Hidden: From Decentralized to Optimized: Why DeFi Platforms Choose AWS for Scalability and Performance

Customer Profile

If you have used your cell phone’s wallet application to pay for your coffee, or used Google Pay, Apple Pay, Zelle, or Venmo to transfer money to a friend or a local business, you have unwittingly encountered what is known as Decentralized Finance (DeFi) protocols. These protocols have seen explosive growth driven by their ability to offer innovative, inclusive, and efficient financial services without intermediaries like banks, brokers, or payment processors.

The barrier to entry for these mobile and decentralized financial services is quite low and the field has exploded with global users. With increased global user adoption comes increased opportunities for heists and hacks. As the widespread acceptance for DeFi products grows, so will the number of attempts to hack their protocols.

Arkhivist is a cybersecurity company that minimizes risk factors of DeFi investors, using an innovative technology that monitors the blockchain, generating risk intelligence and real-time alerts. Arkhivist protects DeFi Protocols proactively from financial loss by providing real-time monitoring, security risk assessment, and delivering valuable post deployment insights for Smart Contracts. The company monitors more than 1700 DeFi protocols and more than $60B in assets, and has detected nearly a million risks.

Partnership Goals

Arkhivist’s platform was hosted on the Google Cloud Platform (GCP), a highly centralized service provider that lacks easy integration for native blockchain support. GCP also tends to rely on complex third party infrastructural integration for needed for data integrity and security. GCP data centers also are limited to specific regions which don’t necessarily align with the distributed needs of a DeFi network, nor does the platform’s storage capacity natively integrate decentralized storage needs.

These pain points led Arkhivist to consider migration to the AWS platform, leveraging AWS’ unique services for its business and architectural needs. Arkhivist was seeking improved, reliable, and secure performance so that it could handle increased user demand and transaction volume efficiently from anywhere in the world (low latency access).

The ProfiSea-Arkhivist partnership aimed to leverage AWS’ infrastructure to improve Arkhivist’s operational needs and enhance its capabilities.

Why Amazon Web Services?

As a fairly new startup, Arkhivist was eligible for free or subsidized cloud resources for a two-year period. Because DeFi protocols often require substantial computational resources for development, testing, and deployment (e.g., running blockchain nodes, handling data storage, or processing transactions), AWS credits save on costs.

AWS solutions also offer auto-scaling capabilities which allows the company to scale up or down dynamically to handle variable loads, a common phenomenon for DeFi protocols which can experience sudden spikes in demand during liquidity events or significant market activity.

AWS credits enable the Arhkivist team to scale up their infrastructure and to meet these demands without budget concerns. AWS EC2, for example, may scale database capacity based on need. Because DeFi protocols operate 24/7 across multiple geographic areas and experience rapid changes in demand, AWS EKSis helpful in automatic scaling and self-healing of workloads across multiple nodes without downtime. AWS Client VPN protects sensitive resources, supports distributed teams, and ensures compliance with security standards. And AWS ECR, integrated with other AWS services, ensures that the Arkhivist team can focus on building robust decentralized platforms without worrying about the complexities of image management and deployment.

Equally important is the freedom to innovate that comes with the AWS two-year credit. During this period, Arkhivist gains the flexibility to experiment with different architectures, optimize their systems, run simulations, and iterate without worrying about infrastructure costs.

AWS services used in this project include: Amazon Elastic Kubernetes Service (AWS EKS), Amazon Elastic Compute Cloud (AWS EC2), Amazon Client VPN (AWS Client VPN), Amazon Simple Storage Service (AWS S3), Amazon Elastic Container Registry (AWS ECR), Amazon Route53 (AWS Route 53), Amazon Secret Manager (AWS Secret Manager), Amazon VPC Transit Gateways (AWS VPCs), and Amazon Control Tower (AWS Control Tower).

Cloud Migration Approach

Planning and Assessment: Because Arkhivist uses the “mode repeat” method of coding which is not supported by NoSQL databases such as AWS’ Redshift or Snowflake, the company chose to keep Google’s BigQuery analog data warehouse service. Once it was determined both GCP and AWS services were to be used simultaneously, we located the closed region that best services both AWS and GCP.
Configuration of Development Environment: Arkhivist’s new AWS accounts were configured through AWS’ Control Tower, creating the Landing Zone. A separate dedicated AWS account was established to house the development environment. Infrastructure dependencies for development were installed using AWS’ VPC, EKS, ECS (MongoDB and Neo4j), and Secret Manager. ECK was used to configure the logs and Prometheus was used for the metrics collector. CI/CD was configured using Jenkins as the CI tool, ArgoCD as the CD tool, Helm as the package manager, and ECR at the shared AWS account for storing docker images. VPN was installed at the shared AWS account and, most importantly, SSO between Google workstation and AWS was configured so that users could seamlessly sign on to both platforms simultaneously.
Staging Environment: A dedicated AWS account was created for the staging environment replicating similar steps noted above for the development environment. ArgoCD was used for the EKS cluster for the staging environment. Backup for MongoDB was restored from production into the staging environment.
Production Environment: A dedicated AWS account was created for the production environment and the process for creating that environment followed the one used for the staging environment. See Figure 1, for the production environment architecture:

Figure 1: Production Architecture

Migration: The Cluster-to-Cluster tool was used to migrate the MongroDB database, with zero downtime. A backup file of Neo4j was created, sent to the AWS S3 bucket, copied, and restored in the new production environment. BigQuery was copied from its region to the new one within 30 minutes.

Results

Arkhivist’s migration to AWS allowed for more granular monitoring and alerting capabilities, giving the company real-time insights into system performance. Potential issues could be identified well before they could negatively impact performance and quicker resolution of bottlenecks ensure system stability.

AWS migration allowed for a flexible infrastructure framework that supports dynamic scaling and seamless adaptation to evolving customer needs, no matter where they are located. Resources could be allocated and optimized on-demand, significantly reducing downtime and improving efficiency across development pipelines.

These advancements empower Arkhivist to streamline its deployment processes, adopting more iterative and agile release cycles, increasing release frequency, enabling faster delivery of new features, and improved responsiveness to market demands.

Profisea: Your Trusted Partner for AWS DeFi Services and Cloud Migration

Profisea is an Israeli boutique DevOps and cloud company providing a full spectrum of cloud management services, from smart customization of existing cloud infrastructures to end-to-end cloud infrastructure design and optimization that meets the unique business requirements of each of our clients.

Our DevOps engineers implement best practices in GitOps, DevSecOps, and FinOps, and providing Kubernetes-based infrastructure services to help SMBs, SMEs, and large enterprises transform their organizations, increase productivity, boost performance and reduce cloud costs.

Because no two cloud environments are alike, ProfiSea creates customized, one-of-a-kind strategies based your specific requirements. If you are looking for optimized infrastructure and enhanced delivery processes, check out our DevOps as a service page and contact us to get more information about how we can transform your cloud journey.