Back to Client WorkBack to Industries
Client Story

AWS Security solution for manufacturing.

  • Company
    Supply chain management provider
  • Location
    Andheri (West), Maharashtra, India
  • Employees
    501 - 1,000
  • Industry
    Manufacturing
  • Services
    Cloud and DevOps
  • Website
  • Tech Stack

    The following technologies were used in the solution:

    Terraform

    AWS

    • Lambda
    • Route53
    • VPC Peering
    • Cloudfront
    • S3 buckets
    • RDS
    • Web Application Firewall (WAF)
    • Key Management Service (KMS)
    • Certificate Manager
    • API Gateway

    OpenVPN

    Gitlab

Problem Description

Our client is a global supply chain management provider who provides low-cost solutions, risk mitigation, and strategic sourcing. The way they managed their infrastructure was a manual and tedious process that relied on several different people, whose criteria determined what changes were made. This was a less than ideal way to manage resources, with little adherence to best practices. Due to this, and after a detailed analysis of the problem, Allata proposed the client to adapt its infrastructure, based on best practices for security, incorporating the use of AWS resources and using Infrastructure as Code (IaC) through Terraform.

Previous Architecture

Solution

The solution had to allow the creation of a productive and development infrastructure in a quick way and at the same time compliant with given security standards. For this purpose, we used Infrastructure as Code for the provision of the infrastructure, which allows us to keep a detailed record of changes in the infrastructure and to replicate and deploy it with minimal effort.

Additionally, we adjusted the settings to improve security within the infrastructure. This was achieved by isolating environments from the Internet, and between each other.

This way, those who have access to one environment do not automatically acquire access to the rest. Likewise, a VPN service was implemented as the only point of access to the components of the infrastructure. Also, MFA mandatory use policies were implemented for all users who have access to the AWS console.

It is worth mentioning that necessary foundations were left in place for future implementations of high availability in the productive environment.

Benefits

The client came to Allata with the goal of improving security within their infrastructure. We used IaC to create it from Terraform code, so that it could be secured and easily recreated if necessary.

Among the benefits achieved can be mentioned:

  • Creation of the entire infrastructure from Terraform code, which allows it to be versioned and protected in git.
  • Isolation between development, production and legacy environments, and also among each other, eliminating the possibility of unrestricted access to them from outside.
  • Access to infrastructure through a single access point, controlled and secured through a VPN server.
  • Possibility of creating multiple development environments.
  • Encryption of all databases using KMS.
  • Facilitating access to web servers and DB servers within the infrastructure through internal name resolution, thanks to a Route53 private hosted zone.
  • Optimization of AWS resources used.
  • S3 bucket encryption.
  • Detailed documentation of the new infrastructure was generated.
  • Detailed instructions for the administration of the VPN were generated.

Ready to connect?

Get in touch
Built better to build better
Dallas
2777 N. Stemmons Fwy,
Suite 1240
Dallas, TX 75207
(972) 996-2360
Boise
12639 W Explorer Dr,
Suite 200
Boise, ID 83713
(208) 957-6821
Phoenix
1 N. 1st St,
Suite 691
Phoenix, AZ 85004
(623) 244-1643
Argentina
Humberto Primo 680,
Capitalinas, S13,
5000 Córdoba, Argentina
+54 (351) 483-8185
© Allata, LLC 2019