This a go back link

Upstream Mobility: Creating a reusable and cloud native infrastructure in the AWS Cloud

Upstream Mobility - next level mobility GmbH
Public Sector
Products & Services
Amazon Web Services, Terraform, Kubernetes and more
Amazon Web Services, Kubernetes, Kibana, Grafana, FluentD, Elasticsearch, Prometheus, Terraform, Amazon Aurora PostgreSQL, Amazon EKS, Amazon EC2, Amazon VPC, AWS CloudWatch


Upstream Mobility is a Vienna-based company offering a digital infrastructure platform for public transport service organizations. They unite a multitude of digital public mobility services on a municipal platform and combine these with customizable applications and functions tailored to the needs of their customers. The platform enables customers to integrate their public transport data into a single custom application and create a streamlined experience for their end-users. A great example is a mobile app that allows users to view the schedules of all public transportation services in Vienna in addition to booking tickets, taxis and electric scooters with just a few clicks.


The project followed three major goals.

The first was to remove the requirement for Upstream Mobility customers to run their applications on on-premise hardware and suffer from consequent drawbacks such as difficult scalability, insufficient availability, and decreased reliability which can lead to poor customer experience and reduced acceptance of the solution.

The second goal was to make all solution components modular and reusable. This aspect was particularly relevant for Upstream Mobility being a proprietor of a white label solution in which every customer uses and builds upon identical base components. With regards to the  software components, modularisation had already been achieved by the use of a microservice architecture and containerization in Kubernetes. This requirement needed to be extended to the infrastructure components with a simple „plug n‘ play“ concept that can function with multiple public cloud providers. In this context, the pre-existing continuous integration / continuous delivery (CI/CD)   pipeline needed to be modernized from a hardly scalable, to an elastic and highly available solution.

A final goal was to define a mechanism and process for transparent customer invoicing with a detailed breakdown of individual cost elements and the separation of project and fixed running costs.


In order to tackle the outdated infrastructure with all its disadvantages, moving to the public cloud was inevitable. Since the application already ran as containerized microservices in Kubernetes, the managed Elastic Kubernetes Service (EKS) by the current cloud market leader AWS was selected as the ideal solution. EKS offers the advantage that the complete Kubernetes Control Plane is managed by AWS and is provided with high availability in several availability zones. Furthermore, EKS can be combined and integrated with other services such as the Elastic Load Balancer. The Kubernetes worker nodes are located in a private network and therefore not directly externally accessible. Together with the other security elements of AWS such as Security Groups, Network Access Control Lists and IP whitelists, it was possible to create a highly secure infrastructure.

To ensure that the data storage scales with the solution and gain easy access to high availability concepts on the storage layer, the managed database service Amazon Aurora for PostgreSQL was chosen. Amazon Aurora is a database developed by Amazon directly for the cloud which delivers up to 3X the throughput of standard PostgreSQL. Since Amazon Aurora is a managed service, a plethora of further out-of-the-box advantages such as: Storage Auto-Scaling; Low-Latency Read Replicas; Instance Monitoring and Repair; Fault-Tolerant and Self-Healing Storage; Automatic, Continuous, Incremental Backups and Point-in-Time Restore could be employed in the context of the complete solution. As sensitive data can be stored in the database, security was an extremely important issue. As such, the database is not externally accessible and only permits requests from two sources; from the Kubernetes application itself, and from the so-called „Bastion Host“ (a specially secured virtual machine) which in turn only accepts requests from the Upstream Mobility office.

Since Upstream Mobility customers may wish to run their custom applications at any of the major cloud providers, it was necessary to ensure that the infrastructure can be deployed easily and cloud independently. The product Terraform from Hashicorp was selected as a tool for this exercise as it provides a framework for describing, versioning, reusing, and modularising infrastructure in the form of code. The use of infrastructure as code laid down the foundation for the automation of infrastructure deployment and permitted a simple integration into the Upstream Mobility CI/CD pipeline.

Terraform supports a variety of providers. In addition to the large cloud providers, Kubernetes itself is also supported. This makes it possible to automatically deploy logging and monitoring services for the Kubernetes cluster in addition to the provisioning of the actual infrastructure. For logging, the EFK stack was used. EFK consists of the open source components; Elasticsearch, FluentD and Kibana. FluentD collects the logs from the individual Kubernetes components, Elasticsearch acts as search and analytics engine, and Kibana visualizes the data. The monitoring was realized by the open source software Prometheus and Grafana, in which Prometheus is used to provide the cluster metrics and Grafana is used for the visualization.
These components have a large open source community, are well rounded and overall very well suited to a cloud agnostic solution.

With the billing console, AWS offers a simple way to clearly display costs and enables the generation of detailed reports over services and projects. As such, it is the ideal solution for the billing problem and has the advantage of being easily configurable. For the project structure, a separate account per project is used. This corresponds to the AWS best practice and not only opens the possibility to combine and encapsulate all project resources, but also facilitates the invoicing by the project.


By moving to the AWS cloud, Upstream Mobility was able to significantly increase the availability and scalability of its applications and infrastructure. By using infrastructure as code and modularisation, Upstream Mobility‘s time to market was significantly reduced, the traceability of structural changes was enabled, and the susceptibility to errors was reduced. Furthermore, Upstream Mobility customers now have the possibility to deploy their solutions to any cloud provider.

With the AWS billing overview, Upstream Mobility was able to greatly simplify the billing process. Costs are clearly divided into services and projects. Furthermore, budgets and billing alarms allow effective cost management on behalf of the customer and prevent unpleasant surprises on the monthly invoice. Additionally, by moving to the cloud, Upstream Mobility now only pays for the resources they actually use and the transition from a pay upfront to a pay as you go model offers incredible savings potential.

Contact us

Jens Weimar

Contact us

To find out more, please do not hesitate to contact me.

Jens Weimar

Frankfurt a. M.
Request a meeting
black arrow rightgreen arrow right
white arrow pointing down

Scroll to the bottom to return
to the Overview

Amazon Web Services (AWS)
This is a a back to top button