About Client
Managing AWS Environment
Wine-Searcher is a web search engine that helps find the price and availability of any wine, whiskey, spirit, or beer worldwide. It has been in operation since 1999 and has offices in New Zealand and the UK. They provide an easy-to-use search engine, price comparison tools, an extensive database of wines and spirits, an encyclopedia, and news pages that aim to provide all “wine-finding” needs.
- https://www.wine-searcher.com/
- Location: New Zealand & UK
Project Background
As part of their plan to launch a full suite of digital products, Wine-Searcher chose AWS as their cloud environment. Strategic resource allocation and cost optimization are critical to ensure a cost-effective operation. Peritos helped as the reliable AWS partner on AWS Cost Explorer and AWS Budgets, like valuable tools for implementing ongoing discounted billing. Furthermore, leveraging reserved instances and spot instances and optimizing usage based on peak hours and demand patterns can result in significant cost savings. Experts from the Peritos team helped regularly monitor and fine-tune the AWS environment based on Winesearcher’s needs, allowing for continuous optimization while adhering to budgetary constraints and maintaining the required scalability and performance for their operations.
Scope & Requirement for Managing AWS Environment
In the 1st Phase of the AWS Environment Setup, implementation was discussed as follows:
- Manage Billing
- Value added services
- Handling Complex environments
- Multiple AWS invoices
- Cost Optimization
- Cloud security optimization
Implementation
Technology and Architecture of Managing AWS Environment
Furthermore, Read on the key components that defined the Architecture for managing the AWS Environment Setup for Wine-Searcher
Technology/ Services used
We used AWS services and helped them to setup below
- Cloud: AWS
- Organization setup: Control tower
- AWS SSO for authentication using existing AzureAD credentials
- Policies setup: Created AWS service control policies
- Templates created for using common AWS services
Security & Compliance:
- Tagging Policies
- AWS config for compliance checks
- NIST compliance
- Guardrails
- Security Hub
Network Architecture
- Site to Site VPN Architecture using Transit Gateway
- Distributed AWS Network Firewall
- Monitoring with Cloud Watch and VPC flow logs.
Backup and Recovery
- Cloud systems and components used followed AWS’s well-architected framework, and the resources were all Multi-zone availability with uptime of 99.99% or more.
Cost Optimization
- Alerts and notifications are configured in the AWS cost
Code Management, Deployment
Cloudformation scripts for creating stack sets and scripts for generating AWS services were handed over to the client
Challenges in Implementing Managing AWS Environment
- Collate all accounts together
- Understand and agree on how the account would be managed under the distribution model
Support
- One month of extended support
- A template for Cloud formation stack to create more AWS resources using the available stacks
- Screen-sharing sessions with demos of how the services and new workloads can be deployed.
Next Phase
We are now looking at the next phase of the project, which involves:
- Implementing a control tower for the client.
About Client
AWS Compute & High-performance Computing
Tonkin + Taylor is New Zealand’s leading environment and engineering consultancy with offices located globally. They shape interfaces between people and the environment, which includes earth, water, and air. Additionally, They have won awards like the Beaton Client Choice Award for Best Provider to Government and Community-2022 and the IPWEA Award for Excellence in Water Projects for the Papakura Water Treatment Plan- 2021.
- https://www.tonkintaylor.co.nz/
- Location: New Zealand
Project Background
Tonkin + Taylor were embarking on launching a full suite of digital products and zeroed upon AWS as their choice for a cloud environment. Moreover, They wanted to accelerate their digital transformation and add more excellent business value through AWS Development Environment best practices. To achieve all this, we needed to configure AWS Compute & High-Performance Computing, following best practices and meeting compliance standards, which can serve as a foundation for implementing more applications. Furthermore, The AWS Lake House is a central data hub that consolidates data from various sources and caters to all applications and users. It can quickly identify and integrate any data source. The data goes through a meticulous 3-stage refining process: Landing, Raw, and Transformed. Additionally, After the refinement process, it is added to the data catalog and is readily available for consumption through a relational database.
Scope & Requirement for AWS Compute & High Performance Computing
The 1st Phase of the AWS Environment Setup discussed implementation as follows:
- Implement Data Lakehouse on AWS
Implementation
Technology and Architecture of AWS Compute & High Performance Computing
The 1st Phase of the AWS Environment Setup discussed implementation as follows:
Technology/ Services used
We used AWS services and helped them to setup below
- Cloud: AWS
- Organization setup: Control tower
- AWS SSO for authentication using existing AzureAD credentials
- Policies setup: Created AWS service control policies
- Templates created for using common AWS services
Security & Compliance:
- Tagging Policies
- AWS config for compliance checks
- NIST compliance
- Guardrails
- Security Hub
Network Architecture
- Site to Site VPN Architecture using Transit Gateway
- Distributed AWS Network Firewall
- Monitoring with Cloud Watch and VPC flow logs.
Backup and Recovery
Cloud systems and components used followed AWS’s well-Architected framework and the resources were all Multi-zone availability with uptime of 99.99% or more.
Cost Optimization
Alerts and notifications are configured in the AWS cost
Code Management, Deployment
Cloudformation scripts for creating stacksets and scripts for generating AWS services was handed over to the client
AWS Compute & High Performance Computing Challenges & Solutions
- Diverse data sources- Data Analytics and cleaning up and integration patterns to pull data from different data sources
- On-premise data connection to data lake migration- Site-to-site Secure AWS connection was implemented
- Templatized format for creating pipelines- Created scripts of specific format, Deployment scripts, and CI CD scripts
Support
Providing ongoing support as we are a dedicated development partner for the client
Next Phase
We are now looking at the next phase of the project, which involves:
- API and file-based data sources to be added
- Process data to be used in different applications for ingesting in other applications
About Client
AWS Support Services-Digital Tribe is the United Arab Emirates’s leading full-scale Digital Marketing agency in Dubai, enabling brands to grow online. Digital Tribe creates robust websites, web applications, branding, content, and digital marketing experiences. It is an agency that delves deep into the details of every sector.
- https://digitaltribe.ae/
- Location: United Arab Emirates
Project Background
Digital Tribe were embarking on the journey of launching a full suite of digital product and zeroed upon AWS as their choice for a cloud environment. They wanted to create new applications and migrate to cloud services to improve their scalability, ensure availability, minimize latency, and reduce costs. They also wanted to accelerate their digital transformation and add more excellent business value through AWS Development Environment best practices. Lastly, with the new apps, they wanted to monetize and create SAAS-based offerings for the end users. For all this, it was necessary to do AWS Environment Setup, which follows best practices and meets compliance which can be used as a base for implementing more applications.
Scope & Requirement
In the 1st Phase of the AWS Environment Setup, implementation was discussed as follows:
- Setting up AWS environment for multi-account, Multi environment setup
- Ensure that all AWS accounts follow the same policies and adhere to all legal and regulatory compliance.
- Setup connectivity between different AWS accounts and on-prem network
- Setup AWS security hub to provide a comprehensive view of the security state
Implementation
Technology and Architecture
Technology/ Services used
We used AWS services and helped them to setup below
- Cloud: AWS
- Organization setup: Control tower
- AWS SSO for authentication using existing AzureAD credentials
- Policies setup: Created AWS service control policies
- Templates created for using common AWS services
Security & Compliance:
- Tagging Policies
- AWS config for compliance checks
- NIST compliance
- Guardrails
- Security Hub
Network Architecture
- Site to Site VPN Architecture using Transit Gateway
- Distributed AWS Network Firewall
- Monitoring with Cloud Watch and VPC flow logs.
Backup and Recovery
Cloud systems and components used followed AWS’s well-Architected framework and the resources were all Multi-zone availability with uptime of 99.99% or more.
Cost Optimization
- Alerts and notifications are configured in the AWS cost
Code Management, Deployment
Cloudformation scripts for creating stacksets and scripts for generating AWS services was handed over to the client
Challenges
- Mobile app should be scalable
- Multi Language support required
- It was a bit of a challenge to ensure the new environment meets all of the compliance criteria and still remain cost effective
Support
- 1 month of extended support
- A template for Cloud formation stack to create more AWS resources using the available stacks
- Screen-sharing sessions with a demo of how the services and new workloads can be deployed.
Next Phase
Ongoing support for AWS Review, Design, and Architecture Setup
About Client
AWS Environment Setup
Tonkin + Taylor is New Zealand’s leading environment and engineering consultancy with offices located globally. They shape interfaces between people and the environment which includes earth, water and air. They have won awards like Beaton Client Choice Award for Best Provider to Government and Community-2022 and IPWEA Award for Excellence in Water Projects for the Papakura Water Treatment Plan- 2021.
- https://www.tonkintaylor.co.nz/
- Location: New Zealand
Project Background
Tonkin + Taylor were embarking on the journey for launching a full suite of digital product and zeroed upon AWS as thier choice for cloud environment. They wanted to create new applications and migrate to cloud services to improve their scalability, ensure availability, minimize latency and reduce costs. They were also looking to accelerate their digital transformation and add greater business value through AWS Development Environment best practices. Lastly with the new apps they wanted to monetize and create SAAS based offerings for the end users. For all this it was needed to do AWS Environment Setup which follows best practices and meets compliance which can be used as a base for implementing more applications.
Scope & Requirement
In the 1st Phase of the AWS Environment Setup, implementation was discussed as follows:
- Setting up AWS environment for multi account, Multi environment setup
- Ensure the all AWS accounts follow same set of policies and adhering to all legal and regulatory compliance.
- Setup connectivity between different AWS accounts and on-prem network
- Setup AWS security hub to provide a comprehensive view of security state
- The Tonkin + Taylor On-Premise to Cloud Migration project aims to modernize and optimize the company’s IT infrastructure by migrating its existing on-premise systems to a cloud-based environment. The key objectives include reducing operational costs, enhancing scalability, improving system performance, and ensuring business continuity through a secure, reliable, and accessible cloud platform.
Implementation
Technology and Architecture
Read more on the key components which defined the Architecture for AWS Environment Setup for Tonkin + Taylor
Technology/ Services used
- We used AWS services and helped them to setup below
- Cloud: AWS
- Organization setup: Control tower
- AWS SSO for authentication using existing AzureAD credentials
- Policies setup: Created AWS service control policies
- Templates created for using common AWS services
Security & Compliance:
- Tagging Policies
- AWS config for compliance checks
- NIST compliance
- Guardrails
- Security Hub
Network Architecture
- Site to Site VPN Architecture using Transit Gateway
- Distributed AWS Network Firewall
- Monitoring with Cloud Watch and VPC flow logs.
Backup and Recovery
Cloud systems and components used followed AWS’s well-Architected framework and the resources were all Multi-zone availability with uptime of 99.99% or more.
Cost Optimization
Alerts and notifications are configured in the AWS cost
Code Management, Deployment
Cloudformation scripts for creating stacksets and scripts for generating AWS services was handed over to the client
Challenges of AWS Environment Setup
- It was a bit of a challenge to ensure the new environment meets all of the compliance criteria and still remain cost effective.
- As per best practices we need to have a set of Unique machines and each may need to have its own VPC but that may incur a cost to the client. So we discussed and agreed for a specific 75% to be achieved which would be deemed as acceptable
- We have some non compliance being generated by standard AWS services
- We got below feedback from AWS support . “It was reported that there are some policies and roles which are created by control tower and are created using best practices and there is no harm or security issue which arises it. Sometimes the conformance pack you use does shows the by default created policies to be non-compliant and you can ignore that for the time being. To make it compliant we have to either delete or the modify these roles/policies and since these roles and policies managed by the Control Tower, it is recommended not to manually update/delete the roles attached. Diving deeper into the issue, I could refer that the Control Tower managed artifacts feature heavily on the compliance failure list and there is no way to specifically exclude Control Tower managed artifacts from the compliance checking. Checking further with the internal team, I found that they are aware of the issue and there has been an ongoing feature request to exclude Control Tower managed artifacts from the compliance checking to avoid these such security findings. ” So based on this feedback we ensured to make a note that the non compliance being shown may not be an accurate one and these would be treated as exceptions.
Support
- 1 month extended support
- A template for Cloud formation stack to create more AWS resources using the available stacks
- Screen sharing sessions with demo of how the services and new workloads can be deployed.
- Offer support during the initial transition phase post-migration.
- Provide ongoing technical support, monitoring, and optimization services.
Next Phase
We are now looking at the next phase of the project which involves:
- Launching new digital products with the help of AWS environments which have been setup
- Any adhoc change requests for managing the cloud environment
Executive Summary
About Client
The client, Yorker, is focused on leveraging technology to address the challenge of tracking and managing cricket bowlers’ net practice bowling loads. Recognizing the risk of overtraining and injuries from improper tracking, therefore, Yorker aims to provide a digital solution tailored for cricket players. In addition, An AWS Custom Application for Yorker empowers bowlers to automate session recordings, create personalized training plans, and monitor progress effectively. The app also fosters a sense of community by enabling interaction, knowledge sharing, and participation in skill-building challenges. The project is being executed in multiple phases, beginning with a Minimum Viable Product (MVP) to establish a strong foundation for future improvements. Yorker’s commitment to innovation and user-centric design reflects its dedication to transforming how athletes manage their training and optimize performance while minimizing injury risks.
Project Background – Enhancing Cricket Training through Digital Bowling Load Management
The Yorker mobile app project addresses a major challenge for cricket bowlers: accurately tracking and managing their bowling loads during net practice. Without proper tracking, bowlers risk improper training regimens, leading to overtraining and injuries. The Yorker app offers a digital solution that automates session recordings, capturing key metrics like delivery count, types of deliveries, and intensity levels. Additionally, the app allows bowlers to create personalized training plans, track progress, and receive real-time alerts to avoid overexertion. By leveraging technology, this initiative not only helps reduce injury risks but also fosters a sense of community. Bowlers can share experiences, learn from experts, and engage in skill-enhancing challenges. Ultimately, the app aims to optimize performance while ensuring bowlers train safely and efficiently, revolutionizing the way athletes manage their training.
Scope & Requirement for AWS Custom Application For Yorker
Scope: The first phase of the Yorker mobile application focuses on developing a Minimum Viable Product (MVP) to establish a strong foundation. Specifically, this phase will deliver core functionalities to allow cricket bowlers to start tracking their training sessions and managing their profiles. The scope includes:
- User Authentication: Secure login and registration functionality for bowlers.
- Profile Management: Basic user profile setup, including personal details and preferences.
- Bowling Record Tracking: Automated entry for recording bowling sessions, including delivery count, types, and intensity.
- Basic Reporting: Simple reports summarizing bowling loads to help users monitor their progress.
Requirements:
- Mobile App Development: We will develop the front end using React Native to ensure cross-platform compatibility on iOS and Android.
- Backend Services: Built using .NET with RESTful APIs for data communication.
- Database: RDS Aurora PostgreSQL for structured data storage of user profiles and bowling records.
- CI/CD Pipeline: Set up Continuous Integration/Continuous Deployment processes for efficient development and release.
- User Interface Design: Intuitive and user-friendly UI aligned with branding, focusing on easy data entry and report viewing.
Implementation
Technology and Architecture for AWS Custom Application For Yorker
Read more on the technology and Architecture we used for AWS Custom Application Development
Technology
- WAF, API Gateway, Lambda Functions, RDS, S3, CloudWatch, Secrets Manager
Scalability
- The app is designed to run on serverless services, allowing automatic scaling based on usage.
Integrations
The application leverages RESTful APIs for smooth data transfer between the front end and back end, facilitating user authentication, session tracking, and profile management. Future integrations may include cloud-based analytics and third-party push notifications to enhance user engagement.
Cost Optimization
Peritos helped optimize costs for Yorker by designing an efficient AWS architecture using auto-scaling, right-sized instances, and serverless technologies. With tools like AWS Cost Explorer and Trusted Advisor, we continuously monitored and reduced spending. Automation through CI/CD pipelines and code optimization further enhanced performance while lowering operational costs.
Backup and Recovery
A robust backup strategy, using Amazon S3, prevents data loss, while automated recovery processes ensure quick restoration in case of failure.
Features of AWS Custom Application For Yorker
- Automated Bowling Session Tracking Capture and record each bowling session, including the number of deliveries, delivery types, and intensity levels, thus providing players with a detailed log of their training activities.
- Personalized Training Plans Create and customize training plans tailored to individual fitness levels and goals. Furthermore, Players and coaches can adjust these plans based on real-time performance data to optimize training regimens.
- Progress Monitoring & Alerts Track progress against predefined plans, with visual dashboards and alerts to notify users of deviations that may lead to overexertion or injuries.
- User Profile & Simple Reporting Maintain a personalized profile to store training history, generate basic reports on bowling performance, and gain insights to improve overall training effectiveness.
Challenges with AWS Custom Application For Yorker
- Accurate Data Capture & Tracking Ensuring the app reliably records detailed bowling metrics like delivery type, count, and intensity without manual errors poses a challenge, especially in a real-time sports environment.
- Scalability & Performance As user adoption grows, maintaining app performance and scalability will be critical, particularly during peak usage times. Designing a backend that can handle large volumes of data efficiently is essential.
- User Engagement & Retention Encouraging consistent use of the app among bowlers can be challenging. Building features that foster community interaction, personalized plans, and gamified challenges will be crucial to retaining users.
- Cross-Platform Compatibility Delivering a seamless user experience across both iOS and Android devices requires rigorous testing to address device-specific issues, screen resolutions, and performance variations.
Support
As part of the project implementation we provide 2 months of Ongoing extended support. Additionally, this also includes 20 hrs a month of development for minor bug fixes and a SLA to cover any system outages or high priority issues.
Next Phase
We are now looking at the next phase of the project which involves:
- Ongoing Support and adding new features every Quarter with minor bug fixes
- Social & Community Building Features
About Client
Landcheck is an easy and affordable way of accessing crucial natural hazard risk information about any property in Auckland. The data is collected from official sources and neatly summarized into an easy to read PDF report. This information will help you make more informed decisions when investing your hard-earned money into Auckland Real Estate.
Project Background – AWS Custom Application Development using ESRI ArcGIS
Peritos and Landcheck got together to create a AWS Custom Application Development using ESRI ArcGIS integration to generate Hazard reports for specific properties. This was used for generating land based report which can be ordered specific to an address. client wanted to create an application which gives a comprehensive report to the user for their address indicating multiple hazards. It includes 10 hazards like Flooding, Winds, Liquefaction, Coastal Erosion, Active Fault etc. This report is created based on the latest data from authorised information provider, with expert Advice from Landcheck Engineers at a optimum cost which can help the end user get the information they need to make decisions regarding a specific property. This was all being done manually which the client now wanted to develop as a SAAS based offering.
Scope & Requirement
In the 1st Phase of the custom application development, implementation was discussed as follows:
- A customized app which generates automatic reports of searched property address in Auckland Region
- Reports are generated from querying hazard data from ArcGIS server, where the information from Authorised council have been collated. Additional hazard risk calculation logic is applied on top of information returned from ArcGIS server to show the hazard risk in user friendly way. Based on the hazard risk level calculated for the property, Landcheck SMEs have also provided information to help understand the risk, which should also be added to report in a very user friendly way.
- Each hazard should have a property aerial image with hazard layers, showing how much area of the property is covered by different hazard levels.
- Reports should state the problem, hazard percentage and even the solution.
- User should be able to download the report in form of PDF files.
Implementation
Technology and Architecture
Read more on the technology and Architecture we used for AWS Custom Application Development using ESRI ArcGIS
Technology
The web app was deployed with the below technological component
- Backend Code: .NET Core, C#
- Web App code: ReactJS
- Database: PostgreSQL
- Cloud: AWS
Integrations
- Google APIs
- LINZ database
- ESRI ArcGIS
- Stripe
- Auth0
- SendGrid
Security:
- AWS WAF service is used for the firewall
- All API endpoints are token based
Responsive Design:
- All screens and UX was done keeping in mobile usage and are implemented with a responsive design in mind.
Scalability
Application is designed to be running on serverless services, so that it can easily scale up and down automatically based on usage.
Cost Optimization
Alerts and notifications are configured in the AWS to notify if the budget is being exceeded. Being deployed on serverless infrastructure, it desn’t imposes any additional cost if application is not being used a lot. Peritos being a cloud partner is managing the environment for the client keeping a close watch on the cost and finding ways to optimize the same
Backup and Recovery
- Automated backups are configured to backup the database and store multiple copies of the backup.
Code Management, Deployment
- CI/CD is implemented to automatically build and deploy any code changes.
Features of Application
- Search for an address, if the address is under supported regions then user will be able to select the address and application shows the outline of property in aerial view.
- User can get the report by creating an account on the application and making the payment
- Get the rating for the property for multiple hazards, like Winds, Flooding, Volcano, Earthquake etc. and expert advice from Landcheck Engineers on what are the remedial actions and next steps to take.
- This application, backend and front end are powered by AWS services.
Challenges
We collated data from multiple council region and helped to get this stored on AWS layer. When a user buys the report, then the risk calculation logic goes through several datasets in ArcGIS server to calculate the risks for different hazards, then combine those results along with the expert advise from the Landcheck engineers and returns the result by generating a PDF. This was taking a huge amount of time when done at the go.
- Complex calculations are required for each hazard which involves data coming from different ArcGIS feature layers. In addition to this, an image for each hazard is also created combining multiple hazard layers from ArcGIS map server. All of these calculation were taking a lot of time in generating the report. In order to resolve this, we moved all the hazard calculation logic in a separate component, which gets triggered through an event. In this we optimized the code to perform each hazard calculation on separate thread. Also, we offloaded some of the GIS calculations to ArcGIS server, and access it with ArcGIS APIs. These changes reduced the time report creation time to just few minutes.
- Testing of the application with multiple addresses and users who were experts in their domain was a challenge.
- The data was quite complicated to understand and we relied on the Landcheck’s engineers to inform us what the expected result was. We did cover a lot of suburbs and did test close to 600 properties so we could be sure it is working as expected. However there were outliers and cases which did not work as expected and had to invest a fair bit of time to resolve those.
- ArcGIS integration was an issue as all the data from different Parcel and Linz layers had to be collated on the AWS ArcGIS server so we could get the information from a single source for multiple cities and suburb region
- This data was complicated to load and we had applied layers in terms of images and legends to display the data on the report side for an end user to easily interpret the results.
Support
As part of the project implementation we provide 2 months of Ongoing extended support. This also includes 20 hrs a month of development for minor bug fixes and a SLA to cover any system outages or high priority issues.
Next Phase
We are now looking at the next phase of the project which involves:
- Ongoing Support and adding new features every Quarter with minor bug fixes
- Adding support for more NewZealand cities
About Client
The customer’s (Tonkin + Taylor) business is involved in environmental consulting or meteorological services, focuses on providing high-resolution meteorological data for various applications, including air quality analysis, weather forecasting, and climate risk assessment. Their offerings are centered around advanced data modeling using the Weather Research Forecasting (WRF) model, which requires significant computational resources due to its ability to generate detailed meteorological datasets.
Project Background – AWS Custom product for Weather research forecasting
Peritos was hired to address these challenges by developing a comprehensive system that could:
- Efficiently run the WRF model using HPC cluster.
- Automatically create and manage HPC cluster jobs on receiving new data requests.
- Automatically manage data resolution adjustments.
- Provide a seamless experience for customers through an easy-to-use online platform.
- Enable the commercialization of the datasets, ensuring that the customer could capitalize on the broad applicability of their data across multiple disciplines
Implementation
Technology and Architecture
The architecture of this application efficiently handles the computational intensity of the WRF model, scales dynamically with demand, and provides a seamless experience for users. The integration of various AWS services ensures that the solution is robust, secure, and scalable.
Overall Workflow
- User Request: Users input data parameters and request pricing. If satisfied, they proceed with the purchase.
- Processing Trigger: Upon payment confirmation, the system triggers the data processing workflow.
- WRF and WPS Processing: The ParallelCluster performs the necessary computations to generate the meteorological data.
- Post-Processing: Any additional processing is done before the final data is stored.
- Download and Notification: Users are notified and provided with a link to download their processed data.
Technology
- The web app was deployed with the below technological component
- Backend Code: .NET, C#, Python
- Web App code: Nextjs
- Database: PostgreSQL
- Cloud: AWS
Integrations
- Google APIs
- Stripe
- Auth0
- SendGrid
- Slurm APIs
Cost Optimization
Peritos enhanced Tonkin + Taylor’s FinOps capabilities by designing a cost-efficient, scalable AWS architecture. We optimized compute resources using AWS ParallelCluster, implemented serverless automation with Lambda and Step Functions, and used Amazon S3 and FSx for Lustre for cost-effective data storage. The solution allowed Tonkin + Taylor to scale on demand, reduce infrastructure costs, and gain visibility into cloud spending. This enabled efficient monetization of meteorological data while maintaining control over operational expenses.
High-Performance Computing (HPC) Environment
- AWS ParallelCluster: Provides the compute infrastructure needed to run the WRF model and WPS processes. This cluster is set up dynamically and scaled according to the computational demands of the task, ensuring efficient resource usage.
- Head Node and Compute Fleet: The head node manages the compute fleet, which executes the high-compute WRF and WPS processes.
- Head Node and Compute Fleet: The head node manages the compute fleet, which executes the high-compute WRF and WPS processes.
Processing and Orchestration
- AWS Lambda Functions: Used extensively for orchestrating various steps in the data processing workflow.
- AWS Step Functions: Orchestrates the entire workflow by coordinating Lambda functions, managing state transitions, and handling retries or errors.
Features of Application
- The solution leverages AWS cloud services to generate, process, and distribute high-resolution meteorological data.
- Users interact via an interface hosted on AWS Amplify, secured by AWS WAF and Shield, with APIs managed by Amazon API Gateway.
- The system orchestrates data processing using AWS Lambda functions and AWS Step Functions, coordinating tasks such as WRF and WPS processing on an AWS ParallelCluster.
- FSx for Lustre provides high-performance storage, while Amazon S3 and Aurora DB handle data storage and transaction management.
- Post-processing is done on EC2 instances, with notifications sent via SNS. The solution efficiently manages the high computational demands of the WRF model, scales dynamically, and ensures secure, seamless data access for internal and external users.
Challenges
- Challenge 1: High Computational Demand: The WRF model’s capacity to produce highly detailed meteorological datasets necessitates extensive computational power, which made running it on the customer’s existing local infrastructure impractical. The challenge was to find a solution that could efficiently handle large-scale data generation with optimum costing.
- Solution: This challenge was met by implementing an AWS-based high-performance computing (HPC) cluster, specifically AWS ParallelCluster, which provided the necessary computational resources to run the WRF model efficiently. The jobs on ParallelCluster were created and managed dynamically using AWS Stepfunction and AWS Lambda by utilizing Slurm APIs.
- Challenge 2: User Experience and Commercialization: To monetize their meteorological data, the customer needed to create an accessible, user-friendly portal where external users could easily select regions, adjust data resolution, and purchase datasets. The portal needed to be intuitive, efficient, and fully capable of handling secure transactions, which was essential for the success of the customer’s business model.
- Solution: The customer addressed this challenge by developing a web-based portal using AWS Amplify, integrated with AWS WAF and Shield for security, and managed via Amazon API Gateway. This platform provided a seamless user experience, enabling external customers to effortlessly interact with the system, select their data parameters, and complete purchases, thereby facilitating the commercialization of their datasets and enhancing revenue streams.
Next Phase
- Ongoing Support and adding new features every Quarter with minor bug fixes
- Adding support for more countries
About Client
AWS Control Tower Setup
Wine-Searcher is a web search engine that helps find the price and availability of wine, whiskey, spirits, and beer worldwide.
It has been operating since 1999, with offices in New Zealand and the UK. The platform offers search tools, price comparison,
an extensive database, an encyclopedia, and news content to support all wine-finding needs.
- https://www.wine-searcher.com/
- Location: New Zealand & UK
Project Background
Peritos led the AWS Control Tower setup for Wine-Searcher, optimizing their cloud infrastructure.
The implementation streamlined governance, improved compliance, and enabled secure scalability.
Multiple accounts were consolidated and managed using AWS Organizations within Control Tower.
The environment was configured to meet specific business needs, ensuring efficient resource management
and cost control. With built-in automation and governance, Wine-Searcher gained a strong foundation
for future growth while focusing on innovation and user experience.
Scope & Requirement for AWS Control Tower Setup
- Prerequisite: Automated pre-launch checks for the management account
- Step 1: Create shared account email addresses
- Define expectations for landing zone configuration
- Step 2: Configure and launch the landing zone
- Step 3: Review and finalize the landing zone setup
Implementation
Technology and Architecture of AWS Control Tower Setup
- Read about the key components defining the AWS Control Tower architecture for Wine-Searcher
Technology / Services Used
- We used AWS services to set up the following:
- Cloud: AWS
- Organization setup: Control Tower
- AWS SSO integrated with Azure AD credentials
- Policies setup: AWS Service Control Policies (SCPs)
- Templates created for common AWS services
Security & Compliance
- Tagging policies
- AWS Config for compliance checks
- NIST compliance
- Guardrails
- Security Hub
Network Architecture
- Site-to-site VPN using Transit Gateway
- Distributed AWS Network Firewall
- Monitoring with CloudWatch and VPC Flow Logs
Backup and Recovery
- Infrastructure follows AWS Well-Architected Framework with multi-zone availability and 99.99% uptime
Cost Optimization
Alerts and notifications are configured to monitor AWS costs and prevent budget overruns.
Code Management & Deployment
CloudFormation scripts for stack sets and AWS service provisioning were handed over to the client.
Challenges in Implementing AWS Control Tower Setup
- Landing Zone Drift
- Role Drift
- Security Hub Control Drift
- Trusted Access disabled
Support
- 1 month extended support
- A template for Cloud formation stack to create more AWS resources using the available stacks
- In addition, Screen sharing sessions with demo of how the services and new workloads can be deployed.
Executive Summary
About Client
Machineroad was started by Mitch Ferguson and Lockie Fergsuon both on top of thier cricketing skills and with the right knowledge and tools helping others in developing the game skills is what they wanted to do in Machineroad. With the mobile application goal was to help athletes to see how fast they can bowl and the areas for thier improvement. The competition in the sports sector is cut-throat and this app helps amateur as well as professional athletes to up their games.
https://www.machineroad.com/
Location: Auckland, New Zealand
Project – AI ML based mobile app for cricket training
Machineroad requirement was for implementing a bespoke AI ML based mobile app that helps to improve cricket bowling skills for their users. They wanted an app that helps their users to measure their bowling speed and creates a trajectory image snippet for the end user which further helps to understand the areas of improvement. Machineroad needed detailed analytics to help the users see their activities and compare results each week and month to help keep a track on the progress made. The requirement for AI ML based mobile app for cricket training was to be launched on both iOS and Android Store.
The Founder of MachineRoad Lockie Ferguson as world class cricket champion had this vision in mind ‘We want to bridge the gap between talent and success as a sportsman. Regardless of your upbringing we want you to be able to compete on the world stage and become the best athlete you can be”
Scope & Requirement
Below was the scope of work to develop a Cricket Training app:
- User should be able to download the app from Play and Google store if the device meets the specific requirement of camera and Video processing.
- User can then calibrate and start taking video when doing bowling and the app guides on the right placement and setup so as to get the most accurate video for processing and calculating the speed.
- AI and ML based video processing to give accurate results for the speed and if it there are issues like objects etc detected on the video it then informs the user that speed could not be calculated.
Implementation
Technology and Architecture
Technology
- The Mobile app was deployed with the below technological component
- Backend Code: .NET Core, C#, Node.js
- Mobile App code: Native Android, Native iOS
- Database: SQL Server, MongoDB
- Cloud: AWS
Integrations
- Single Sign-on using Auth0
- Sendgrid for sending email notifications
- Single Sign-on using Auth0
Security
- Data Encryption
- Multi-Factor Authentication for Admin, Teacher, and Students
- All API endpoints are tokenized
Backup and Recovery
Cloud systems and components used in the attendance management system are secure and 99.99% SLA.
HA/DR mechanism is implemented to create service replicas.
Scalability
Application is designed to scale up to 10x the average load from the first 6 months,
with auto-scaling cloud resources.
Cost Optimization
Alerts and notifications are configured to monitor budget usage. The environment is actively managed
to optimize costs.
Code Management & Deployment
Code for the app is handed over through Microsoft AppCenter.
CI/CD is implemented to automatically build and deploy code changes.
Features of AI ML Based Mobile App for Cricket Training
- Users can create bowling videos, store data, and add it to their player profile on the Machineroad app.
- The app records bowling speed, line, length, and trajectory, saving images and videos for each session.
- Detailed analytics reports allow weekly and monthly progress comparison, including benchmarking with other users and professional athletes.
- Monthly subscription includes comparison charts and leaderboard submission for speed and videos.
- AI/ML-based video processing analyzes recordings and delivers speed accuracy comparable to a speed gun.
- Social media integration enables users to share training results, badges, and streaks.
- Gamification and leaderboard features motivate users with customizable performance targets.
Challenges – AI ML Based Mobile App
- Achieving accurate results with a single camera compared to hawk-eye systems using multiple cameras was challenging.
- Performance depended on background noise, camera position, and device quality.
- App restricted usage on devices without 240FPS or slow-motion support; supported device list was provided.
- Processing videos across varying environments, lighting conditions, and pitches was complex.
- ML models required training across multiple scenarios, but adapting to new locations and pitches remained difficult.
- Accurate camera alignment and orientation were essential for reliable results.
- Help screens and video tutorials were implemented to guide users for optimal usage.
Support
As part of the project implementation, we provided 1 month of extended support, including major and minor bug fixes.
Additional long-term support was also provided for select issues over the years.
Next Phase – AI ML Based Mobile App
We are currently planning the next phase of development and are in the POC stage.
- Video post-processing will be performed directly on the mobile device to deliver faster results to users.
- New features will be implemented and released as part of the ongoing support agreement.
Executive Summary
The Tellabs AWS Glue integration project was designed to establish a secure, scalable, and automated data integration pipeline between Oracle NetSuite and AWS. Leveraging AWS Glue, Amazon S3, and orchestration services such as Step Functions and EventBridge, the solution ensures efficient data extraction, transformation, and storage. The Objective was to build and implement automated ETL pipelines to ensure key reporting metrics are improved in terms of speed and accuracy.
A strong emphasis was placed on security, governance, monitoring, and automation, ensuring that all workloads align with AWS best practices. The implementation provides enhanced visibility, operational resilience, and cost optimization for data processing workflows.
About Client
Tellabs is a technology-driven organization requiring secure and scalable cloud infrastructure to support its data integration and analytics workloads. The customer needed a robust AWS-based solution to handle data ingestion from Oracle NetSuite while maintaining strict governance, security, and compliance standards.
Objectives
- Establish a secure AWS account governance model
- Enable seamless integration with Oracle NetSuite
- Implement automated ETL pipelines using AWS Glue
- Ensure high availability and performance monitoring
- Maintain secure access control and identity management
- Enable cost visibility and optimization for Glue jobs
Scope of Engagement
- AWS Account Setup & Governance
- Identity & Access Management (IAM / SSO)
- AWS Glue ETL Pipeline Development
- Monitoring & Logging Framework
- Network Security Implementation (VPC, SG, NACL)
- Deployment Automation using CloudFormation
- Cost Analysis & Optimization
- Runbook Creation & Operational Support
Architecture Overview
The architecture consists of:
- Source System: Oracle NetSuite
- Processing Layer: AWS Glue
- Storage Layer: Amazon S3
- Orchestration: AWS Step Functions & EventBridge
- Secrets Management: AWS Secrets Manager
- Monitoring: Amazon CloudWatch & CloudTrail
This architecture ensures scalability, automation, and secure data processing pipelines.
Solution Overview – To implement automated ETL pipelines using AWS Glue
The solution integrates Oracle NetSuite with AWS using Glue-based ETL pipelines. Data is extracted, transformed, and stored in S3, enabling downstream analytics and reporting.
Key capabilities:
- Automated ETL workflows
- Event-driven execution using EventBridge
- Secure credential handling via Secrets Manager
- Centralized logging and monitoring
- Scalable serverless architecture
Security & Governance
AWS Account Governance SOP
- Root account restricted to initial setup only
- Mandatory MFA enabled on root account
- Use of corporate email & contact details
- CloudTrail enabled across all regions
- Logs stored in secure S3 bucket with deletion protection
Identity & Access Management
- Principle of Least Privilege
- Use of IAM roles & temporary credentials
- Integration with AWS SSO / Active Directory
- No wildcard permissions in policies
- Individual access accountability
Network Security (VPC)
- Security Groups for controlled traffic
- Subnet-level control via Network ACLs
- Restricted DB access to application layer only
- Controlled internet access pathways
Data Security
- Encryption using AWS KMS CMKs
- SSL/TLS for data in transit
- Key rotation enabled
- Fine-grained access control policies
Implement automated ETL pipelines using AWS Glue and ensure to manage Security and Access control
Monitoring & Logging
- CloudWatch Dashboards for:
- Glue job performance
- Step Functions execution
- EventBridge events
- CloudTrail for audit logging
- Logs exported to Amazon S3
- SNS alerts for:
- Job failures
- Latency spikes
- Credential access issues
Implement automated ETL pipelines using AWS Glue and ensure monitoring and Observability by automating data pipelines
Implementation
Infrastructure as Code
- AWS CloudFormation used for:
- Infrastructure provisioning
- Security configurations
- Networking setup
CI/CD Automation
- Integrated with AWS CodeBuild
- Automated deployment pipeline
- No manual console changes
Glue Implementation – automated ETL pipelines using AWS Glue
- ETL jobs configured with optimized DPUs
- Logging enabled for all executions
- Job performance tracked via CloudWatch
Runbook & Troubleshooting
Routine Monitoring Tasks
- Monitor AWS Lambda execution metrics
- Check API Gateway latency & security logs
- Review Aurora DB performance metrics
Troubleshooting Scenarios
Lambda Errors
- Analyze CloudWatch logs
- Adjust timeouts/configurations
API Gateway Latency
- Identify backend bottlenecks
- Optimize integrations
Aurora DB Issues
- Optimize queries & indexing
- Resolve connection bottlenecks
High Latency Scenario (OPE-001)
- Trigger incident response
- Identify root cause
- Apply performance optimizations
Deployment Readiness Checklist
Testing
- Unit Testing
- Integration Testing
- System Testing
- User Acceptance Testing (UAT)
Automation
- CI/CD pipelines
- Automated testing frameworks
- Security & code quality scans
Documentation
- Deployment guide
- Rollback strategy
- Configuration records
Validation
- Pre & post deployment checks
- Deployment checklist completion
- Evidence of successful rollout
Cost Optimization & Performance Tuning for running and implementing automated ETL pipelines using AWS Glue
- Glue pricing based on DPU usage & runtime
- Cost analysis using:
- CloudWatch logs
- AWS Cost Explorer
- Optimization strategies:
- Reduce over-allocated DPUs
- Use Glue Python shell jobs for smaller workloads
- Enable job bookmarks to avoid reprocessing
- Automation via:
- boto3 scripts
- Athena-based reporting
Challenges & Resolutions
| Challenge | Resolution |
| Secure access management | Implemented IAM roles & SSO |
| Monitoring complexity | Centralized CloudWatch dashboards |
| Cost visibility | Implemented tagging & cost analysis |
| Data security compliance | Used KMS CMKs & encryption |
| Deployment consistency | Adopted CloudFormation IaC |
Project Completion
- Successfully deployed automated ETL pipelines
- Established secure AWS governance model
- Enabled real-time monitoring and alerting
- Improved performance and reduced operational risks
- Delivered scalable and maintainable architecture
Note
This implementation follows AWS best practices for:
- Security
- Reliability
- Performance Efficiency
- Cost Optimization
- Operational Excellence
Implement automated ETL pipelines using AWS Glue high-level system setup.
Reference Links
https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/build-an-etl-service-pipeline-to-load-data-incrementally-from-amazon-s3-to-amazon-redshift-using-aws-glue.html
Read more about Glue
https://aws.amazon.com/glue/
Read more here about our services
AWS Glue Services
- https://www.peritossolutions.com/services/aws-glue-serverless-data-integration/
AWS consulting Services
- https://www.peritossolutions.com/aws-consulting
