CarSaver: A complete one-stop solution for all your car buying requirements
Category: Automobile/SaaS
Services: Managed Engineering Teams, DevOps,Cloud Architecture Design, and review
- 40-50% reduction in development and staging infrastructure cost
- Reduced the overall downtime of the system by 3X
- Infrastructure as a code, hence faster provisioning
About CarSaver
CarSaver’s platform offers an all-in-one solution for buying, renting, leasing, insuring, and upgrading cars from 30+ automobile brands, including Hyundai, Mercedes Benz, Mazda, Volvo, and Porsche. The platform is built on AWS using secure, multi-tenant infrastructure, AWS database services, and infrastructure-as-code principles to ensure regulatory compliance and simplify management for CarSaver’s customers.
Problem Statement
Building an Efficient and Secure Multi-Tenant Solution
The client needed an efficient and secure multi-tenant solution to streamline their operations and optimize customer management. They required a system that could identify eligible customers for upgrades, generate personalized deals, and automate recurring marketing processes to nurture leads. Ensuring data privacy, compliance, and security were of utmost importance to meet regulatory requirements and maintain customer trust.
Trade Recommendation Service for Second-Hand Cars
As an SMB in the automotive industry, our client sought a trade recommendation service that would help their customers find suitable trades for their current vehicles. They aimed to provide personalized offers and accurate finance calculations, enhancing the overall customer experience. This service would enable them to maximize revenue and customer satisfaction by offering tailored trade options.
Auditing Incoming Requests for Security and Compliance
Establishing a robust security framework helps SMBs build resilience against emerging threats and evolving cybersecurity challenges. Security and compliance were key concerns for our SMB client. They needed a system to audit each incoming request to their network, ensuring a secure environment and adherence to regulatory requirements. This feature was vital to protect sensitive data, maintain compliance with data protection policies, and establish a robust security framework.
AWS Resource Configuration and Compliance Monitoring
Our SMB client required an automated solution to configure and monitor their AWS resources and environment. They aimed to ensure compliance with security best practices and receive timely notifications in case of any violations. This proactive approach would enable them to maintain a compliant state, mitigate risks, and address security concerns promptly.
Error-Prone Infrastructure Management
To minimize errors and enhance operational efficiency, our SMB client sought to improve their infrastructure management. They needed a solution that would simplify and automate infrastructure management processes, reducing manual configuration errors and improving overall system reliability.
Integrated Remote Access with Existing SSO
Remote access to AWS resources was crucial for our SMB client’s operations. They desired a solution that seamlessly integrated with their existing Single Sign-On (SSO) system, providing secure and convenient access to AWS resources. This integration would enhance productivity and simplify resource management within their established authentication framework.
Reliable and Secure Codebase
Ensuring a reliable and secure codebase was essential for our SMB client. They aimed to have a codebase that adhered to industry best practices for development, testing, and security. By prioritizing code reliability and security, they aimed to build trust, reduce vulnerabilities, and support their business growth objectives.
Proposed Solution and Architecture
To address the challenges faced by our SMB client, we developed a tailored solution and architecture that aligned with their requirements:
Ensuring Multi-Tenancy with AWS Lambda and DynamoDB
Our team implemented a system using AWS Lambda and DynamoDB, which enabled us to efficiently check eligible customers and generate personalized deals for them. By leveraging the power of serverless computing and a reliable database service, we ensured multi-tenancy by segregating the client’s data into different tables within DynamoDB. This approach provided the necessary scalability and flexibility to cater to the client’s multi-tenant environment.
Marketing and Lead Nurturing with Third-Party Tools
To facilitate marketing and lead nurturing, we integrated third-party tools such as Iterable and Voile. Iterable empowered our client with robust marketing capabilities, while Voile provided effective customer management functionalities. These tools streamlined marketing processes and enhanced lead nurturing efforts, enabling our client to engage with their target audience effectively.
Best Trade Recommendations with Offerlogix and Amazon RDS
To assist users who wished to upgrade their vehicles, we implemented Offerlogix to display the best trade options. Leveraging the capabilities of Amazon RDS for data storage, we ensured that users were presented with suitable offers based on their preferences. This integration helped our client enhance the customer experience and drive higher conversion rates.
Diverse Offers for Enhanced User Engagement
Our solution incorporated Offerlogix to provide users with a range of different offers. By leveraging this tool, we ensured that users had access to a variety of deals, increasing their engagement and satisfaction. This approach allowed our client to cater to diverse customer preferences, enhancing their competitiveness in the market.
Finance Amount Calculations with AWS Lambda
We utilized AWS Lambda to perform data analysis and generate recommendations for our SMB client. This serverless compute service allowed for efficient processing and timely recommendations.
Ensuring Security with Amazon VPC and Web Application Firewall
To prioritize security for our SMB client, we implemented a comprehensive monitoring system using Amazon VPC Cloud, network firewall, and VPC flow log. These measures helped safeguard the client’s infrastructure and data from potential threats. Additionally, we deployed a web application firewall to mitigate application layer attacks and enhance the overall security posture.
Data Protection with Amazon Aurora and AWS Backup
For the database, we leveraged Amazon Aurora, a highly secure and scalable database service. To ensure data protection compliance, we implemented AWS Backup, which facilitated regular backups and streamlined data recovery processes. This approach provided our SMB client with peace of mind regarding their data integrity and regulatory compliance.
AWS Config for Resource Configuration Assessment
By implementing AWS Config, we empowered the client to assess, audit, and evaluate the configurations of their AWS resources and environment. This enabled them to maintain compliance, identify potential issues, and make informed decisions to optimize their infrastructure.
Infrastructure as Code with AWS CDK and AWS CloudFormation
Our team utilized the AWS Cloud Development Kit (AWS CDK) to define cloud infrastructure as code, leveraging modern programming languages. This approach, combined with the deployment capabilities of AWS CloudFormation, enabled us to automate the provisioning and management of the client’s infrastructure. This streamlined the deployment process and ensured consistency and efficiency.
Efficient Common Access and Security Management
To effectively manage common access and security requirements, we implemented a hub-and-spoke networking model using AWS native networking tools such as AWS Client VPN, network firewall, transit gateway, and VPC. This architecture allowed for centralized control and secure communication between various components, ensuring a robust and scalable network infrastructure.
Automated Code Analysis and Review with SonarQube
Our engineers implemented SonarQube, an automated code analysis and review tool. This tool helped identify potential security vulnerabilities in the code, including SQL injection and cross-site scripting (XSS). By incorporating SonarQube into the development process, we ensured the delivery of reliable and secure code for our SMB client.
Metrics for Success
- Reduced development and staging cost by 40-50%: The expenses for development and staging infrastructure were lowered by 40-50%.
- System downtime decreased by 3X: The system is now down for 1/3 of the original duration, reducing overall downtime.
- Faster provisioning with infrastructure as code: Using infrastructure as code allowed for faster provisioning of resources.
Architecture Diagram
CarSaver’s platform offers an all-in-one solution for buying, renting, leasing, insuring, and upgrading cars from 30+ automobile brands, including Hyundai, Mercedes Benz, Mazda, Volvo, and Porsche. The platform is built on AWS using secure, multi-tenant infrastructure, AWS database services, and infrastructure-as-code principles to ensure regulatory compliance and simplify management for CarSaver’s customers.
AWS Services Used
- AWS Lambda:- We ran ETL jobs on AWS Lambda for generating prospects for the client, for marketing, for nurturing these prospects, generating deals for the users.
- Amazon Aurora:- Database storage solution , we used for database compliance purposes also.
- Amazon CloudWatch:- We used AWS cloudwatch to generate alarms and for application log generation and as a monitoring solution to monitor the resource utilization metrics.
- Amazon CloudFront:- We have used cloudfront to serve static content.
- Amazon S3 buckets:- We used AWS S3 buckets to store configuration files and to store customer data files.
- Amazon Elastic Container Service:- All application services run in the container service. Thus we used the Amazon Elastic Container Service for application deployment as a container orchestration tool.
- Elastic Load Balancing:– The AWS elastic load balancing service is used as a service load balancer.
- AWS Auto Scaling:- The client wanted a scalable solution. So we used AWS autoscaling to scale up or down according to incoming traffic/load.
- AWS ELasticache:- To cache session and common data to reduce pressure on backend databases.
- AWS CDK & cloudformation:- For IaC(infrastructure as a code).
- AWS ALB:- We are using it for load balancing.
- AWS WAF:- AWS WAF helps us to protect against common web exploits and bots that can affect availability, compromise security, or consume excessive resources.
- AWS Config:- AWS Config is a fully managed service that tracks the configuration history and configuration change notifications to use security and governance.
- AWS client VP:- A fully-managed remote access VPN solution we use to securely access resources within AWS.
- AWS network firewall:– AWS Network Firewalls intrusion prevention system (IPS) provides active traffic flow inspection so we can identify and block vulnerability exploits.
- AWS SecurityHub:– AWS Security Hub provides a comprehensive view of our security state in AWS and helps check our environment against security industry standards and best practices.