Going to AWS re:Invent 2024?
The strategic payments partner for many leading global brands, Checkout.com prioritizes performance, scalability, and reliability. That’s why they decided to apply infrastructure as code (IaC) as extensively as possible across the business. After initially trying an open-source automation server for their Terraform deployments, it became clear they needed a specialized IaC management tool.
We spoke to Joe Hutchinson, Director of Engineering – Developer Platform at Checkout.com, about why they chose Spacelift and the difference it has made to the team’s productivity.
Once Checkout.com decided to use IaC across the business wherever it was realistically feasible, they adopted a general-purpose tool to get started. The open-source automation server they chose proved to be a decent mechanism for getting started, but it was not optimized for IaC and it did not meet the company’s reliability or security standards, so they explored other options.
“We were always committed to moving away from our initial solution, so we did POCs with two other products besides Spacelift,” recalls Joe Hutchinson, Director of Engineering – Developer Platform at Checkout.com. Chief among their buying criteria were pricing and culture fit.
Checkout.com’s organizational structure is based on an owner-operator model with many small, self-organized product teams, each of which has autonomy over its own infrastructure. The sheer number of accounts involved means the total number of private workers required is high even though utilization can be relatively low.
The other IaC platforms the company reviewed operate the kind of pricing models that would have made this approach exorbitantly expensive. However, they discovered Spacelift’s pricing to be more in sync with usage, enabling Checkout.com to scale in a sustainable way and align their IaC activity with their growth ambitions.
But it wasn’t just cost that drew Checkout.com to Spacelift. The two companies also chimed when it came to culture. “We found that the Spacelift team was of a similar mind to us. We’re ambitious. We’re fast-moving. We want to solve problems, so we keep bureaucracy and that kind of thing pretty low. When we met the Spacelift team, we could tell it was going to be a good relationship,” says Joe. The response they received from other companies was completely different. “Even in initial discussions, it was far more a case of ‘Here it is. Use it. Pay us the money.’ With Spacelift, it was more like a partnership.”
Once they made the decision to use Spacelift for their IaC, the Checkout.com team was very deliberate in the way they set up the platform, drafting internal documentation on how to create a Spacelift organization and creating two Terraform modules — one for creating stacks and the other for bootstrapping Spacelift accounts. “Providing a paved road experience is key to enabling rapid adoption and innovation” explains Joe.
With a templated approach to using Spacelift in place, integrating the platform into Checkout.com’s workflows was virtually seamless. “We’ve got SSO set up in Spacelift, so that makes it really simple and highly configurable. We don’t even use its full power.” He lets us in on a proof of concept his team has for an end-to-end deployment solution in which application deployment follows infrastructure deployment, and Spacelift is invoked by Github Actions in the process. “It’s the level of configurability that allows this, which is great.”
Along with configurability, reliability is crucial for fintechs like Checkout.com. Payment card industry (PCI) compliance means they must fulfil strict regulations to ensure a secure environment for cardholder data. “Frankly in our entire time we’ve never had an instance where Checkout.com was trying to do a deployment and Spacelift was down — and given the number of deployments we do every day, that’s quite remarkable,” reveals Joe.
From a cloud perspective, Checkout.com is predominantly AWS, but they are starting to move into more diverse integrations where end-to-end traceability will be key. By stamping the Spacelift run ID into the AWS session ID, they will be able to track any sequence of changes using that ID. “We can go into AWS CloudTrail with the change of interest, get the session ID, plug that into Spacelift, get the run details of what it was doing and what code changes were in it — all the way back to the approval process and the developers involved,” Joe explains. “We can programmatically pull out these insights and send them to our data lake for analysis and that’s useful from so many angles — security and compliance, not only DevOps.”
Ultimately, Spacelift empowers Checkout.com teams to work with greater autonomy than ever before. “I’ve got people in my company who have never used Spacelift — in some cases never used IaC — who are configuring Spacelift in less than a day and actually starting to do deployments with no real hand-holding.”
That kind of self-sufficiency is part of the overall drive toward a more streamlined and efficient way of working. “There’s a project that we’ve just started to move us all onto one account. We’ve got lots of accounts at Spacelift, and this will help us go even faster than we are today. One account will give us the ability to have platform-level control over all the teams. The Spacelift documentation and the Spacelift team are great at guiding this.”
As they maintain their unwavering focus on efficiency, the Checkout.com team is examining how they can set up all their tools in a programmatic way. “And, with Spacelift, that means setting up with IaC and really enabling teams just to build services — not build all the infrastructure around those services,” confirms Joe.
For any organization wondering whether Spacelift is a good investment, Joe recommends looking at the reasons why projects may be delayed, over budget, or in need of outside experts to come in and rescue. “These are all possible symptoms of the wrong tooling that stifles velocity whereas Spacelift provides the kind of tooling that supports governed decentralization, enabling and empowering developers to solve problems themselves — even for a very regimented company. You could build Spacelift policies that are very restrictive of what a developer can do, so even in a PCI-regulated environment much like Checkout.com, you can still have teams that are empowered in their IaC to use these kinds of tools and innovate.”