Boosting Town Square: 5 Ways Cloudlaya & AWS WAF Transformed Cost, Security, and Performance

In the digital age, organizations need to ensure that their platforms have low cost, high security, and are scalable to meet user demand. This is true for Town Square, a contemporary strata management software platform. Platforms such as Town Square are now under pressure to offer seamless user experiences and standard security protocols to routinely meet the demand for digital convenience. With an increase in users and growing demand for digital services, Town Square was under considerable fiscal and technical stressors. Cloudlaya, an AWS DevOps and Site Reliability Engineering (SRE) consultancy, stepped in, not wasting any time, and helped Town Square rethink, reset, and prepare their system architecture for the future.

This blog will detail how Cloudlaya leveraged new AWS Solutions, frameworks for the ongoing security, and approaches to cost management to help the Town Square overcome some major issues.

 

The Challenge: Cost, Security, and Scaling

Difficulties started for Town Square when they began to scale. They began to run into performance, cost, and security issues that put the long-term sustainability and usability of the platform at risk.

Scaling Difficulties

The rapid growth of Town Square began to push the platform past its existing architecture with over 10,000 users either simultaneously online at the same time, or nearing it.  There was inadequate auto-scaling in the architecture which resulted in server resources being overloaded during peak times of use, or having highly underutilized resources that sat idle during off times of use.  There is nothing more frustrating than slow systems, inconsistent latencies and outages to ruin the user experience and potentially compromise customer retention.

AWS Expenses

Cloud infrastructure expenses grew along with demand.  The configuration of network, storage, and compute resources were not designed to take advantage of optimization capabilities.  Result?  increased AWS costs.  Spot instances, reserved instances, and intelligent tiers are cost optimization features that were used sporadically, while services were nearly always over-provisioned and/or not aligned to any actual usage needs.

Security Vulnerabilities

Security is especially important for a digital platform concerning private strata management data. A top level security WAF (Web Application Firewall) gave Town Square no visibility to see possible threats of cyber attacks and put the platform at risk for multiple cyberattacks including DDoS attacks, SQL injections, cross site scripting (XSS), and brute force attacks by malicious bots.

Reliability and Downtime Issues

There was a growing concern from outages, degrading incident response times, and the inability to execute a disaster recovery plan successfully. Town Square did not have any thorough monitoring tools, which delayed issue identification and resolution. This created an issue for users as they didn’t have confidence in the platform because it wasn’t reliable, even by industry standards.

 

The Solution: Cloudlaya’s Holistic AWS Strategy

Through a holistic approach focused on infrastructure-as-code, hardening security, optimizing costs, and engineering reliability, Cloudlaya completely modernized Town Square’s AWS infrastructure.

1. Infrastructure Automation and Modernizing DevOps

Cloudlaya structured Town Square’s development and deployment lifecycle using best-practice DevOps practices.

CI/CD Pipelines

Using AWS CodePipeline and GitHub Actions, Cloudlaya installed automated Continuous Integrated and Continuous Deployment (CI/CD) pipelines, replacing Town Square’s manual deployment process which was very labour-intensive and error prone. The team was able to roll out new features faster and with more owner reliability because they reduced deployment time from hours to minutes by automating it.

Auto Scaling and Load Balancing

Cloudlaya also used AWS Auto Scaling groups and Application Load Balancers (ALBs) to reduce the challenges posed by scalability. The CDN resources would decide how much compute capacity was appropriate, automatically scaling based on traffic ensuring enough performance at peak usage while also scaling back resource consumption based on lower traffic.The dynamic scaling improved uptime and usability.

Infrastructure as Code (IaC) with Terraform

Instead of manually provisioning staging environments and subsequent manual deployments to production, Cloudlaya replaced everything with Infrastructure Cod (IaC) utilizing Terraform. This enabled reproducible infrastructure as code that was managed as versions and could be set up, updated, or rolled back in a fraction of a second as opposed to the potentially days of manual configurations. Terraform also provides confidence that environments were created consistently in development, staging, and production.

 

2. Using AWS WAF for Advanced Security Hardening

In order to address security weaknesses, Cloudlaya ramped up Town Square’s defenses by deploying AWS Web Application Firewall (WAF) and a variety of security services.

Custom Firewall Rules

Custom rules were created in AWS WAF that would protect against both known attack vectors (injection attacks such as SQL) through to cross-site scripting (XSS) and other malicious URL patterns. With all these protections, Cloudlaya was able to greatly reduce the attack surface that would otherwise be exploited.

IP Reputation Filtering and Access Control 

Cloudlaya used an IP Reputation filter to block access from known malicious IP addresses by using AWS WAF. With this preventative type of control, respondents were effectively denying access to malicious actors in the first place, and thereby minimizing the risk of breach.

Rate Limit and Bot Protections

Cloudlaya also has rate limiting rules for brute force or “bot-like ” attacks. It allowed throttling of abusive or excessive traffic, while also decreasing unnecessary loads to backend systems, while also allowing more bandwidth to legitimate users.

Threat Monitoring with Automated Response 

With this set up in place, they integrated AWS CloudWatch, AWS GuardDuty and used Lambda scripts to monitor access behavior and activate automated remediation in some cases. Scenarios where there were excessive failed logins or unusual patterns of access to APIs would invoke automated actions to remediate the security, like isolate resource assets or notify admins.

3. Effortless Cost Reduction

Town Square’s AWS bill reduced substantially after Cloudlaya ingrained it into their approach to cost optimization.

Spot Instances and Compute Savings Plans

Cloudlaya shifted their non-mission-critical workloads to AWS’ Spot Instances and signed up for a Compute Savings Plan for any predictable resources. In and of itself, these changes resulted in a reduction of computing costs of 30%!

Storage Optimization with S3 and Elasticache

Using S3 Intelligent-Tiering, Cloudlaya ensured any data that was infrequently accessed, would be moved automatically to lower-cost storage classes. Elasticache was integrated to help reduce the read-load of the database and increase application speed, while simultaneously reducing database costs.

EC2 Rightsizing with AWS Compute Optimizer

Using the AWS Compute Optimizer, they evaluated the performance of the EC2 instances and made recommendations for the best sizing. Underutilized instances were either down-sized or consolidated, resulting in lower monthly charges with virtually no impact on performance.

4. Adoption of Site Reliability Engineering (SRE)

Cloudlaya adopted a basic SRE model to help manage infrastructure at Town Square, helping to create better overall uptime and reliability.

Alerts and Monitoring

Monitoring tools (e.g. Prometheus, Grafana, and AWS CloudWatch) were integrated to provide top to bottom visibility into application performance response times, resource utilization, and health metrics.The engineers could act on any abnormal situation with real-time alerts.

Self-Healing Capabilities 

Access methods were automated with the use of lambda functions. The function would, for example, restart or replace a crashed service automatically or replace an unhealthy instance such that the amount of downtime would be negligible without human intervention.

Failover and Redundancy Mitigation Strategies 

Cloudlaya sought Amazon RDS Multi-AZ for database failover as well as AWS Backup for automated backups of data. These greatly aided the company in ensuring business continuity in the event of a regional outage or failure of a component.

 

The Results: Realized Business Impacts

Cloudlaya’s transformative technology delivered impressive results that addressed every challenge Town Square had faced before.

Scalability

Town Square’s – which is essentially web-based – modern infrastructure easily supported its over 10,000 concurrent user limit, which was 25 time greater than Town Square’s limit of 400 users. Auto-scaling configurations fostered optimized use of resources alongside the assurance of consistent performance during times of high traffic.

Cost Savings

Town Square’s AWS bill reduced by 30% through a combination of compute optimizations, improved storage efficiencies, and rightsizing. The company is now able to reinvest these savings into additional new projects.

Improved Security Posture

Town Square was able to reduce its vulnerability to cyber attacks using AWS WAF, GuardDuty, IP filtering, and automation through Lambda to limit 99% of malicious traffic.

Good Availability and Uptime

Through a combination of automatic failovers, self-healing systems, and better monitoring, Town Square was able to achieve 99.99% uptime. User confidence in the platform substantially increased, and less downtime ensued.

Increased Innovation Cycles

Improvements were now delivered to customers through CI/CD pipelines, and a host of auto-deployments. This increased agility allowed Town Square to stay ahead of competition and meet user expectations.

 

The Outcome: Realization of Transformation

Following six months of hard work, the outcomes were self-evident:

Into The Future: A Route Map

Now that Town Square and Cloudlaya have a secure, affordable cloud infrastructure in place, they are looking at some further innovations.

• AI-Driven Threat Detection: They are already working on some initiatives that incorporate AI and machine learning that will reduce the time on incident response and allow prediction of threats.
• Ongoing Cost Optimisation: Maintaining cost-optimisation alignment with existing AWS services is something that Cloudlaya will continue monitoring and adjusting workloads accordingly in line with improvements of efficiency.
• Global Scale: Town Square can now confidently expand services to foreign markets thanks to a cloud-based infrastructure of scalability.

Wrap Up

Town Square’s re-imagining of cloud architecture is a testament to the potential of engaging experienced DevOps and cloud consulting assistance to completely alleviate cost, performance and security concerns on a scalable, secure and resilient path to further growth.

If you are facing cloud issues similar to this one or are contemplating phenomenal growth, this case study demonstrates that collaborating with AWS and an experienced DevOps partner like Cloudlaya can produce some immediate and sustainable improvements. Cloudlaya assists companies with huge potential to get the best value from their cloud investment while being agile and certain about future directions in an ever-changing digital world.

Cloudlaya – Empowering AWS Success.

AWS PartyRock: Showcasing the Creativity of Artificial Intelligence

Develop a Scalable OTT Platform on AWS: Secure & Reliable 24/7

A Comprehensive Guide to Email Service in Nepal