Cloud Engineer, 46-jährig, aus Ostermundigen
Raiffeisen - Document Translation
In a multilingual country like Switzerland, Raiffeisen has to publish many internal and public documents in several languages, resulting in high translation costs. While switching to fully automated machine translation is not feasible yet, the solution should meet the following customer requirements:
- Providing a single portal for employees which enables them to request the translation of documents. Employees should also have the choice to either select machine translation or human translation performed by their existing supplier (offering optional human review of the quality of the machine translation).
- Allowing the user to select their prefered translation service.
- Providing translation APIs for internal applications.
- Enhancing machine translation with proprietary translation glossaries.
- Providing search capabilities in the proprietary translation glossaries.
To avoid managing virtual machines, operating systems, applications, and scaling of the environment, we developed a serverless solution. This enabled us to focus on the customer's business requirements and user functionalities.
The following picture shows the resulting architecture which was written using Terraform as IaC tool.
Tools & Technologies
- The web application is an Angular application hosted in an Amazon S3 bucket and delivered to clients through Amazon S3 bucket and delivered to clients through Amazon CloudFront.
- Amazon CloudFront leverages AWS Web Application Firewall (WAF) to restrict access to the customer's public IPs and ensure accessibility from the customer's internal network only.
- Amazon API Gateway, AWS Lambda and Amazon DynamoDB are used to read and place translation requests or to reviews and search through the glossaries. Amazon S3 is used to store the original documents as well as their translations.
- An Amazon DynamoDB stream is configured to trigger a AWS Lambda function. When a new translation request is stored in the table, it will start a Step Function orchestrating the translation process using multiple AWS Lambda functions to place and monitor orders until completion.
- Amazon Translate is used for machine translation, while the backend uses the customer's translation supplier APIs to place and track human translation requests. The Custom Terminologies feature of Amazon Translate is used to enhance the machine translation using the existing customer glossaries.
- AWS Systems Manager is used to encrypt and store API keys used to access the 3rdparty human translation service APIs.
- Throughout the translation process, events are placed on Amazon EventBridge to trigger an AWS Lambda function informing the end users of the status of the order process.
- The backend also interfaces with other 3rdparty translation and language service providers for domain-specific translations.
- AWS Glue is used to run a daily Apache Spark job on the Amazon DynamoDB data to extract orders summary as well as cost information, and populate the results into an S3 bucket.
- All AWS Lambda functions are sending application logs and business metrics to Amazon CloudWatch. Logs are used for troubleshooting and business metrics are used to monitor the health of the application.
- Users' authentication is done through Amazon Cognito, configured in a separate AWS Aaccount, and federated with the customer's on-premise Microsoft Active Directory.
- Data in transit and at rest are encrypted, the Amazon DynamoDB table and Amazon S3 buckets are encrypted at rest using AWS KMS with Customer Master Keys (CMKs).
- Each AWS Lambda function is executed with AWS IAM roles and scoped down policies according to least privilege principles.
Governance and Compliance:
- We use AWS CloudTrail to capture audit logs of all API calls which are made to AWS services in the AWS account.
- AWS Config is used to monitor and log all infrastructure configuration changes as well as the fulfillment or lack of compliance with established configuration rules.
- The architecture is written in Terraform and deployed in the customer’s environment using AWS CodePipeline and AWS CodeBuild services.
Results & Benefits
Building such an application from scratch is not an easy task considering all the requirements and features. By using AWS serverless services to develop the application backend, we were able to completely offload all infrastructure and application server provisioning, as well as deployment and maintenance of many backend applications (database, translation service, event broker, ETL, monitoring, etc.) to the cloud provider. This allows us not only to focus on the customer's business requirements and application functionalities, but also takes a lot of manual effort off the customer.
Updates of the application are provided through IaC and automated deployment pipelines, facilitating the deployment of new functionalities.
This application has been in use for 9 months already, processing several thousand document translation orders.
The Raiffeisen Group is the leading Swiss retail bank. The Group is the third largest player in the Swiss banking sector with around 1.96 million cooperative members and 3.6 million clients. The Raiffeisen Group is represented at 820 locations throughout Switzerland. The 219 legally autonomous cooperative Raiffeisen banks are aligned within Raiffeisen Switzerland Cooperative.
As AWS Advanced Consulting and training partner, we support Swiss customers on their way to the cloud. Cloud-native technologies are part of our DNA. Since the company’s foundation (2011), we have been accompanying cloud projects, implementing and developing cloud-based solutions.