INTEGRA Open Source at Integra Dubai AGILE. SECURE. TRANSFORMATIVE.
LinkedIn Facebook Social Media
Amazon Web Services (AWS) Web Application Firewall (WAF) Service Delivery
Case Study - How Amazon CloudFront helps in delivery secure content fast to customers
One of the major master developers in Dubai migrated from an on-premise hosted web presence to AWS which functions as a single integrated web front that ties to multiple backend systems - including lead capturing and processing with integration to SFDC and online software that customizes villa layouts, custom designs and interior customizations. The reasons for wanting the migration was downtimes, slow responses and service unavailability.

Being the most visited part of their entire digital infrastructure - having almost 6 million hits a month, it is a priority business critical component. Speed of content delivery is of paramount importance to user experience, as is the ability to deliver content securely. Damac, being one of the biggest developers in the region, are exposed to all kinds of attacks and efforts to compromise their systems.

It was imperative that the infrastructure is protected with all resources at hand so that there is no downtime and that the attacks are prevented. Damac Properties visitors and property owners come from all parts of the world, drawn to Dubai's tax free environment and cosmopolitan culture. There is a need to have a content delivery mechanism to ensure that the customers and property owners receive content as quickly as possible.

Amazon CloudFront was the natural choice. Since it integrates natively with AWS components like Route 53, AWS Certificate Manager (ACM), origins such as Elastic Load Balancers and S3 and the ability to add application logic right at the edge with Lambda@Edge, CloudFront was recommened to the customer. Again, the ability to seamlessly integrate a Web Application Firewall (AWS WAF) helping us to create custom, application-specific rules that block common attack patterns that could affect the digital estate availability and compromise security.

HOW THE ENVIRONMENT IS CONFIGURED

Damac’s customer base is primarily spread across Middle East, Eastern Europe, UK, South Asia, China and Russia. CloudFront provides very low latency access to content, whether static or dynamic.  A reasonable value for the TTL for static content is configured, which ensures that most of the time content is delivered directly to users from the cache. CloudFront performs fast change propagation and invalidations, thus ensuring up to date content for end users.

CloudFront distributions are integrated with AWS WAF. The global WAF ACL is configured with AWS managed OWASP Top 10 rules. As an added security benefit, all the CloudFront distributions are defended by default against the most frequently occurring network and transport layer DDoS attacks that target the websites or applications with AWS Shield. Certificates is provided with ACM integration, thus ensuring encryption in transit.

Lambda@Edge capabilities like dynamic origin selection, handling origin redirections, adding additional headers for improved security and also working as a custom-proxy for to the variety of origin endpoints are used. Triggered by CloudFront requests, Lambda@Edge runs code closer to the end users for improved responsiveness.

Path-based behaviors, for which the cached HTTPS methods, headers, cookies and query URLs are customized are also used. Cache configuration controls, gzip compression and access to geo-location headers are some of the other configurations that are deployed.

 

The image below shows the architecture of the Integra SOC ELK stack and the integration with customer accounts. This is a generic representation and is common to all customers.

Having Amazon CloudFront immediately decreased the average time to first byte as well as overall load times for web pages. Increased security for the content, protection from hotlinking, domain spoofing as well as domain fronting were achieved as a result of CloudFront deployment. The integration of the AWS Web Application Firewall protects the site and its availability by the use of default as well as custom rulesets. Overall, there has been a sharp jump in customer satisfaction, as reported by the marketing and sales teams.

AWS COMPONENTS USED

Amazon CloudFront

Amazon S3

AWS WAF

Amazon EC2

Amazon ALB

Lambda

AWS ACM Lambda@Edge AWS ElasticCache

 

Integra Technologies FZE
PO 341352, A4-311, Dubai Digital Park
Dubai Silicon Oasis
Dubai, United Arab Emirates

Telephone: +971 4 3364 840
Fax: +971 4 3364 842
Email: info@integratech.ae

Integra Cloud Technologies LLC
PO 341352, A4-311, Dubai Digital Park
Dubai Silicon Oasis
Dubai, United Arab Emirates

Telephone: +971 4 3364 840
Fax: +971 4 3364 842
Email: info@integratech.ae

Integrasys Technologies
Level 2, B'Hub
Mar Ivanios Campus
Trivandrum, India

Telephone: +91 81290 16520
Email: info@integratech.ae

Current Events


No current events.

 

Copyright © 2004-2021 Integra Technologies FZE