Domino’s Pizza, Inc. is a leading pizza restaurant chain in Malaysia and focuses on being the best pizza delivery firm. With already over 240 pizza places located strategically across the region, Domino’s is increasing its stores for serving all pizza lovers in the nation. It continues to forge ahead as a leading ecommerce entity and has led several firsts in its digital platforms.
For their AWS infrastructure in Malaysia and Singapore, Domino’s sought support from Blazeclan to mitigate their challenges related to cost and CIS compliance. The infrastructure was not fully compliant as per global CIS benchmarking standards and lack of a secure method to transfer their data files to their AWS application leaving their infrastructure vulnerable to threats and data theft. Moreover, their AWS infrastructure in Malaysia and Singapore were incurring more than their budgeted costs.
Blazeclan offered Domino’s managed services that also involved analysis of the environment for adherence to best practices while covering security and cost optimization.
The Solution Approach Involved
- Complete analysis of their AWS environment along with the reports submitted on security gaps and cost optimization.
- The AWS environment of Domino’s was made CIS compliant, following the norms which state that the S3 buckets should not be public, no security group must be open to all, etc.
- Identifying unnecessary AMIs getting piled up, free volumes that are not associated with any instance such as EC2, and elastic IPs.
- For enabling reserved instances, the AWS environment was made stable by identifying performance bottlenecks due to overutilized and underutilized servers along with the associated resources required.
- Moving instance types to reserved instance (RI) category.
- Implementing an open VPN server and getting rid of Bastion as jump server, which was being used by their users to access the production servers from across the world without a fixed IP.
- Implementing the SFTP Linux server for mapping S3 buckets to SFTP while applying policies of identity and access management (IAM).
Benefits Achieved by Domino’s
- Cost Optimization: Utilizing the reserved instances and cleaning up of old AMIs, elastic IPs, and free/unused volumes helped Domino’s achieve significant cost savings on their infrastructure.
- Security Enhancement: Implementing the open VPN server and restricting access to these servers enhanced the overall security of the Domino’s infrastructure. Moreover, deploying the SFTP server allowed the transfer of files securely to their AWS environment.
- CIS Compliance: The AWS environment of Domino’s was made 100% CIS compliant, enabling fixed IPs to restrict access at the Bastion level.
|Amazon EC2 RIs||Amazon EC2||AWS ELB|
|Amazon S3||Amazon CloudFront|