Iskaan had a rather constrained environment which was not highly available, secure and prone to disaster. The pipeline for deployment of code was not setup. They wanted an environment which was highly available, secure, have regular backup for their data and scalable for any unprecedented events. The project also called for a warm DR environment with real time replication between regions.

The backend legacy API is used for serving dynamic responses when invoked with REST via load-balancer endpoints (ELB). Being the most critical part of the operation of the business, preventing DDoS attacks, lowering API request throttling and API call response latency, and speed of content delivery is crucial to operational excellence.

The deployment of the entire web application on AWS after re-architecting to a highly available, resilient, scalable and immutable environment with the adoption of DevOps principles and CI/CD methodology helped the customer to have an always-on infrastructure serving their thousands of corporate customers in the Middle East. Specifically, with the help of Amazon CloudFront, it was possible to offer the end users blazing fast content, both static and dynamic and offer secure access to confidential customer documentation, uploaded and stored on S3. This is made possible with the combination of Amazon CloudFront and AWS Web Application Firewalls.

Amazon CloudFront helps in mitigation against DDoS attacks by reducing the number of requests abd connections back to the origin, thus protecting the origins from flood and reflection attacks. It also prevents slow writing attackers using applications like sloworis. OWASP rules on AWS WAF prevent the most common threats to the application and assets.

The use of signed URLs restrict the content to authenticated users, and is further restricted by time that a resource is available once the URL is signed. OAI and custom headers helps in further restrictions on the content and how it is accessed.

Latency and time to first byte is reduced by CloudFront which uses keep-alive connections, TCP slow start optimization, and proximity connections.

Usage and anomalies are monitored in near realtime by integration with our managed NOC/SOC which uses a custom ELK stack for monitoring, dashboarding, and alerting.

The image below shows the architecture of the Integra SOC ELK stack and the integration with customer accounts. This is a generic representation and is common to all customers.

Having Amazon CloudFront immediately decreased the average time to first byte as well as overall load times for web pages. Increased security for the content, protection from hotlinking, domain spoofing as well as domain fronting were achieved as a result of CloudFront deployment. The integration of the AWS Web Application Firewall protects the site and its availability by the use of default as well as custom rulesets. The API and customer assets are used extensively by applications and connected to from different third party applications, and a marked improvement in response times as well as availability is seen and reported by customers of Iskaan.