Travelex: My Architecture on AWS Cloud
Chris West, DevOps lead at Travelex, and his colleagues chose to use microservices launched using Docker and Amazon Elastic Container Service (Amazon ECS), with a comprehensive security controls framework that incorporates AWS Key Management Service (KMS), Amazon Virtual Private Cloud (Amazon VPC), Amazon Web Application Firewall (AWS WAF), and other tools.
Each set of containers, running either a microservice or an API gateway, has traffic distributed by Elastic Load Balancing running in layer 4, so encrypted data doesn’t have to be decrypted to pass between services. Each day, containers are redeployed with new security certificates to minimize the effect of sensitive configurations being lost or stolen. West explains the architecture in detail in this video as part of the “This Is My Architecture” series.
Bank-Grade Security at Fintech Speed
A good example of Travelex’s new, agile way of working is its ability to re-architect Travelex Wire from a consumer-focused to a business-to-business (B2B) service in just 100 days. Phelps says, “The B2B international payments market represents a huge commercial opportunity for us. We always knew we’d have to pivot at some point, and the opportunity arose much quicker than anticipated. With the architecture we built in AWS, we were able to get our new product to market in three months—easily half the time it would have taken previously.”
A large part of this agility comes from the adoption of microservices. These include, for example, services that process payments, fetch exchange rates, or handle settlements, as well as customer-facing services that send emails or texts. West says, “Microservices are modular, so we can combine existing services in new ways to develop new services. At the same time, it’s quicker because developers are only working on small, independent elements, which also reduces the risk of making changes.”
This has afforded Travelex the time and energy to test and iterate new products like Travelex Wire and its B2B equivalent. Previously, on its monolithic data-center structures, any new features or edits based on customer feedback would have to wait until product releases, which happened about eight times a year. Now, Travelex releases new programs up to 100 times a week if need be. “Being able to spin up servers in 30 minutes and spend an afternoon testing out a new feature is a world away from the change processes involved in a physical data center,” says Phelps. “And we can do that anywhere in the world. Thanks to AWS, we have a virtual data center in the United States and Europe now.”
A Future Without Servers?
Travelex is now even more responsive to its customers’ needs and can onboard new ones faster, with microservices dedicated to the know-your-customer (KYC) and anti-money-laundering (AML) checks that enable it to stay compliant. “We can sit in a room with a customer, onboard them there and then, test and roadmap their Travelex journey, and implement feedback to any products and services faster than we have ever managed before,” says Phelps.
Travelex has always had an innovative culture, and it has capitalized on AWS to help its product and IT teams carve out more time to test, break, learn, and “sandbox” environments. Engineers are testing Lambda@Edge, which runs serverless compute functions in response to events in Amazon CloudFront edge locations to speed up performance for global users. The company is also using AWS Lambda as part of its new data platform, which will hold all data and events coming from its Amazon ECS clusters.
This allows developers to run code without provisioning or managing servers. Phelps says, “Now, whenever we need to design an environment, we have the option of microservices or serverless. In the long term, we’ll use as much serverless as we can, because there’s less of a technology stack for us to manage, and our engineers can focus on our customers.”