Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building a Cloud Native Bank

mattheath
October 03, 2018
Programming
0
270

Building a Cloud Native Bank

A brief look at how Monzo, a UK based digital bank, have leveraged the features of Amazon's public cloud to build a secure, cloud native, banking platform — using modern open source technologies and common software development practices.

Presented at the AWS User Group UK meetup

mattheath

October 03, 2018
Tweet

More Decks by mattheath

See All by mattheath
Breaking down problems
mattheath
2
300
Contexts in Context
mattheath
0
160
A guided journey of Cloud Native
mattheath
1
120
Modelling prototypes to critical systems with Cassandra
mattheath
0
160
Building a Cloud Native Bank
mattheath
1
170
Building reliable APIs
mattheath
0
230
Go and Microservices - NDC London 2018
mattheath
0
210
Architecting a Bank from scratch
mattheath
1
740
Kubernetes in Context
mattheath
0
220

Other Decks in Programming

See All in Programming
try! Swift Tokyo 初参加報告LT
hinakko2
0
220
新宿ダンジョンを可視化してみた
satoshi7190
2
240
入門 AWS Amplify Gen2 / Introduction to AWS Amplify Gen2
genkiogasawara
1
330
MetricKitで予期せぬ終了を検知する話 / Detect unexpected termination with MetricKit
nekowen
1
180
見た目から始める生産性向上
ikumatadokoro
7
830
Rethinking UI building strategies @ SFI 2024
letelete
0
270
Ruby Pattern Matching
bkuhlmann
0
920
Snowflakeで眠ったデータを起こそう!
estie
0
110
"config" ってなんだ? / What is "config"?
okashoi
0
240
Scalable Customer Journey Orchestration (CJO)
lewuathe
0
100
GraphQLサーバの構成要素を整理する #ハッカー鮨 #tsukijigraphql / graphql server technology selection
izumin5210
4
820
Elm Form Validation
bkuhlmann
0
510

Featured

See All Featured
Build your cross-platform service in a week with App Engine
jlugia
225
17k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
155
14k
Building an army of robots
kneath
300
41k
Build The Right Thing And Hit Your Dates
maggiecrowley
24
2k
What the flash - Photography Introduction
edds
64
11k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
2
1.3k
Why You Should Never Use an ORM
jnunemaker
PRO
51
8.6k
Thoughts on Productivity
jonyablonski
58
3.8k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
2
3.4k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
20
1.9k
Design by the Numbers
sachag
274
18k
What's in a price? How to price your products and services
michaelherold
237
11k

Transcript

  1. Building a Cloud-Native Bank Matt Heath, Monzo

  2. ! ⛅ #

  3. Hi, I’m Matt

  4. @mattheath

  5. None
  6. None

  7. Nov 2015 Oct 2018 CUSTOMER
 GROWTH

  8. $ 1,031,133

  9. £4 billion spent %

  10. None
  11. None
  12. None
  13. None
  14. None
  15. None
  16. None
  17. None

  18. #

  19. &

  20. None

  21. '

  22. LICENCE WITH RESTRICTIONS WE ARE HERE A UK banking licence

    is authorised by the PRA and regulated by the PRA and FCA1, allowing deposit- taking and balance sheet lending. Once granted, it allows firms to passport across Europe, accessing This is followed by a “mobilisation” phase during which final capital is raised and IT systems are completed, before launching to the public. We received a UK banking licence in August 2016! FEB 2015 JAN 2016 JAN 2017 MAR FEB FEB APR MAR MAR APR MAY JUN JUL MAY APR JUN MAY JUL JUN AUG JUL SEP AUG NOV SEP DEC NOV DEC PRE APPLICATION APPLICATION MOBILISATION LAUNCH LICENCE WITH RESTRICTIONS 50K MAX DEPOSIT WE ARE HERE A UK banking licence is authorised by the PRA and regulated by the PRA and FCA1, allowing deposit- taking and balance sheet lending. Once granted, it allows firms to passport across Europe, accessing This is followed by a “mobilisation” phase during which final capital is raised and IT systems are completed, before launching to the public. We received a UK banking licence in August 2016! JAN 2016 JAN 2017 MAR FEB FEB APR MAR MAR APR MAY JUN JUL MAY APR JUN MAY JUL JUN AUG JUL SEP AUG NOV SEP DEC NOV DEC E APPLICATION APPLICATION MOBILISATION LAUNCH LICENCE WITH RESTRICTIONS WE ARE HERE AUG
 2017 JAN
 2016 Feb
 2015 APR
 2017 A UK banking licence is authorised by the PRA and regulated by the PRA and FCA1, allowing deposit- taking and balance sheet lending. Once granted, it allows firms to passport across Europe, accessing This is followed by a “mobilisation” phase during which final capital is raised and IT systems are completed, before launching to the public. We received a UK banking licence in August 2016! FEB 2015 JAN 2016 JAN 2017 MAR FEB FEB APR MAR MAR APR MAY APR JUN MAY JUL JUN AUG JUL SEP AUG NOV SEP DEC NOV DEC PRE APPLICATION APPLICATION MOBILISATION LICENCE WITH RESTRICTIONS WE ARE HERE

  23. Henrik Kniberg

  24. None

  25. ?

  29. Henrik Kniberg

  30. James Leah Matt

  31. James Leah Matt *

  32. James Leah Matt +

  33. ,

  34. None
  35. None

  36. - - -

  37. - - - X X X

  38. -

  39. % - %

  40. .

  41. - ☕☕

  42. ☕☕ - %

  44. EXTENSIBLE SCALABLE RELIABLE SECURE
 CHEAP

  45. ?

  46. Application

  47. Application

  48. APPLICATION Application

  49. None
  50. None
  51. None

  52. LICENCE WITH RESTRICTIONS WE ARE HERE A UK banking licence

    is authorised by the PRA and regulated by the PRA and FCA1, allowing deposit- taking and balance sheet lending. Once granted, it allows firms to passport across Europe, accessing This is followed by a “mobilisation” phase during which final capital is raised and IT systems are completed, before launching to the public. We received a UK banking licence in August 2016! FEB 2015 JAN 2016 JAN 2017 MAR FEB FEB APR MAR MAR APR MAY JUN JUL MAY APR JUN MAY JUL JUN AUG JUL SEP AUG NOV SEP DEC NOV DEC PRE APPLICATION APPLICATION MOBILISATION LAUNCH LICENCE WITH RESTRICTIONS 50K MAX DEPOSIT WE ARE HERE A UK banking licence is authorised by the PRA and regulated by the PRA and FCA1, allowing deposit- taking and balance sheet lending. Once granted, it allows firms to passport across Europe, accessing This is followed by a “mobilisation” phase during which final capital is raised and IT systems are completed, before launching to the public. We received a UK banking licence in August 2016! JAN 2016 JAN 2017 MAR FEB FEB APR MAR MAR APR MAY JUN JUL MAY APR JUN MAY JUL JUN AUG JUL SEP AUG NOV SEP DEC NOV DEC E APPLICATION APPLICATION MOBILISATION LAUNCH LICENCE WITH RESTRICTIONS WE ARE HERE AUG
 2017 JAN
 2016 Feb
 2015 APR
 2017 A UK banking licence is authorised by the PRA and regulated by the PRA and FCA1, allowing deposit- taking and balance sheet lending. Once granted, it allows firms to passport across Europe, accessing This is followed by a “mobilisation” phase during which final capital is raised and IT systems are completed, before launching to the public. We received a UK banking licence in August 2016! FEB 2015 JAN 2016 JAN 2017 MAR FEB FEB APR MAR MAR APR MAY APR JUN MAY JUL JUN AUG JUL SEP AUG NOV SEP DEC NOV DEC PRE APPLICATION APPLICATION MOBILISATION LICENCE WITH RESTRICTIONS WE ARE HERE

  53. A UK banking licence is authorised by the PRA and

    regulated by the PRA and FCA1, allowing deposit- taking and balance sheet lending. Once granted, it allows firms to passport across Europe, accessing This is followed by a “mobilisation” phase during which final capital is raised and IT systems are completed, before launching to the public. We received a UK banking licence in August 2016! FEB 2015 JAN 2016 JAN 2017 MAR FEB FEB APR MAR MAR APR MAY JUN JUL MAY APR JUN MAY JUL JUN AUG JUL SEP AUG NOV SEP DEC NOV DEC PRE APPLICATION APPLICATION MOBILISATION LAUNCH LICENCE WITH RESTRICTIONS 50K MAX DEPOSIT WE ARE HERE A UK banking licence is authorised by the PRA and regulated by the PRA and FCA1, allowing deposit- taking and balance sheet lending. Once granted, it allows firms to passport across Europe, accessing This is followed by a “mobilisation” phase during which final capital is raised and IT systems are completed, before launching to the public. We received a UK banking licence in August 2016! JAN 2016 JAN 2017 MAR FEB FEB APR MAR MAR APR MAY JUN JUL MAY APR JUN MAY JUL JUN AUG JUL SEP AUG NOV SEP DEC NOV DEC E APPLICATION APPLICATION MOBILISATION LAUNCH LICENCE WITH RESTRICTIONS WE ARE HERE AUG
 2017 JAN
 2016 Feb
 2015 APR
 2017 PREPAID
 CARD
 LAUNCH LICENCE WITH RESTRICTIONS WE ARE HERE A UK banking licence is authorised by the PRA and regulated by the PRA and FCA1, allowing deposit- taking and balance sheet lending. Once granted, it allows firms to passport across Europe, accessing This is followed by a “mobilisation” phase during which final capital is raised and IT systems are completed, before launching to the public. We received a UK banking licence in August 2016! FEB 2015 JAN 2016 JAN 2017 MAR FEB FEB APR MAR MAR APR MAY APR JUN MAY JUL JUN AUG JUL SEP AUG NOV SEP DEC NOV DEC PRE APPLICATION APPLICATION MOBILISATION LICENCE WITH RESTRICTIONS WE ARE HERE
  54. None
  55. None
  56. None
  57. None

  58. ?

  59. EC2
 Instance

  60. instance instance

  61. instance instance instance instance instance instance

  62. instance instance instance instance instance instance { { { eu-west-1a

    eu-west-1b eu-west-1c

  63. instance instance instance instance instance instance Kubernetes

  64. instance instance instance instance instance kubelet

  65. kubelet kubelet kubelet kubelet kubelet kubelet

  66. kubelet kubelet kubelet kubelet kubelet kubelet Kubernetes Master

  67. kubelet kubelet kubelet kubelet kubelet kubelet Kubernetes Master etcd

  68. kubelet kubelet kubelet kubelet kubelet kubelet Kubernetes Master etcd

  69. etcd

  70. etcd etcd etcd

  71. etcd etcd etcd etcd etcd etcd etcd etcd etcd

  72. etcd etcd etcd etcd etcd etcd etcd etcd etcd quorum

    = 5 or more nodes alive (n/2+1)

  73. etcd etcd etcd etcd etcd etcd etcd etcd etcd quorum

    maintained

  74. etcd etcd etcd etcd etcd etcd etcd etcd etcd quorum

    maintained '

  75. etcd etcd etcd etcd etcd unhealthy machines terminated 0

  76. etcd etcd etcd etcd etcd etcd etcd etcd etcd new

    machines automatically reattach EBS, cluster recovers 1

  77. etcd ASG 4 etcd ASG 7 etcd ASG 1 etcd

    ASG 5 etcd ASG 8 etcd ASG 2 etcd ASG 3 etcd ASG 6 etcd ASG 0 each etcd node is an autoscaling group of 1, with a fixed identity

  78. etcd etcd etcd etcd etcd etcd etcd etcd etcd quorum

    lost 2

  79. etcd etcd etcd etcd unhealthy machines terminated 0

  80. etcd etcd etcd etcd etcd ASG 7 etcd ASG 1

    etcd ASG 8 etcd ASG 2 etcd ASG 6 autoscaling groups start new instances

  81. etcd etcd etcd etcd etcd etcd etcd etcd etcd unhealthy

    machines replaced automatically, EBS reattached, cluster recovers 3

  82. Blog

  83. kubernetes

  84. kubernetes pod pod pod pod pod pod pod pod pod

    pod

  85. pod container service

  86. pod scratch container go service

  87. kubernetes service service service service service service service service service

    service

  88. kubernetes service service service service service service service service service

    service

  89. kubernetes service service service service service service service service service

    service

  90. kubernetes service service service service service service service service service

    service

  91. kubernetes service service service service service service service service service

    service service service service

  92. kubernetes service service service service service service service service service

    service

  93. kubernetes service Prometheus service service Kafka linkerd Kafka service service

    Elasticsearch calico API service

  94. 4

  95. 1

  96. Request Limit

  97. CPU Throttling

  98. None

  99. API

  100. API

  101. API Gateway API Service API Service API Service API Service

    API Service API Service API Service API Service
  102. None
  103. None
  104. None

  105. API Gateway Accounts Cards Pots Feed Payments …

  106. API Gateway Accounts Cards Pots Feed Payments … New
 Exciting


    API!! 5

  107. Cards Pots Payments … API Gateway Accounts New
 Exciting
 API!!

    0 0 0 0 0 Feed

  108. Cards Pots Payments … API Gateway Accounts New
 Exciting
 API!!

    0 0 0 0 0 6 Feed

  109. API Gateway Accounts Cards Pots Payments … New
 Exciting
 API!!

    5 6 Feed

  110. Service Service

  111. Service Service Service Service

  112. Service Service Service Service Kubernetes
 Service

  113. Service Discovery Load Balancing Timeouts and Expirations Retries Rate Limiting

    Connection Pooling Circuit Breaking Failure Detection Metrics and Tracing Interrupts Context Propagation

  114. Service Discovery Load Balancing Timeouts and Expirations Retries Rate Limiting

    Connection Pooling Circuit Breaking Failure Detection Metrics and Tracing Interrupts Context Propagation

  115. Service Service Service Service ?

  116. Service Service Service Service linkerd

  117. Service linkerd

  118. Service linkerd service
 discovery

  119. Service Service Service Service linkerd service
 discovery

  120. Service Service Service Service linkerd

  121. Service Service Service Service linkerd

  122. Service Service Service Service linkerd

  123. Service Service Service Service linkerd

  124. kind: DaemonSet metadata: name: linkerd spec: template: spec: containers: -

    name: linkerd image: ecr:linkerd_vXXX - "/etc/linkerd/linkerd.yaml" volumeMounts: - name: linkerd-config mountPath: /etc/linkerd readOnly: true ports: - name: http containerPort: 443 hostPort: 4140 env: - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP resources: limits: cpu: 4 memory: 2Gi monzo.com/cpu-period: 2500 requests: cpu: 1 memory: 1Gi services send requests to local
 linkerd daemonset linkerd daemonset pods & services
 on other machines
  125. None
  126. None
  127. None

  128. Event Driven
 Architecture

  129. Service A Service B Load Balancer Edge Gateway API Service

  130. API Service Service A Service B Load Balancer Edge Gateway

  131. API Service Service A Service B Load Balancer Edge Gateway

    Service D Service E

  132. API Service Service A Service B Load Balancer Edge Gateway

    Service C Service D Service E

  133. API Service Service A Service B Load Balancer Edge Gateway

    Service C Service D Service E 6

  134. API Service Service A Service B Load Balancer Edge Gateway

    Service C Service D Service E 6 7

  135. API Service Service A Service B Load Balancer Edge Gateway

    Service C Service D Service E 6 7 7 7 7

  136. API Service Service A Service B Load Balancer Edge Gateway

    Service C Service D Service E 6 7 7 7 7 Service D

  137. API Service Service A Service B Load Balancer Edge Gateway

    Service C Service D Service E 6 Service D

  138. 8

  139. API Service API Service Load Balancer Monzo API Gateway API

    Service

  140. API Service API Service Load Balancer Monzo API Gateway API

    Service

  141. API Service API Service Application Load Balancer (ALB) Monzo API

    Gateway API Service

  142. API Service API Service Application Load Balancer (ALB) Monzo API

    Gateway API Service AWS Shield AWS WAF

  143. API Service API Service Application Load Balancer (ALB) Monzo API

    Gateway API Service AWS Shield AWS WAF AWS API

  144. API Service API Service Application Load Balancer (ALB) Monzo API

    Gateway API Service AWS Shield AWS WAF AWS API

  145. API Service API Service Application Load Balancer (ALB) Monzo API

    Gateway API Service AWS Shield AWS WAF AWS API

  146. API Service API Service Application Load Balancer (ALB) Monzo API

    Gateway API Service AWS Shield AWS WAF AWS API Reject traffic at ALB Update rules
 via API

  147. API Service API Service Application Load Balancer (ALB) Monzo API

    Gateway API Service AWS Shield AWS WAF AWS API Reject traffic at ALB Update rules
 via API

  148. API Service API Service Application Load Balancer (ALB) Monzo API

    Gateway API Service AWS Shield AWS WAF 8

  149. API Service API Service Application Load Balancer (ALB) Monzo API

    Gateway API Service 8

  150. API Service API Service Application Load Balancer (ALB) Monzo API

    Gateway API Service 8 service

  151. API Service API Service Application Load Balancer (ALB) Monzo API

    Gateway API Service 8 service &
  152. None
  153. None

  154. API Service API Service Application Load Balancer (ALB) Monzo API

    Gateway API Service 8 service VPC Segregation
 Network ACLs Sec Groups

  155. API Service API Service Application Load Balancer (ALB) Monzo API

    Gateway API Service 8 service 8

  156. instance instance instance instance instance instance instance instance instance 9

  157. instance instance instance instance instance instance instance instance instance 9

    IAM Auditing CloudTrail 8
  158. None

  159. :

  160. None

  161. Ship it and iterate
 Make changes small
 Make changes often

    Technical debt as a tool

  162. API Gateway Accounts Cards Pots Feed Payments … New
 Exciting


    API!! 5
  163. None

  164. Production load tests & Shadow Traffic

  165. EXTENSIBLE SCALABLE RELIABLE SECURE
 CHEAP

  166. Empower teams

  167. monzo.com/careers