Simple, Secure User Sign-Up and Sign-InThe front door to the retailer’s technology customer experience is the company’s eCommerce website and the company’s mobile application where customers can track optimal use of the retailer’s products and more. Already in the process of actively moving its systems to AWS, the technology team had a goal to migrate both customer experiences to AWS Cognito, thereby giving customers a unified login for each experience.
AWS Cognito is Amazon’s identity provider service that allows users to easily sign-up and/or sign-in to web and mobile applications. Cognito features a customer identity management platform that is a secure user directory able to scale to millions of users. Syncing both customer experiences to AWS Cognito enables this specialty retailer’s customers to sign in to each experience with the same user name and password.
Prior to AWS Cognito, the company’s applications used Oracle databases to manage customer identity data. As a new single source of truth, the Cognito directory needed to be backward- compatible in order to query the legacy Oracle database. While Cognito was easily integrated with the company’s applications, in order to determine if a customer was a new user or legacy user, the applications needed to be able to query the Oracle database and bring them into the new directory.
Fully Automated Behind the Scenes
While all customers see is the retailer’s front-end application, behind the scenes the infrastructure team is busy ensuring an always-available, data-rich customer experience. It does so through the use of security best practices and DevOps automation.
The company’s recent upgrade to HashiCorp Terraform 12 from Terraform 11 demonstrates its ability to quickly innovate. The upgrade went exceedingly smoothly due to its CI/CD pipeline. Within just three weeks, the new version was deployed into production, having been upgraded across the entire infrastructure.
Within CI/CD, the team has developed advanced models, tooling, and workflows, including the extensive use of Infrastructure as Code (IaC). For example, every new feature branch is a dedicated environment. If development opens a new branch, the infrastructure team builds and deploys a new environment, deploying on every commit.
This advanced pipeline includes unit, load, and integration tests that are run against each commit. Once a feature is merged it receives the same CI/CD treatment except with much larger load tests, ensuring that the commit is ready for production and will exceed customer expectations.
Amazon Cloud Security Best Practices
In addition to extreme automation, the technology team has adopted best practice security for its new Cognito solution. For example, the team instituted Principle of Least Privilege (PoLP) controls that help reduce risk and protect data. PoLP works in tandem with segregation, with each AWS Account having only one dedicated environment. All employees are in one account and users can only assume roles in other accounts. All roles are standardized through IaC. Users are assigned to a group and that controls what roles they can assume. However, to protect the production environment, all users — even admins — have read-only rights.
Continuous Improvement Never Rests
While the team has not yet had its AWS security audit, they are confident that their systems will pass handily, with security best practices built-in from the outset. Moreover, with DevOps automation and an advanced CI/CD pipeline, within three months of working with the AWS consulting services team, the technology team was able to issue its first production release of the Cognito customer identity directory; it went live without incident.
The specialty retailer’s plans don’t stop here as it continues to pursue innovation in customer experience excellence. Next on the roadmap for the company is single sign-on which will allow customers to extend their application simultaneously between their mobile and desktop experience. On the backend, this level of secure integration will allow the company to extend even greater innovation to its customers.
Learn how other retailers drive innovation with DevOps automation, Amazon Cloud Security and digital transformation on our retail resource page.
Post Date: 04/29/2020