Luxia (AI / No-Code – Amazon ECS + CI/CD + Multi-Account)
Automating CI/CD and Container Operations on AWS for an AI-Driven No-Code Platform
Executive Summary
Luxia offers AI-driven, no-code automation solutions that help businesses optimize data, documents, and workflows securely and efficiently. To accelerate growth and scale their GenAI-powered services globally, Luxia required stronger governance, security, and visibility across their AWS environments. GoCloud partnered with Luxia to implement AWS Control Tower for secure multi-account management and rapid environment provisioning, while Amazon ECS was deployed to orchestrate containerized applications across dedicated development, staging, and production environments, ensuring scalability, reliability, and consistent deployments. Together, this foundation enabled Luxia to modernize operations, strengthen security, and confidently expand their AI-powered platform for enterprise adoption worldwide.
About the Customer
Luxia is an all-in-one artificial intelligence platform that empowers organizations to automate processes, analyze data, and enhance customer interactions without the need for technical expertise. Built as a no-code solution, Luxia integrates seamlessly with enterprise systems such as CRMs and ERPs, making it easy to deploy AI across business operations. Its modular applications including Workflow, Data Assistant, Document Analyst, and Virtual Agent allow companies to reduce costs, improve efficiency, and unlock new value from their data. With a strong focus on generative AI, automation, and security, Luxia ensures data privacy and compliance, helping businesses innovate confidently and scale sustainably
About RPS
Luxia offers artificial intelligence–driven solutions for data, document, and process automation. Their aim is to provide secure, adaptive, and no-code AI technologies that integrate seamlessly with existing enterprise systems. The applications Luxia delivers help companies streamline workflows, reduce operational costs, and enhance efficiency across multiple industries.
Customer Challenge
Difficulty managing environment –
Difficulty managing environment changes over time due to the growing complexity of workloads and the need for a structured multi-account strategy
Lack of monitoring –
Lack of a proactive monitoring mechanism to detect and remediate security issues early while adhering to AWS best practices.
Limited visibility –
Limited visibility into resource configurations, making it harder to enforce compliance and optimize operations
Difficulty in managing –
Increasing difficulty in managing containerized applications on Amazon ECS without clear separation of development, staging, and production environments, which led to deployment inconsistencies and operational overhead.
Why Amazon
Web Services
Why Luxia
Chose GoCloud
GoCloud’s Solution
Services Used
AWS Control Tower →
Provides a secure, governed landing zone with standardized account setup and guardrails.
Amazon VPC (isolated per environment) →
Strong network isolation for dev, staging, and production
AWS Config →
Continuously monitors configurations and enforces compliance rules.
AWS Security Hub →
Unified view of security posture with automated compliance checks.
Elastic Load Balancer (ALB) →
Distributes traffic securely across services for high availability and resilience.
AWS ECS Fargate →
Runs containerized applications without managing servers, improving scalability and reducing operational overhead.
AWS Cloud Map →
Provides service discovery for ECS tasks and microservices, enabling seamless communication without hardcoding endpoints.
Amazon RDS (Aurora PostgreSQL, Multi-AZ) →
High availability, automated failover, and scalability for critical databases.
AWS ALB (Application Load Balancer) →
Efficient traffic distribution with SSL termination and health checks.
Auto Scaling (ECS ) →
Automatically adjusts compute capacity based on demand, optimizing cost and performance.
Amazon S3 + CloudFront →
Amazon S3 + CloudFront → Secure, fast, and cost-efficient content delivery with global caching
AWS CodePipeline →
Automated CI/CD pipeline ensuring faster and reliable deployments.
ChromaDB on EC2 →
Vector search capabilities powering AI/ML-driven features.
CloudWatch →
Real-time monitoring, alerting, and centralized logging for system health visibility.
Architecture Diagram
Workflow
For Luxia, a multi-account setup was created using AWS Control Tower, with separate
Dev, Stage, and Prod environments to ensure proper isolation, governance, and security.
Each environment runs within a dedicated Amazon VPC spanning multiple Availability
Zones (AZs) to provide fault tolerance and high availability.
For Luxia, a multi-account setup was created by using AWS Control Tower, details of
which are as follows:
• 2 Organizational Units (OUs) – Members OU (Develop, Staging, Production) and Security OU (Audit, Log Archive).
• 3 Shared Accounts – Management, Audit (for centralized monitoring), and Log Archive (for compliance and log aggregation).
• A cloud-native directory with preconfigured groups and AWS IAM Identity Center (SSO) access.
• 20 preventive guardrails to enforce security and governance policies and 2 detective guardrails to detect configuration violations.
With AWS Control Tower, a Landing Zone was established, providing Luxia with a well-architected multi-account baseline built on AWS best practices. The Landing Zone organizes accounts into OUs and enforces governance centrally.
Core OU: Contains Audit and Log Archive accounts. The Audit account consolidates security findings, while Log Archive aggregates CloudTrail and Config logs from all accounts.
Members OU: Hosts Development, Staging, and Production accounts, each with workload isolation and environment-specific policies.
Root OU: Parent for all accounts, ensuring policies applied at the root cascade to every OU and account
Guardrails and Policies:
• Preventive guardrails (SCPs) restrict unsafe configurations (e.g., blocking public S3 buckets, enforcing strong IAM policies).
• Detective guardrails use AWS Config rules to continuously monitor compliance.
• All workloads and environments are accessed only via AWS SSO, eliminating multiple IAM credentials and ensuring federated identity.
Workloads & Applications:
• Dev & Stage: Resolve Parking Solutions runs containerized applications on Amazon ECS Fargate, integrated with Code Pipeline for CI/CD. Pipelines are connected to Bitbucket, so code changes trigger automated builds, tests, and deployments. Dev supports feature development, while Stage mirrors production for pre-release validation.
• Production: Production workloads run on ECS Fargate clusters across multiple Availability Zones for high availability. Application data resides in Amazon Aurora (PostgreSQL/MSSQL), while static media is stored in Amazon S3 and distributed globally through CloudFront for low-latency access.
• Frontend Applications: Web frontends are also deployed on ECS, allowing the platform to auto-scale with traffic spikes and deliver reliable performance during peak demand.
• S3 Buckets: Dedicated S3 buckets handle CloudFormation artifacts, backups, deployment builds, and logs. All buckets are encrypted, access-controlled, and private to ensure customer data security
AWS ECS Integration:
● Enable ECS Across All Accounts and Environments
Luxia deployed Amazon ECS in their development, staging, and production accounts, ensuring consistent orchestration of containerized applications across all environments. This provided clear isolation, simplified governance, and reduced cross-environment risks.
● Standardize Microservices Deployments
All microservices were containerized and deployed through ECS using Code Pipeline and Code Build. This automated process applied the same build, test, and deployment workflows in every environment, eliminating manual errors and ensuring reliable releases.
● Centralize Logging and Monitoring
ECS services in dev, stage, and prod forward logs and metrics to CloudWatch and a centralized logging account. This gave Luxia a single pane of glass for container performance, scaling events, and operational health, making troubleshooting and audits far easier.
● Secure Data and Networking for ECS
ECS clusters were deployed in private subnets with access controlled via ALBs, IAM roles, and Secrets Manager. This architecture ensured encrypted communication, controlled access to sensitive resources, and secure handling of application secrets.
● Scale Seamlessly with Fargate in Production
In production, Luxia used ECS on AWS Fargate to scale micro services automatically based on demand. This reduced infrastructure management overhead while maintaining high availability and performance.
Monitoring & Security:
● CloudTrail and AWS Config enabled in all regions with logs centralized in the Log Archive account.
● Amazon CloudWatch provides application and infrastructure monitoring with alarms and dashboards.
● AWS Guard Duty and Security Hub aggregate security findings across accounts into the Audit account for centralized threat detection.
● Role-based access controls ensure developers work in Dev, QA/operations in Stage, and only authorized personnel access Prod.
Results & Benefits
• Reliable Multi-Environment Deployments with ECS
By implementing Amazon ECS across dedicated development, staging, and production environments, Luxia achieved consistent, automated deployments of their microservices. This eliminated the deployment inconsistencies of their legacy setup, reduced operational overhead, and allowed their teams to test and release features faster with confidence.
• Scalable and Resilient Microservices
ECS enabled Luxia to run containerized workloads that scale seamlessly based on demand. With Fargate powering production, Luxia no longer needs to manage underlying servers, ensuring high availability and reduced infrastructure management burden.
• Early Detection of Security and Deployment Issues
ECS integrated with CI/CD pipelines (Code Pipeline + Code Build) allowed Luxia to automatically build, test, and deploy while enforcing security scans and configuration checks at each stage. This ensured misconfigurations or vulnerabilities were identified early, reducing risk before code reached production.
● Clear Visibility into Application State
With ECS service-level monitoring through CloudWatch, Container Insights, and centralized logging, Luxia gained full visibility into how containers were running, scaling, and interacting with other services. This made troubleshooting faster, improved audit readiness, and provided stronger operational insights into their microservices.