Tackling Tax-time Woes with a Robust and Secure Compliance Solution

Transcription

1 AWS Case Study Tackling Tax-time Woes with a Robust and Secure Compliance Solution Abstract Through helping our client build an AWS-enabled tax compliance solution, Minfy has contributed to improving supply chain efficiencies across the nation. The Client Our client is a multinational professional services network headquartered in London, United Kingdom. It is one of the largest professional services firms in the world, one of the Big Four auditors, and has a network of firms across the world providing services to most of the Fortune 500 companies.

2 The Business Context: Changing Tax Laws In July 2017, the Indian government ushered in a monumental new tax reform, the Goods and Services Tax (GST). GST was envisioned as a single tax that would replace the multiple central and state taxes collected when goods were transported and sold across the country. Through GST, the government sought to streamline collection of taxes from businesses and bring about efficiencies. To help companies navigate the complexities involved in the transition to the new tax regime, our client began developing a comprehensive GST compliance solution. This solution would completely automate the new tax processes through safe, secure, and speedy electronic filing and processing of returns, transactions, and reconciliations. The Business Challenge: A Monumental and Complex Change With GST being an extremely complex ground-breaking initiative that completely did away with several legacy tax laws and regulations, the Indian industry struggled with teething problems. A growing number of businesses were expected to use the new platform to ensure their tax compliance, and our client needed to ensure scalability of the solution. Further, due to the complex, evolving nature of the new tax rules, the solution had to address several other challenges such as frequent configuration changes and updates, and enhanced security policies. One of the main components of the GST compliance solution was a module to generate e-way bill (EWB) numbers for goods being transported across the country for further processing or sales. The EWB solution was a workflow and collaboration platform for stakeholders such as manufacturers, transporters, and recipients, that generated e-way bills electronically and included an audit trail that integrated with the overall GST Compliance Solution. To deal with these several ongoing challenges, our client engaged Minfy to host the module's application infrastructure on the cloud Business Challenge and also make it DevOps compliant The Devops Solution Approach: Continuous Integration and Delivery The DevOps methodology leveraging the AWS stack frees developers of infrastructure administration and scaling tasks through the philosophy of continuous integration and continuous delivery. It also frees the development process from costly, time-consuming version control errors. Along with significant savings in time to build and deploy software code, it also reduces the effort, cost, and time for infrastructure planning and maintenance.

3 Using the Aws Stack to Implement the Devops Framework Minfy, a AWS managed services specialist, developed a robust DevOps compliant infrastructure for the EWB solution that was hosted on AWS cloud. The granular architecture diagrams below on the frontend, backend and ETL implementations details out the several AWS components utilized for the solution. The infrastructure application stack included: An MS Dotnet Framework 4.6 for the application frontend Java 1.8 for the backend engine that was hosted on the Indian government's National Informatics Centre (NIC) The database system was developed using Postgres Reporting functionality was implemented on a Jasper server AWS Code Pipeline used for CI and CD Framework AWS Code Deploy used for deployment of frontend applications on autoscaled ec2 instances and serverless ETL on Lambda AWS CloudWatch Logs used to store logs for Frontend Dashboard applications and for Backend NIC application Users Corporate data center CSV Upload utility ERP/ File Server Amazon Route 53 Amazon CloudWatch AWS Lambda Amazon S3 AWS CodePipeline alarm Amazon SES AWS CodwDeploy AWS CodeBuild Notification Code Commit Application Load Balancer OpenVPN Public Subnet /24 Dotnet App /24 Auto Scaling Auto Scaling group Dotnet App /24 Amazon -ES ELK analytics Mobifly VPC NAT gateway NIC Engine+ Logstash NIC Engine /24 NIC API Server RDS-Postgres Master /24 RDS-Postgres Slave /24 Availability Zone AWS cloud - Mumbai Region Availability Zone

4 Our DevOps Approach Frontend Application Dashboard Eway Bill Code Commit/ merges AWS CodePipaline AWS CodeBuild Build Notifications AWS CodeDeplay Security group DEV - Subnet Security group QA - Subnet Auto Scaling Auto Scaling PrePROD Subnet Az1 Security Group PrePROD Subnet Az2 AWS Cloud PROD Subnet Az1 Security Group PROD Subnet Az2 Backend Application NIC Engine Code Commit/ merges Mobifly Jenkins EC2 Amazon Linux 2018 Build notifications AWS cloud ETL - Serverless Code Commit/ merges AWS CodeBuild Python (boto) Mobifly AWS CodePipline AWS CodeDeploy Amazon S3 AWS Lambda Build notifications AWS cloud

5 Source Code Cloud based SVN repository from xp-dev.com is used as source code repository for this CI and CD Pipeline. Build AWS Code Build is used for frontend and backend applications. Jenkins is used for NIC Java applications. Build artefacts are stored on S3 bucket. Test Veracode is used for manual testing which is used by PWC Team as it is hosted on-premises. The source code was uploaded manually on Veracode and the results fetched manually. Deploy AWS CodeDeploy is used to deploy Frontend applications on autoscaled windows EC2 instances AWS SAM is used for ETL serverless deployment on Lambda functions with code updated on S3 buckets Jenkins used for deployment on Linux EC2 instances for NIC java backend applications Multi-component pipeline AWS Code pipeline was used for CI and CD framework with multi-branch build, test and deployment for Dev, QA, UAT and production environments Build notifications AWS SNS used for build notifications such as build failures, success with revision numbers, and build target instance details for frontend, backend and ETL builds Roll Back Deployment of rollback done using build artefacts from S3 buckets for frontend application using revision number and build ID tagged with artefact zip file For SAM ETL lambda rollback was done using S3 bucket code folder from where lambda gets updated directly. For NIC engine java jar files are stored as zip files on S3 bucket with revision number and build ID Cloud Infrastructure Highlights and Benefits AWS VPC Eway Bill Frontend Web and NIC application instances were hosted inside secured VPC () private subnets and security groups. The security groups have restricted access except web traffic ports such as http and https which are exposed via Load Balancer. AWS EC2 ASG Eway Bill Frontend Web and NIC application production instances are deployed on Auto Scaled instances on multi-availability zones (Multi-AZ) ASG (Auto Scale Group) was configured to scale up the instances when CPU utilization goes high and scale in when utilization comes down. Instances scaled up by ASG are attached to target group which is in turn attached to Application Load Balancer AWS ALB ALB is used to distribute the web traffic workloads to multiple instances deployed on Multi-AZ Patch based routing is done using ALB rules to multiple instances under ASG Target group is configured with mapping of context path where instances added are a minimum of 2 and a maximum of 10 by ASG policies based on CPU utilization AWS RDS & Aurora Postgres DB is hosted on fully managed AWS RDS for Non-Prod DBs & Aurora for Prod DBs with automated snapshots auto minor version upgrade Scalable storage AWS S3 Following are stored on highly scalable and durable object storage services AWS S3 (Simple Storage Services) Build artefacts EC2 instance AMI snapshots Mongo DB Backups ALB Logs

6 AWS CloudWatch logs CloudWatch Logs are used to trace the logs for ALB. Frontend dashboard Application logs are pushed using SSM agent Backend NIC application logs are pushed via Log4j configuration to CloudWatch logs ETL Lambda logs are traced using CloudWatch logs Monitoring Infrastructure EC2, RDS instances, and application insights were monitored using third-party monitoring tools. Solution highlights and benefits As the EWB solution, as part of the overall GST Compliance solution, deals with sensitive business critical data of our client s customers, the architecture was built to have rock solid security features. A custom VPC was used, with deployment of an OpenVPN deployed in the public subnet. This helped with establishing a VPN connection between a customer's corporate network to the AWS network which could be used on demand. utilization, and get a unified view of operational health of the EWB solution. The Amazon Route 53 component in the architecture helped with load balancing and maintaining the health of the increasing traffic. The Result: Better Tax Compliance and Supply Chain Efficiencies With the DevOps compliant, AWS-enabled E-way bill solution, our client was able to offer its customers across the country a speedy, scalable, cost-efficient and highly secure means to remain tax compliant amidst changing regulatory requirements. The electronically generated e-way bills have helped with reducing police harassment and corruption issues for transporters and minimized the complexities associated with remaining tax-compliant. At Minfy, the team that helped build the solution view their efforts as a contribution towards building supply chain efficiencies for the nation. Due to the constantly changing regulatory landscape, new notifications on changes to the GST laws were being released by the Income Tax department almost every other day. AWS components such as Lambda, CodeBuild, CodeDeploy, CodePipeline, and Code- Commit which were used in the solution architecture relieved our client s developers from operational and infrastructure administration tasks and also enabled easy collaboration. This helped them focus on keeping the solution up to date. Also, AWS CodePipeline helped them with the continuous and constant release of updates and patches. As the GST roll-out gathered momentum, and over two hundred and fifty companies got onto the solution platform, actionable insights and alerts from AWS CloudWatch helped our client respond to system-wide performance changes, optimize resource About Us Minfy, a born in the cloud firm, helps enterprises with impeccable IT solutions for the cloud era. We help organizations move ahead in the digital world by changing the way they use IT. For over 5 years, we have dedicated ourselves to providing best-of-breed & well-architected cloud solutions to our customers, and are committed to partnering with them for success. Our offerings encompass SAP on cloud, Next-Gen Managed Services, Dev-Ops, CI & CD, and Microservices.