Building the Future of Payments Infrastructure on AWS
How Akua launched a PCI-ready platform with Kubernetes, automation, and a secure AWS Landing Zone
Scaling a payment platform in Latin America means more than processing transactions.
It requires security, compliance, performance, and the ability to ship fast without breaking governance.
Akua partnered with binbash to build a production-ready AWS platform designed to accelerate PCI-DSS readiness, streamline developer workflows, and support multi-rail payment processing at scale.
Scaling payments while preparing for PCI compliance
-
Akua needed an infrastructure capable of supporting growing transaction volumes across multiple payment rails, while aligning with strict PCI-DSS requirements.
-
-
The main challenges included:
-
Building a scalable platform across multiple environments
-
Achieving compliance readiness for sensitive payment data
-
Automating infrastructure to reduce time-to-market
-
Optimizing costs without sacrificing availability or performance
-
Their goal wasn’t just to migrate workloads — it was to create a foundation for long-term platform growth.
A Well-Architected AWS platform powered by binbash Leverage™
binbash implemented a secure, automated, multi-account AWS architecture using the Leverage™ framework.
Key components included:
-
Multi-account AWS Landing Zone with Organizations and SCP governance
-
Kubernetes EKS clusters across Dev, Prod, and Credit Card environments
-
CI/CD automation integrated with GitLab
-
Centralized networking with Transit Gateway, Network Firewall, and VPN access
-
IAM Identity Center for secure access management
-
Encryption and logging aligned with PCI-DSS standards
The deployment was completed in just three months, positioning Akua for integration with major payment processors.
Secure, scalable, and automation-driven
The architecture introduced:
-
Multi-account workload isolation
-
Infrastructure-as-Code using Terraform and Pulumi
-
Automated GitLab runners for deployment pipelines
-
Observability with New Relic and QuickSight dashboards
-
Cost monitoring through AWS Budgets and CloudWatch
The diagram on page 3 of the case study illustrates the AWS Landing Zone structure, showing dedicated accounts for management, tools, development, and production — all connected through centralized networking and security layers.
This design allowed Akua to operate like a platform company from day one.
Enabling self-service for engineering teams
A major milestone was the creation of Akua’s Internal Developer Platform.
Through Port.io, Pulumi, and automation workflows, engineering teams gained:
-
Self-service infrastructure deployment
-
Multi-environment resource provisioning
-
Faster feature delivery cycles
-
Reduced operational overhead
The IDP shifted the focus from infrastructure management to product innovation.
Faster operations, stronger governance, better scalability
Key outcomes included:
-
Accelerated readiness for PCI-DSS certification
-
Reduced deployment times through automation
-
Increased developer productivity via the IDP
-
Seamless scalability across environments
-
Improved operational visibility and cost control
The new platform positioned Akua to support growing payment volumes without increasing infrastructure complexity.
Security and Compliance by Design
-
The platform incorporated security as a foundational layer:
-
CloudTrail, Config, and GuardDuty for centralized monitoring
-
Encrypted storage with Amazon KMS
-
MFA and least-privilege IAM policies
-
Network inspection via AWS Network Firewall
-
PCI-aligned architecture ready for certification workflows
-
Instead of retrofitting compliance later, Akua built it into the platform from the start.
Ready to build the future with GenAI?
