About Client
The client is a prominent private life insurance company, operating as a joint venture between a leading Indian business group and a global financial services provider. With a nationwide presence spanning 430 branches, the company offers a comprehensive suite of life insurance products and serves over 2 million active customers through both digital and traditional distribution channels.
Client Challenge
The client was facing several critical challenges in their on-premises infrastructure:
- High costs due to inefficient resource management and lack of proper resource tagging
- Difficulty in sizing and resizing infrastructure with minimal downtime
- Inadequate vendor access controls, raising security concerns
These challenges were affecting operational efficiency, cost control, and infrastructure scalability.
Solution
Blazeclan implemented a set of targeted AWS-based solution solutions to address the client’s infrastructure, security, and cost optimization needs:
Infrastructure Optimization
- Reserved Instances (RIs): Purchased RIs for heavily used EC2 instances, significantly lowering long-term infrastructure costs.
- Automated Data Backups: Enabled automated backups to ensure data availability while removing the need for manual intervention.
- AWS EKS Migration: Migrated selected applications to AWS Elastic Kubernetes Service (EKS) to improve scalability, automation, and flexibility.
Security Enhancements
- MFA and Password Rotation: Multi-factor authentication enabled for all IAM users; password rotation policies enforced.
- Amazon GuardDuty: Integrated to detect and alert on potentially compromised accounts.
Governance and Access Control
Landing Zone Architecture (AWS Partner Solution):
- Multi-account structure for isolation and security
- Identity and Access Management (IAM) policies to enforce least-privilege access
- Governance framework for consistent policy enforcement
- Encryption and regular assessments to secure sensitive data
- Network architecture with VPCs, subnets, and security groups
- Centralized logging and monitoring via AWS-native tools
Monitoring Support
New Relic was deployed as a third-party monitoring solution to provide real-time observability during and after migration.
Architecture Diagram
Outcome/Result
Blazeclan’s strategic cloud transformation delivered substantial improvements across cost, performance, security, and governance for the client. The modernization efforts optimized resource utilization and infrastructure management while strengthening security posture and ensuring compliance with industry standards. This enabled the client to operate a more resilient, scalable, and cost-effective environment to support their growing business needs.
- Cost Optimization: Leveraged Reserved Instances and automated data backups to reduce infrastructure expenses by approximately $84,000 annually while minimizing manual operational tasks and downtime.
- Increased Performance: Migrated key applications to AWS Elastic Kubernetes Service (EKS), resulting in nearly 80% improvement in application performance, scalability, and reliability.
- Security Hardening: Implemented multi-factor authentication, password rotation, and Amazon GuardDuty to detect and mitigate compromised accounts, enhancing overall access control and threat protection.
- Governance & Compliance: Established a multi-account AWS Landing Zone architecture enforcing strict IAM policies, consistent governance, and achieved CIS compliance across the cloud environment.
- Resource Management: Achieved 95% resource tagging compliance, improving asset visibility and management.
- Monitoring & Visibility: Enabled comprehensive observability using AWS CloudWatch, CloudTrail, and New Relic to proactively monitor infrastructure health and security.
- Vendor Access Control: Enforced least-privilege access through granular IAM policies, securing third-party access and reducing risk.
Impact Highlights
- ~$84,000 Annual Cost Savings
- ~80% Performance Improvement
- 95% Resource Tagging Compliance
- Up to 40% EC2 Cost Reduction
Tech Stack:
- Amazon EC2
- Application Load Balancer (ALB)
- Amazon RDS
- Amazon EKS
- Amazon ECS
- Auto Scaling Group (ASG)
- Amazon CloudWatch
- Amazon S3
- Amazon VPC
- AWS DMS
- Amazon SQS
- Amazon EFS
- AWS Lambda
- AWS KMS