AWS Optimization and Security at Takeaway

AWS Optimization and Security at Takeaway

The Project

After a company's takeover, the existing AWS (Amazon Web Services) infrastructure has to be evaluated and secured. This must be followed by a step-by-step optimization of the costs. Our input for Takeaway was exactly to help them in this process.

The Problem

It's a fact that in order to accomplish success, a company has to grow. Sometimes, the best way to achieve this is by acquiring other companies. Takeaway and Food Express is such a case (Read more). By acquiring the food delivery service Food Express, Takeaway had also taken over its Amazon-cloud-hosted pickup delivery software solution. Following the ownership transition, the corresponding AWS account needed to be adapted and secured accordingly.

The Solution

First, all the services and, above all, every user access had been included to the IT resources' database and subjected to a rigorous security screening. Then, we grouped and restricted permissions in AWS Identity and Access Management (IAM) for access to AWS resources, and changed the structure of policy documents.

These analysis of IT architecture started being reflected in account's security structure. By optimizing resources, adapting instance variables, shifting static content to AWS S3, and switching off the test environments overnight, we managed to achieve significant cost reduction.

Our Contribution

One of kreuzwerker's DevOps engineers had been assigned to assist Takeaway Express's newly-formed interdisciplinary development team. Many of the software components corresponding to the discovered security deficiencies had been modified, their access restricted as much as possible.

In a later phase of the project, user authentication and authorization solutions were implemented on the basis of OpenID Connect with Keycloak. Further evaluations and adjustments in the field of traffic routings were added afterwards.

The Benefit

Generally speaking, the transfer of an unknown software stack in the context of a company takeover is always accompanied by risks. This is where kreuzwerker came into the picture and helped Takeaway Express secure its AWS account and optimize its IT infrastructure. By doing so, we significantly reduced the risks for our client, freed him from further worries, and enabled him to concentrate on the most important aspect: integrating the software stack into their IT ecosystem.

The Upshot

Every AWS account should be operated from the outset on the basis of a solid security concept. Poorly backed-up servers and services are a target for hackers or competitors. Those who try to save money by cutting down on the wrong costs end up paying double.