Web Developer Grows Performance, Elasticity, and Security through AWS CloudFormation, ELB and WAF Expertise

Profile

A subsidiary of a larger marketing services organization, this company specializes in web development projects specifically for firms with online video streaming needs. Additionally, they focus on creating eCommerce storefronts for their clients, creating custom store designs on the front end and hosting, streaming, securing, and updating on the back end.

Business Needs

• Maximize website performance
• Ease infrastructure management
• Increase developer productivity
• Grow security

Challenge

For this organization to stay competitive, they needed to build and manage an optimized technology infrastructure that delivered maximum performance for its business and its customers’ eCommerce implementations. Specifically, its infrastructure needed to flawlessly support the performance demands of its clients’ high definition video streaming and support the security demands of an eCommerce site, while providing the development team with important tools to effectively and efficiently manage the new infrastructure — all while reducing AWS costs.

Solution

Sending hundreds of millions of emails every year that drive customers to the web properties it manages for its clients, this firm has a vested interest in ensuring the performance and uptime of the sites to which it is driving email recipients. Indeed, downtime means lost revenue and lost customer trust. As a result, this firm has a 99% uptime SLA with its customers. An SLA it intends to meet and exceed.

The firm turned to the AWS experts at Flux7 to help it build an infrastructure that could over-deliver on the uptime, performance, and security agreements with its customers. After an assessment of the company’s existing AWS implementation and architecture, Flux7 consultants recommended the use of AWS CloudFront in conjunction with AWS WAF and ELB for greater content speeds, and security at less cost to the organization.

The first thing the team did was to implement monitoring and logging tools that gave the team better situational awareness. Once we established a firm understanding of the issues, we determined that it would be best to build for this client a solid foundation using automation so that changes could be incrementally weaved in over a period of time. 

Following this, one of the first changes we made was a lift and shift to AWS CloudFormation, a tool that helps developers and sysadmins create, manage and provision resources through templates. In conjunction with Jenkins, CloudFormation provided a basic foundation for automation, and a route to continuous improvement. With this automation in place, the Flux7 team replaced the organization’s HAProxy load balancer with AWS Elastic Load Balancer (ELB). Unlike HAProxy, ELB is inherently fault-tolerant; designed for scalability, elasticity and high availability; and, as a managed service, is able to automatically increase or decrease its capacity to meet traffic demands.

Next, the teams worked together to create a workflow for adding a new website. They used Jenkins jobs to populate SSL certificates on AWS and setup AWS CloudFront distributions, making sure to have separate CloudFront distributions for each website. Using CloudFront for this organization’s client websites was important as the AWS service speeds up content delivery by offering content to Web surfers from edge locations nearest them. Users are simply routed to the location with the lowest latency, resulting in the highest performance possible. High performance is especially important for this company’s customers who are
looking to sell video content to their users and want their product delivered without hiccups or errors. The use of AWS CloudFront’s content delivery network and caching in front of web servers decreased the load on this organization’s web servers and in turn greatly improved performance.

Last, Flux7 implemented the use of AWS Web Application Firewall (WAF) at this client. The AWS firewall helps ensure website security through the use of rules, such as whitelists, blacklists, cross-site scripting attack detection, and SQL Injection Detection, which were all implemented for this marketing group. Specifically, Flux7 consultants used CloudFront custom headers alongside an NGINX configuration to enforce the rule that all requests come from CloudFront and pass through WAF. An additional tier of rules was added that reactively blacklisted bots that made too many requests or too many requests on a bad URL as well as a rule that blocks traffic from a TOR node.

Benefits - By removing HAProxy as a nonscalable single point of failure, and replacing it with the autoscaling AWS ELB, Flux7 was able to decrease costs and grow scalability and elasticity for this firm. Moreover, the use of CloudFront reduced the load on this organization’s servers, and simultaneously made content delivery faster and more reliable. CloudFront was able to deliver this level of performance despite a large increase in traffic and business during the holiday season. In the end, this video focused web development firm was able to increase performance, meet SLAs, and standardize on a platform its development team could easily manage through the use of automation — all with a reduction in AWS costs.