AWS architecture review and advisory

01.

Client

Founded in 2013, Zegal is the fastest growing Legal Tech company operating across the Asia Pacific and Europe, with more than 20,000 business users. Today, these users and lawyers across the globe trust Zegal’s software to solve legal problems in an affordable and efficient way. Zegal.com is a legal software solution for businesses and law firms running as a multi-tenant SAAS application.

02.

Challenge

As a start-up growing at breakneck speed, Zegal’s AWS infrastructure and application code was hand provisioned into a single account. This account hosted both development and production environments which created potential security issues since developers needing access to the dev environments could easily get access to production resources as well. Reliability of deployments was also sub-optimal due to the amount of manual work involved. Zegal contacted AirWalk to review and advise on the possible remediation and conduct a thorough review of the application architecture considering the 5 pillars of the AWS Well Architected Framework.

03.

Solution

AirWalk conducted a series of workshops with Zegal’s infrastructure team as part of a discovery exercise. AirWalk also conducted its own review of the account using read-only credentials, with a deep focus on security in-line with best practice.

Following this, AirWalk created a report which advised on the current gaps in the architecture and the steps required to fix them. This included creating separate AWS accounts for development, test, production and audit log environments while using AWS Organizations to ensure there is a single bill at the end of the month.

The segregation of environments ensured that the production applications remained separated from development. Also, by leveraging repeatability of environments, AirWalk helped Zegal to automate the provisioning of resources for disaster recovery testing and to speed the creation of accurate development environment replicas to provide separate work areas for a growing team of developers. AirWalk identified resilience risks in the existing single-master, KOPS-based Kubernetes deployment and helped move Zegal towards the more managed EKS.

Other services were also made AZ-resilient AirWalk helped Zegal to implement a deployment pipeline to make the deployment of application code to their EKS clusters faster and more reliable.
AirWalk also recommended and implemented CloudTrail for all accounts under the organization for auditing and troubleshooting, feeding logs into a separate audit log account. The use of MFA was promoted to provide an additional layer of security for all developers and administrators of the accounts. AirWalk provided a secure password policy and guided the setting up of a phone app based MFA for all users.

04.

Outcome

  • Implementing these solutions ensure that the application is secure, resilient, scalable and cost efficient thereby ensuring optimal and secure operation.
  • The introduction of a CI/CD pipeline allowed faster, more reliable builds and automated testing, while still maintaining a manual gate before deployment to production.
  • The migration from KOPS-based Kubernetes deployments to EKS removed some of the systems management overhead and improved resilience.
Need help with your AWS architecture?
ident_triple
Get in Touch