Ecommerce fashion platform

A multi-brand retailer based in Canada, it specializes in selling designer fashion and high-end streetwear. Since 2003, the platform has grown to deliver products to 114 countries worldwide, supporting websites in multiple languages, including Chinese, French, English, Japanese, and Korean​​. It generates an average of 100 million monthly page views. 

- Develop a new e-commerce system functionality to improve the return of goods, loyalty programs, customer notifications, etc.

- Adapt the AWS infrastructure to be more scalable and flexible, allowing for efficient handling of varying workloads and growth.

- Develop a more effective access control system to minimize risks of cross-environment errors and grant developers the necessary autonomy.

- Distribute AWS resource ownership and management to alleviate bottlenecks and enhance agility in the development process.

- Establish a comprehensive business continuity and disaster recovery strategy aligned with application needs and infrastructure capabilities.

- Restructure the AWS accounts to enable precise cost tracking and attribution, facilitating better financial management and decision-making.

- Adopted a Client-Oriented Approach: Focused on implementing new features and developing new pages in the e-commerce system, prioritizing customer needs and feedback to enhance the overall user experience.

- Implemented AWS Control Tower and Landing Zone: Deployed AWS Control Tower to enforce and manage governance, security, operations, and compliance across AWS accounts. A well-architected multi-account environment was established via Landing Zone, setting a baseline for multi-tenant architecture and security.

- Organized AWS Accounts with AWS Organizations and OUs: Structured AWS accounts within Organizational Units (OUs) for application environments, set permissions, restrictions and policies at the OU level, and ensured all accounts followed a standardized baseline configuration.

- Centralized Security Management: Utilized AWS Security Hub service to collect data across all accounts into the "Security" account, giving the Security team full visibility and ensuring compliance. Consolidated AWS CloudTrail logs, AWS Config, and VPC Flow Logs into the "Log Archive" account for enhanced security management.

- Standardized Access Control with Okta and AWS SSO: Provided all user access to AWS accounts through Active Directory group memberships, managed by an ITOPS ticketing system, and centralized all AWS account access and permissions via AWS Single Sign-On, moving away from IAM users to IAM roles with short-living access keys.

- Distributed Infrastructure Management: Platform teams centrally managed Terraform code for Legacy and Shared accounts, while domain teams managed infrastructure in a distributed manner for domain-dedicated AWS accounts.

- Transitioned to Modern Networking: Replaced VPC-peered environments with modern network architecture using multiple AWS accounts, AWS Transit Gateways, Route53 private resolvers, Security Groups, VPC endpoints and prefix lists, and site-to-site VPN to the office’s network. Multiple application deployments in the same environment could speak to each other via a shared account, and the Cisco CSR router controls outbound connections.

- Implemented a Migration Strategy: Developed a re-platform scenario to migrate self-managed services to native cloud services. Among them, Kubernetes cluster, MongoDB databases and ElastiCache were migrated to Amazon EKS, Amazon DocumentDB, and Amazon ElastiCache, respectively. 

- Disaster recovery scenarios: Implemented, tested, and documented disaster recovery scenarios, leveraging the built-in DR features of AWS cloud services like Amazon DocumentDB global cluster and IaC approach using Terraform.