NestPay Portal

Building an Internal Portal with AI-Assisted Development

NestPay Team β€” NestlΓ©

1

Agenda

πŸ› οΈ Part 1 β€” Methodology

  • Why we built the portal
  • Iterative prototyping with GitHub Copilot
  • Tech choices and approach

πŸ—οΈ Part 2 β€” Architecture

  • AWS architecture overview
  • Key components and data flow
  • Lessons learned
2

Part 1 β€” How We Built It

The Need: A unified internal portal for the NestPay team to monitor payments, manage configurations, inspect API definitions, and visualize metrics β€” all in one place.

πŸ€– Iterative Prototyping with Copilot

  • AI-assisted development using GitHub Copilot from day one
  • Rapid iteration: prompt β†’ generate β†’ review β†’ refine
  • Copilot accelerated boilerplate: routing, CORS, cookie handling, AWS SDK calls
  • Human review for security-critical code (auth, sessions, secrets)

πŸ“¦ Tech Stack

LayerChoice
FrontendVanilla HTML / CSS / JS
AuthMSAL.js + Azure AD (Entra ID)
i18nCustom locale system (EN, ES, FR, CA)
BackendNode.js Lambda β€” single function, custom router
ObservabilityNew Relic NerdGraph + QuickSight
3

Part 2 β€” AWS Architecture

                                 β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
                                 β”‚   S3 Bucket   β”‚
                                 β”‚  (Static UI)  β”‚
                                 β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”˜
                                        β”‚
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”     β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”      β”‚      β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚  Browser  │────▢│  CloudFront  │───────      β”‚   Azure AD    β”‚
β”‚  (User)   β”‚     β”‚              β”‚      β”‚      β”‚  (Entra ID)   β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜     β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜      β”‚      β””β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”˜
                        β”‚               β”‚              β”‚
                        β–Ό               β”‚              β”‚
                 β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”      β”‚      β”Œβ”€β”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β”
                 β”‚ API Gateway   β”‚      β”‚      β”‚   QuickSight   β”‚
                 β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”˜      β”‚      β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                        β”‚               β”‚
                        β–Ό               β”‚
                 β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”      β”‚      β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
                 β”‚   Lambda     │──────┼─────▢│   DynamoDB     β”‚
                 β”‚  (Node.js)   β”‚      β”‚      β”‚  (Sessions)    β”‚
                 β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”˜      β”‚      β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                        β”‚               β”‚
           β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”‚
           β–Ό            β–Ό            β–Ό  β”‚
    β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”
    β”‚ Secrets    β”‚ β”‚ AppConfigβ”‚ β”‚  New Relic   β”‚
    β”‚ Manager    β”‚ β”‚          β”‚ β”‚  NerdGraph   β”‚
    β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                        β”‚
                        β–Ό
                 β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
                 β”‚  Dispatcher  β”‚
                 β”‚  APIs (NestPay)β”‚
                 β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
4

Portal Capabilities

πŸ“‹ Features

  • Auth: Azure AD SSO via OAuth 2.0, server-side sessions stored in DynamoDB
  • API Dispatcher: Transparent proxy to downstream NestPay microservices (dev / int / stg)
  • Config Viewer: Browse AppConfig applications, profiles & environments
  • Secrets Browser: List Secrets Manager entries
  • Multi-language: Custom i18n β€” EN, ES, FR, CA

πŸ“Š Observability

  • QuickSight: Embedded dashboard for payment analytics
  • New Relic Metrics: Accepted-payments rate queries with faceted filters
  • Log Search: Contextual log querying via NerdGraph API

πŸ”’ Security

  • HttpOnly + Secure session cookies
  • CORS with origin validation
  • Secrets fetched from AWS Secrets Manager (never hardcoded)
5

Lessons Learned

βœ… What Worked

  • Copilot drastically reduced boilerplate time (routing, AWS SDK, CORS)
  • Vanilla stack = zero build complexity, fast deploys (single zip)
  • Single Lambda keeps infra simple and cost-effective
  • CloudFront unifies frontend & backend under one domain (avoids cross-origin cookie issues)

⚠️ Watch Out For

  • Cross-origin cookies (SameSite, Secure flags)
  • Always review AI-generated security code
  • Lambda cold starts with 128 MB memory
6

What's Next? β€” Open Discussion

πŸš€ Go to Production?

  • The portal currently targets dev / int / stg environments
  • Should we promote it to production?
  • Prerequisites: security review, load testing, on-call ownership, PCI

πŸ” Role-Based Access Control?

  • Today every authenticated user sees everything
  • Read-only vs. admin roles
  • Leverage Azure AD groups / app roles

πŸ’‘ Other Features?

  • Config editing β€” push AppConfig changes from the portal
  • Alerting dashboard β€” surface New Relic alerts alongside metrics
  • Audit log β€” track who accessed what and when
  • Automated tests β€” integration + E2E coverage

πŸ—£οΈ Your Input

  • What pain points does the team still have?
  • Which feature would bring the most value today?
7

Thank You

Questions & Discussion

8