Modernizing a Virtual Care Platform with Microservices on Amazon EKS

About the Company

The client runs a virtual care platform that health systems and provider groups use to deliver care remotely: video visits, secure messaging, scheduling, and the patient payments that go alongside them. Demand had been climbing steadily, and the platform needed to keep pace without losing reliability.

The Challenge

The product had outgrown the monolithic application it was built on. Releases were slow and entangled, a problem in one area could ripple across the whole system, and scaling meant scaling everything at once. Leadership wanted to move to microservices and put the platform on firmer operational footing, but a few things were non-negotiable: protected health information had to stay protected under HIPAA, the payment path had to meet PCI DSS, and the environment had to stay aligned with AWS security best practice throughout, none of it allowed to slip while the team modernized around live patient traffic.

The Solution

NileForge started by putting a proper foundation under the work. Using AWS Control Tower, the company's AWS estate was organized into a multi-account structure with dedicated management, log archive, and audit accounts. An organization-wide AWS CloudTrail trail feeds the central log archive, single sign-on is handled through AWS IAM Identity Center federated to the company's identity provider, preventive guardrails are applied as service control policies, and AWS Config rules track the environment against the HIPAA and PCI DSS controls in scope. Because the workloads handle protected health information, they run on HIPAA-eligible AWS services under a Business Associate Addendum.

With that in place, the application was decomposed into microservices on Amazon EKS, AWS's managed Kubernetes service, with the infrastructure, pipelines, and environments all defined as code in Terraform. Releases moved to a GitOps workflow and are promoted through qualification environments before production, so changes are tested and reversible rather than risky. Cluster capacity scales automatically to match demand, and Amazon EC2 Spot is used for workloads that tolerate interruption to keep compute costs in check. The real-time video at the heart of each visit is built on the Amazon Chime SDK, while patient-facing applications sit behind Amazon CloudFront and AWS WAF, and data is encrypted throughout with AWS Key Management Service. Relational data sits in Amazon Aurora PostgreSQL, Amazon DynamoDB handles high-throughput state such as messaging and sessions, and Amazon S3 stores documents and visit artifacts.

To connect the services cleanly, NileForge introduced an event-driven backbone on Amazon Managed Streaming for Apache Kafka (Amazon MSK), carrying appointment, messaging, and notification events between microservices so they stay loosely coupled and easy to evolve. Security and monitoring were built in alongside: Amazon GuardDuty watches every account for threats, AWS Security Hub consolidates findings against standards including the CIS AWS Foundations Benchmark and PCI DSS, Amazon Macie identifies sensitive data in Amazon S3, and Amazon CloudWatch with AWS X-Ray gives the team metrics, logs, and end-to-end tracing across the services. What began as a defined modernization grew into an ongoing partnership, with NileForge moving services across in phases and sizing its team to the work as it went.

The Results

• A monolith broken into independently deployable microservices on Amazon EKS, each scaling to its own demand
• HIPAA and PCI DSS requirements upheld throughout, with controls enforced and centrally logged
• Video visits, messaging, and scheduling delivered over a resilient, event-driven backbone
• GitOps releases that are versioned, tested in qualification environments, and safe to roll back
• Lower compute costs through Spot capacity and autoscaling, even as usage grew