CTAC AWS DevOps Case Study for NHTSA WebAPI

Introduction to Customer

Leveraging DevOps to Disseminate Public Safety Information

The National Highway Traffic Safety Administration (NHTSA) is an agency of the Executive Branch of the U.S. government, part of the Department of Transportation. Its stated mission is “Save lives, prevent injuries, reduce vehicle-related crashes.” In keeping with this mission, NHTSA collects and publishes public safety information related to vehicles, car seats, tires, and equipment to two of its public-facing websites, NHTSA.gov and SaferCar.gov. In order to best serve the needs of its information consumers, NHTSA sought to modernize its platforms and implement a single comprehensive source for all safety information by utilizing an API-first approach.

Overview of Challenges

The code base and ELT process for the solution needed to support frequent changes and deployments multiple times a day due to the constantly evolving data sources. NHTSA faced the challenge of aggregating, validating, and scaling the availability of data from three distinct vehicle, car seat, and tire information data sets spread across multiple systems. Additionally the ability to support traffic demand spikes was considered to be top priority as any downtime could be constituted as a public safety risk.

Details of Solution

CTAC was able to modernize the NHTSA platform with a DevOps process that resulted in production releases often multiple times per day.  CTAC orchestrated deployment and management of resources in NHTSA’s AWS environment and provides all operational services for the Safety API project at NHTSA.

CTAC DevOps engineers designed and delivered the new API, built on AWS, which features:

  • Full Jenkins CI/CD pipeline
  • Hardened base Ubuntu images
  • Configuration management
  • Terraform Infrastructure as Code (IaC)
  • Automated testing, building, reporting
  • Immutable servers
  • Auto Scaling, Load Balancing
  • Multiple environments (dev/stage/prod)
  • WAF customization (auto-block/release malicious IPs with AWS Lambda & Cloudfront logs)
  • API Gateway
  • Self-healing instances

CTAC’s DevOps engineers:

  • Built a unified product database
  • Designed and developed a single comprehensive API
  • Architected and built out a new platform on AWS
  • Migrated existing document repositories into AWS
  • Continue to provide ongoing O&M support to the API and supporting AWS infrastructure

CTAC designed the NHTSA Safety API using standard Twelve-Factor App methodology. CTAC builds cloud infrastructure using the immutable server design philosophy to reduce security risks, eliminate configuration drift, and simplify deployments, rollbacks, and new environment creation. CTAC delivered a system that is resilient, scalable, and reliable, and that provides a single API for all vehicle, tire, car seat, and equipment safety data. The new NHTSA API now delivers all public safety information to several publicly available websites including edmunds.com, cars.com, and kbb.com (Kelly Blue Book). 


The CTAC team delivered a single, comprehensive DevOps powered by AWS.

  • Every code commit is tested, packaged, and deployed to a test environment in real time in response to events
  • One-click stage deployments give deployment managers control over what to deploy when
  • One-click production deploys & rollbacks minimize support team effort & time while empowering Change Control Board (CCB) to make decisions
  • Deployment time reduced from hours/days to about 10 minutes with full end to end automation (reducing errors and risk)
  • Configuration creep eliminated with immutable, pre-baked server instances
  • Security updates, software patches, version upgrades happen with every build & deploy preventing servers from going stale or becoming vulnerable

Leveraging AWS tools and services, DevOps engineers at CTAC are able to readily support the deployed solution, ensuring that the public always has access to the latest published public safety information related to vehicles, tires, child seats, and equipment.

The outcome of this work enables a modern, streamlined, and consistent approach to publishing information. No longer available only on NHTSA’s websites, the API enables use of public safety information in a multitude of platforms and use cases:

  • Responsive websites
  • Mobile phone apps
  • Cross-agency data sharing
  • Flexibility for agency reporting
  • Powerful access to data for researchers
  • Further Open Data mandate compliance