging available, many AWS services were unable to be tagged at all, or were being shared (e.g., data transit costs).
In order to scale and avoid playing catch-up, the Amount team had already started to migrate EC2 instances to containers and move from single-node EC2-backed PostgreSQL to Aurora; the split became an opportunity to build on those successes.
Uturn worked with Amount to assess the current technologies they were using, the processes that delivered that technology, and the design of the AWS resources being deployed. Building on the trust developed between teams from their Architect-in-Residence engagement, Uturn worked on-site with the Amount team on the design and review of their infrastructure architecture and deployment design.
Originally built using the older single AWS account structure, this needed to be rearchitected to improve the speed of onboarding new partners while optimizing cost management. We introduced AWS Organizations to centrally manage policies across multiple AWS accounts. Additional implementations included: AWS Config, Amazon GuardDuty, AWS CloudTrail, and Amazon CloudWatch.
With the addition of new accounts, the service mix and access patterns required revision. Leveraging Infrastructure as Code, primarily with Terraform, Uturn delivered a global AWS networking solution including centralized ingress and egress with AWS Transit Gateway and provided an automated pattern that could add and remove accounts with appropriate routing rules using GitHub as a source control manager and GitOps processes.
In order to secure the expanded AWS IAM user-based access requirements and manage a large number of AWS Accounts, Uturn implemented automated provisioning of Okta SSO. The integrations included the creation of multiple per-account roles that could be used to control granular access for each Amount team based on the partner and environment.
During the discovery phase, it was determined that Amount’s previous application, deployed on ECS, should be migrated to a more modern, supportable EKS paradigm – a goal already planned for by Amount. Additional tools were also moved onto EKS, including Buildkite, their Continuous Integration tool, which was moved from EC2-based agents to EKS-based agents. Uturn also supported the migration of HashiCorp’s Vault to EKS for role-based secrets access for both personnel and applications.
We also reviewed data management. Much of Amount’s data previously relied on per-partner PostgreSQL instances, many on Aurora Posgtres, but with a difficult-to-move database still on EC2. Until the final instance was migrated, this created constraints for the Data Reliability Engineering and Data Services CI/CD processes.
Results and Benefits
Over the course of 6 months, Uturn has helped Amount transition seamlessly into an independent organization. Amount now has great visibility into specific workloads, with clear cost analysis of new and existing projects. We helped install a common process through DevOps enablement, and mitigated existing technical debt. Amount’s teams now follow the same patterns and processes within source control, continuous integration, continuous delivery, image builds, and managing the application helm charts for EKS.
The multi-account structure that was built using terraform resulted in moving from a single account to more than 40 accounts enabling Amount to provision new properly isolated environments in minutes. After the modification to the accounts, each partner has their own Production, Stage, and UAT environment accounts while shared services environments are used for centralized management and operations. Users can now get access granted to specific partner environments as needed, and the Amount finance department receives an exact cost per partner, or a more granular breakdown by application, workload, and service owner.
Amount has a clear understanding of their process moving forward. DevOps owns the traditional Development/Operations interface, working with the development teams to manage the application-deployment pipeline. Site Reliability Engineering (SRE) owns the infrastructure and the centralized tooling through the same patterns. Data Services (DS) owns the data engineering, modeling, and distribution.
Last but not least, the engagement allowed for continued AWS education and ongoing information sharing with Amount, which Uturn sees as key to the long-term utilization of DevOps practices throughout the client’s technical staff.