ITC Infotech acquires Blazeclan Technologies to enhance Multi-Cloud services and fast-track digital transformation

Learn More
India
Contact Us

Blazeclan and AWS: Enhancing Security and Cost Efficiency for Helicopter Shipping Company

Company profile: 

Customer is a Global Helicopter shipping, offering customized logistical solutions for military deployments, offshore projects, search and rescue operations, and emergency medical services. With expertise in both ocean and air charter transportation, they ensure safe and timely delivery of cargo from any origin to any destination. Their 24/7 Global Customer Support Centre provides clients with round-the-clock assistance, reinforcing their commitment to reliability and client satisfaction in every shipment. 

Company challenges: 

  • The company recognized potential vulnerabilities in its cloud infrastructure and wanted to address these risks to prevent data breaches. 
  • There were compatibility issues across various platforms and devices, making it difficult to achieve seamless Single Sign-On integration. 

Customer’s needs & goal: 

  • A secure AWS environment in alignment with AWS Best Practices. 
  • Enhanced security for mobile and backend applications. 
  • Implementation of logging and monitoring systems to facilitate effective compliance management and cost control. 
  • A Well-Architected Review to optimize infrastructure performance and ensure best practices are followed. 

Blazeclan Solutions 

  • Single Sign-On (SSO) Implementation: Single Sign-On (SSO) was implemented across 3 websites and 2 apps using Amazon Cognito for its robust authentication features, including user management, secure storage, and token-based authentication, enhancing security and providing centralized login management for a streamlined user experience. 
  • Migration to Amazon RDS PostgreSQL: Migrated standalone PostgreSQL databases to Amazon RDS PostgreSQL, enabling greater scalability and improved data security through built-in security features such as encryption at rest and in transit. 
  • AWS Infrastructure Security Assessment: Conducted a thorough security assessment of customer’s AWS infrastructure, focusing on network, data, and application security, as well as logging practices and cost governance. 
  • AWS Well-Architected Review: Performed an AWS Well-Architected Review, identifying optimization opportunities within customer’s existing architecture to enhance efficiency and maintain best practices. 

Partner Solution: AWS 

  • Leveraged AWS Cognito for its robust authentication features, including user management, secure storage, and token-based authentication. 
  • Integrated Firebase Cloud Messaging (FCM) as a third-party notification service to send notifications to users of the shipping application. 
  • Utilized AWS SES to provide secure, reliable and efficient transactional email communication with users. 
  • Ensured that all the servers run on private subnets and are not publicly accessible. 
  • Leveraged AWS Secrets Manager to securely store the application’s credentials, ensuring encrypted access, and centralized management for enhanced security and compliance. 
  • Each server kept behind the ALB, ensuring efficient traffic distribution, improved application availability, and enhanced security. 

Security enhancement:  

  • CloudTrail Event enabled globally.  
  • All the EBS volumes encrypted using Customer managed Key.  
  • Encrypted RDS running with CKMS making it Private and not publicly accessible. 
  • Ensured that no security group allows ingress from 0.0.0.0/0 to port 22 and administrative ports.  
  • All the EC2 instances are in private subnet of custom VPC.  
  • We used AWS Secrets manager to ensure credentials are not stored in code. 
  • ALB has SSL/TLS certificates attached and is using HTTPS listeners.  
  • Ensured that ALB is protected by a WAF. 

Operational efficiency: 

  • Enabled detailed monitoring of the EC2 instances.  
  • Ensured AWS RDS instances have Automatic Backup set up. 
  • Ensured AWS RDS retention policy is at least 7 days.  
  • Ensured that all the S3 buckets have versioning enabled.  

Cost Optimization:  

  • Enabled Access logs in ELB.  
  • Ensured that no idle EC2 instance is running.  
  • Enabled write events object level logging in S3 bucket 
  • Ensured that no idle RDS instance is running. 

Compliance:   

  • Enforced a Strong Password Policy for IAM Users.  
  • Enabled MFA for all users to access AWS account.  

We used Bluehost as the DNS provider for the customer and configured their domain’s DNS records to route traffic to the DNS name of the Application Load Balancer (ALB). The ALB functions as a centralized access point for users accessing the domain, efficiently managing incoming traffic and distributing it to multiple EC2 instances based on the established listener rules. This setup ensured optimal performance and scalability for the customer’s application. 

Outcome 

  • Streamlined User Access: Implementing AWS Cognito for Single Sign-On (SSO) simplified user logins, improving security and convenience by enabling seamless access across platforms and reducing the risk of unauthorized access. 
  • Enhanced Database Security: Migrating to Amazon RDS PostgreSQL improved database encryption and scalability. Additionally, AWS Secrets Manager securely stores and manages credentials, enhancing security and minimizing vulnerabilities. 
  • Optimized System Efficiency: Insights from the Well-Architected Review led to infrastructure optimizations that boosted performance, availability, and resource allocation. The use of an Application Load Balancer (ALB) ensured efficient traffic distribution, improved system reliability, and enhanced scalability. 
  • Cost Optimization: By leveraging AWS best practices such as auto scaling and efficient resource management, we optimized operational costs. The identification of underutilized resources contributed to significant cost savings without compromising performance. 
  • Improved Compliance and Monitoring: AWS services like CloudWatch and CloudTrail enhanced real-time visibility, making it easier to meet compliance standards. Automated monitoring and alerts facilitate proactive risk management and early detection of potential security issues. 

Solution Partner: AWS 

Service Utilized: 

  • AWS Cognito for Authentication. 
  • Firebase cloud messaging service. 
  • ALB 
  • Bluehost 
  • Secret manager 
  • Certificate Manager 
  • VPC 

Solution Area: Digital Service. 

Sub-offering: Security, App Modernization, Cloud Native App Development 

Tech Stack used: Angular, NodeJS, NextJs, Amazon CloudWatch, Amazon Secret Manager, Amazon S3, Amazon Cognito, Amazon SES, Amazon EC2 instances, Application Load Balancers (ALBs), Amazon RDS PostgreSQL, Amazon Certificate Manager, Amazon SES, Bluehost, Firebase FCM, Kotlin, Swift 

Share This Article