June 8

How to build a secure and scalable self-service infrastructure platform

In this talk I’ll explain how Pomelo built its self-service infrastructure platform, the tools we used, and how to create a scalable, secured, cost-effective and easy-to-maintain infrastructure platform.
Talk abstract

As a high-growth startup, we decided to build a self-service infrastructure platform that allows Pomelo developers to create and configure their app infrastructure without our intervention.

To build the platform we used AWS Cloudformation, AWS Service Catalog, and Argo Workflows. We created 30 products that help make Pomelo developer jobs easier and faster. I’ll explain the tools available from Cloudformation, why we used Service Catalog, how we configured developer access and permissions on AWS, and what we use Argo Workflows for. 

Maintaining security from the beginning was very important. I’ll also explain how we define network settings and permissions so our platform is secure and PCI-compliant. Pomelo infrastructure resources are only accessible at the permissions and networking level by the apps that should have access. In addition, data encryption is a setting that we enforce by default in the necessary environments.

My talk will cover:

  • What tools we used to build the platform
  • Advice on resource configurations
  • Security and networking keys that we took into account as a PCI-compliant company