Leher migrates to AWS

About the Customer

Leher provides tools to creators for hosting exclusive communities and conversations which they can monetize via tips, gifts & subscriptions. Leher also enables creators to engage their community outside of Leher, say on Telegram and Discord by providing tools and methods for Rewards & Gamification which is called Leher Lifafa. Leher Lifafa is an envelope of GEMS, an invaluable tool for creators to engage and reward their fan base for loyalty, for joining their Live rooms, completion of micro tasks etc, and its completely facilitated via Leher Gems.

Executive Summary

Leher AI is a creator engagement platform helping users grow, engage and monetize their community. The client wished to migrate their application and database to AWS’s secure and scalable architecture.

Challenges

Leher wished to migrate the application hosted in a prior cloud environment to a more secure and scalable architecture in AWS. All microservices were hosted on the Kubernetes cluster and exposed using an ingress controller. Microservices had a separate database. The databases used were Mongo, Redis, Cassandra & Google Big Query. Asynchronous communication was handled using Google Pub/Sub CDN. Third-party DB services, Atlas Mongo, were being used. This was a significant cost component.

Leher migrates to AWS

Solution

Solution provided by Comprinno is summarized below:

A fine-grained approach to identity and access control is introduced. Custom IAM policies are created with the least privileged access. Read & write access to resources is controlled using tags and resource arn. The Custom IAM policies are attached to respective IAM groups & roles. The access activity of users & roles is logged using AWS CloudTrail.

VPC mesh of public and private subnets is set up in AWS. Amazon EKS cluster and databases are deployed in private subnets in Amazon VPC. Database subnets do not have access to the internet owing to the restrictive configurations set up in the route table.

Microservices are migrated to the Amazon EKS cluster. AWS ALB Ingress Controller triggers the creation of an ALB and the necessary supporting AWS resources whenever a Kubernetes user declares an Ingress resource in the cluster. The Ingress resource uses the ALB to route HTTP(S) traffic to different endpoints within the cluster..

Data from erstwhile cloud Redis is migrated to AWS ElastiCache Redis. Amazon ElastiCache is a fully managed in-memory data store and cache service by Amazon Web Services. The service improves the performance of web applications by retrieving information from managed in-memory caches, instead of relying entirely on slower disk-based databases. Data from MongoDB in the earlier cloud environment is migrated to the Document DB cluster. Amazon Keyspaces (for Apache Cassandra) is a scalable, highly available, and managed Apache Cassandra–compatible database service.

All the security best practices are implemented to create a robust infrastructure on AWS.

An additional layer of security has been provided in the VPC through the use of Security Groups.

AWS Key Management System (KMS) is used for encrypting data as per the AES-256 standard. AWS SSO is used to centrally manage single sign-on access and user permissions across all the AWS accounts in AWS Organization. AWS IAM is used to provide access with least-privilege permissions. AWS GuardDuty and AWS Security Hub are used for security threat detection and monitoring.

AWS CloudTrail monitors and records account activity across AWS infrastructure, giving control over storage, analysis, and remediation actions.

All AWS Services logs are generated and stored in Amazon S3. Amazon S3 buckets associated with Amazon CloudTrail logs are configured to use the Object Lock feature in Compliance mode to prevent tampering with stored logs and meet regulatory compliance. Prometheus and Grafana are used for container monitoring.

All AWS Services logs are generated and stored in Amazon S3. Amazon S3 buckets associated with Amazon CloudTrail logs are configured to use the Object Lock feature in Compliance mode to prevent tampering with stored logs and meet regulatory compliance. Prometheus and Grafana are used for container monitoring.

AWS Config is used to assess, audit, and evaluate the configurations of AWS resources, to determine overall compliance against the guidelines.

Related Case Studies

Skill-Lync migrates to AWS from Digital Ocean
Skill-Lync offers industry-relevant advanced engineering courses for engineering students
Leher migrates to AWS
Leher provides tools to creators for hosting exclusive communities
ISO 27001 compliant architecture
ISO 27001 compliant AWS infrastructure architected by Comprinno
Secure AWS architecture with data localization
FinTech company allies with Comprinno to clear data localization audit
GigsBoard
GigsBoard migrates to AWS with assistance from Comprinno
Bigyellowfish Technologies
Bigyellowfish engages with Comprinno to conduct a Well-Architected Review
Klub
Klub fortifies its AWS Cloud infrastructure by partnering with Comprinno
Neural Hive
Neural Hive launches its cloud journey by partnering with AWS and Comprinno
AyuRythm
AyuRythm gears up for high demand volumes for its wellness app
FinTech case study
Asia’s largest Fintech company partners with Comprinno for a PCI DSS Compliant infrastructure
boAt
DynamoDB Cost Optimization For boAt
Portea
AWS inter-region migration in record time during Covid-19 lockdown period
MediBuddy
Cutting edge cloud technology solution for India’s leading healthcare service provider
Mantle Labs  
High-Speed Satellite Image Processing for a Partner Geobotanic AI Platform
LightMetrics
Distributed database that is optimized for Partner handling heavy workloads for an AI platform
Ephicacy
AWS Workspace-based virtual ofce for a global Clinical Research Organization (CRO)
CreditMantri
Secure CRM access to WFH telemarketer during Covid-19 lockdown