About The Customer
Justt is a chargeback mitigation startup based in Tel Aviv. Chargebacks, as defined, are demands by a credit card provider for a retailer to reimburse losses on fraudulent or disputed transactions. Justt’s objective is to assist merchants worldwide in combating false chargebacks using its proprietary artificial intelligence technology.
False chargebacks, also termed “friendly fraud,” occur when shoppers incorrectly dispute charges to their credit/debit cards, resulting in their financial institution canceling payments and merchants suffering losses. Justt utilizes AI-powered technology to identify incorrect chargebacks, which typically comprise at least 85% of disputes, resulting in over $125 billion in annual losses. The company offers a tailored system for each merchant, integrating with their card processors, collecting evidence to refute illegitimate chargeback claims, and submitting this information to credit card companies on their behalf.
Customer Challenge
At the initial stage of the project, Justt lacked a dedicated DevOps team and a well-defined infrastructure. They operated with a single manually deployed AWS account, where resources like EC2, EKS, and S3 were manually created. These resources often existed on public networks without controlled internet access. Additionally, most configurations were limited to a single Availability Zone (AZ), lacking Disaster Recovery (DR) procedures.
Partner Solution
The solution was establishing a multi-account structure utilizing IaC with Terraform and significant enhancements were made to Justt’s infrastructure
The organization structure established the following accounts:
- Root
- Management (DevOps tools)
- Development (Application environment)
- Staging (Application environment)
- Production (Application environment)
- Client Accounts (Client landing zone)
The application workload re-designed with best practices concepts and templated with terraform as an IaC tool. The mechanism of terraform management that was chosen is Vanilla Terraform + Terraform Workspaces.
The architecture changes included:
- Interconnected VPCs – Accounts are linked via VPC peering, with all resources existing in independent private networks, predominantly deployed across multiple AZs with mandatory security groups
- Administrative Access – IAM Roles facilitate administrative access between resources.
Client AWS IAM SSO + external AzureAD for client access. - Remote Access –
Primary: P81 remote VPN + VPC peering
Backup: AWS client VPN - Managed AWS Resources – Justt utilizes various managed AWS services including EKS, EC2, LB, SQS, S3, ECR, EFS, Secret Manager, RDS, MQ, ElastiCache, CloudWatch, CloudTrail, Config, KMS etc
- Other Cloud Resources – Beyond AWS, Justt incorporates resources from Datadog, MongoDB Atlas, Cloudflare, and Spot.io
The deployment and changes in the infrastructure automated with CI tool ChatOps using Atlantis keeping GitOps concepts and best practices.
ChatOps using Atlantis for deployment, facilitating commit and PR-based infra changes with change history stored in PR comments and notifications via email and Slack
DevOps Best Practices
- Implementation of Least Privilege Principle through structured IAM Roles, groups, and policies
- Secret Management: All infrastructure and application secrets stored in AWS Secrets Manager
- Autoscaling utilizing KEDA, HPA, and EKS nodes scaling based on Spot.io
- CI/CD process for building, testing, and deploying applications using Monorepo CI process with GitHub Actions and self-hosted GHA runners (EKS pods)
- Microservices Architecture
- Self-Service model where microservices have a service-config defining basic AWS resources, automatically converted to YAML input data for CI system to push to the infra repo and open Atlantis PR
- Multi-AZ and Multi-Region Deployments with Disaster Recovery plan
- GitOps for Application helm charts deployments
Services
- EKS
- Amazon MQ
- EFS
- RDS
- ElastiCache
- Application Load Balancer
- ECR
- S3
- SQS
- Parameter Store
- KMS
Solution Diagram
Organization Diagram
Application diagram
IaC CI flow:
Results and Benefits
The implementation of Infrastructure as Code (IaC) with Terraform and the establishment of a multi-account structure for Justt’s chargeback mitigation system have yielded significant results, addressing the initial challenges and providing tangible benefits. The transition from a single manually deployed AWS account to a well-structured multi-account setup has not only enhanced operational efficiency but also improved security and resilience. Specific metrics highlight the success of the solution:
Time Savings and Efficiency:
- The adoption of IaC and the implementation of CI tool ChatOps using Atlantis have significantly reduced the time required for infrastructure changes and deployments.
- Given manual deployment takes 120 minutes and automated deployments takes 20 minutes, the time saved is 100 minutes per execution. The automated deployment ran more than 1000 times. means , (1,000*100)/24= more than 4,000 hours saved.
Security and Compliance:
- Implementation of DevOps best practices, including the Least Privilege Principle and IAM Roles, has strengthened security measures.
- Secret Management using AWS Secrets Manager ensures secure storage and access to sensitive information, contributing to compliance with security standards.
- No specific metrics can measure the security effectiveness.
Scalability and Cost Optimization:
- The utilization of auto scaling mechanisms, including KEDA, HPA, and EKS nodes scaling based on Spot.io, has enhanced scalability.
- 100,00$ yearly saved by using spots and scaling utilization tools.
In conclusion, the Justt case study demonstrates the transformative impact of IaC and DevOps practices on chargeback mitigation operations. The solution not only addressed the initial challenges but also brought about measurable improvements in time efficiency, security, compliance, scalability, and cost optimization. The metrics provided showcase the tangible benefits Justt has gained through the successful implementation of these technologies and methodologies.
About the Partner
GlobalDots helps IT, DevOps & security leaders navigate in today’s quickly-evolving innovation & threat landscape. We explore web & cloud innovation and implement cutting-edge solutions to enhance your performance and security posture, for efficient, growth-ready infrastructures.