Specialty Retailer Fuels Customer Experience with DevOps Automation, AWS Cognito

Never rest on your laurels is a core tenet of successful retail. Embracing this ideology is a specialty home goods retailer that actively embraces innovation and continuous improvement. Excellence in customer experience tops the list when it comes to continuous improvement. And so it was that the retailer reached out to our AWS consulting services team to help it expedite a new customer enhancement to market. Pairing AWS Cognito, DevOps automation, and cloud security best practices, we enhanced the customer experience, linking its customer’s mobile and online experiences. 

Simple, Secure User Sign-Up and Sign-In

The front door to the retailer’s technology customer experience is the company’s eCommerce website and the company’s mobile application where customers can track optimal use of the retailer’s products and more. Already in the process of actively moving its systems to AWS, the technology team had a goal to migrate both customer experiences to AWS Cognito, thereby giving customers a unified login for each experience.

AWS Cognito is Amazon’s identity provider service that allows users to easily sign-up and/or sign-in to web and mobile applications. Cognito features a customer identity management platform that is a secure user directory able to scale to millions of users. Syncing both customer experiences to AWS Cognito enables this specialty retailer’s customers to sign in to each experience with the same user name and password. 

Prior to AWS Cognito, the company’s applications used Oracle databases to manage customer identity data. As a new single source of truth, the Cognito directory needed to be backward- compatible in order to query the legacy Oracle database. While Cognito was easily integrated with the company’s applications, in order to determine if a customer was a new user or legacy user, the applications needed to be able to query the Oracle database and bring them into the new directory.

Fully Automated Behind the Scenes

While all customers see is the retailer’s front-end application, behind the scenes the infrastructure team is busy ensuring an always-available, data-rich customer experience. It does so through the use of security best practices and DevOps automation.  

DevOps Automation

The company’s recent upgrade to HashiCorp Terraform 12 from Terraform 11 demonstrates its ability to quickly innovate. The upgrade went exceedingly smoothly due to its CI/CD pipeline. Within just three weeks, the new version was deployed into production, having been upgraded across the entire infrastructure.

Within CI/CD, the team has developed advanced models, tooling, and workflows, including the extensive use of Infrastructure as Code (IaC). For example, every new feature branch is a dedicated environment. If development opens a new branch, the infrastructure team builds and deploys a new environment, deploying on every commit. 

This advanced pipeline includes unit, load, and integration tests that are run against each commit. Once a feature is merged it receives the same CI/CD treatment except with much larger load tests, ensuring that the commit is ready for production and will exceed customer expectations. 

Amazon Cloud Security Best Practices

In addition to extreme automation, the technology team has adopted best practice security for its new Cognito solution. For example, the team instituted Principle of Least Privilege (PoLP) controls that help reduce risk and protect data. PoLP works in tandem with segregation, with each AWS Account having only one dedicated environment. All employees are in one account and users can only assume roles in other accounts. All roles are standardized through IaC. Users are assigned to a group and that controls what roles they can assume. However, to protect the production environment, all users — even admins — have read-only rights.

Continuous Improvement Never Rests

While the team has not yet had its AWS security audit, they are confident that their systems will pass handily, with security best practices built-in from the outset. Moreover, with DevOps automation and an advanced CI/CD pipeline, within three months of working with the AWS consulting services team, the technology team was able to issue its first production release of the Cognito customer identity directory; it went live without incident. 

The specialty retailer’s plans don’t stop here as it continues to pursue innovation in customer experience excellence. Next on the roadmap for the company is single sign-on which will allow customers to extend their application simultaneously between their mobile and desktop experience. On the backend, this level of secure integration will allow the company to extend even greater innovation to its customers.

Learn how other retailers drive innovation with DevOps automation, Amazon Cloud Security and digital transformation on our retail resource page.