AWS VPC, NAT Gateway, AWS IAM, Amazon GuardDuty, AWS CloudTrail
Amazon Web Services
The customer has the most popular and efficient green blockchain platform that appeals to scalability and security concerns that have integration with many other blockchain platforms. Users of this platform can use it to manage their cryptocurrency assets along these integrations from their mobile devices.
They wanted to have a more secure environment and it could be matched with AWS Well-Architected Framework pillars. The aim was creating a sustainable platform dealing with scalability, operational challenges, and availability at best; however with the increasing blockchain data volume and having a security-sensitive platform, it was hard to keep the infrastructure available and secure all time.
To overcome their challenges with an expert, they decided to collaborate with Sufle to design their platform while supporting its growth. Their priority was to manage their operations in a secure and cost effective way with a sustainable manner during the expansion.
With the 10+ years of experience of Sufle on designing secure environments on AWS, customer decided on this collaboration and the process started with implying proof-of-concept (POC) to test the new infrastructure design. Ongoing services of the green blockchain platform migrated to a new AWS account and implemented a new hardened and segmented network.
With the power of managed services of AWS and how well they are integrated with Amazon EKS Kubernetes cluster like AWS VPC Peering, NAT Gateway, AWS Load Balancing, AWS Identity and Access Management (IAM), and Amazon EC2 Auto Scaling groups, it was a quick and seamless project to the new platform while ensuring specific needs of the development team.
Using AWS Certificate Manager ACM to provision, manage, and deploy public and private SSL/TLS certificates for use with AWS Load Balancing, they can ensure end-to-end security during transit. The time-consuming manual procedure of buying, uploading, and renewing SSL/TLS certificates is eliminated by using AWS ACM.
The new environment can scale automatically without any concern on security and made available to have continuous business operations.
CIS Benchmark standards, which is an objective, consensus-driven security guideline, for Amazon Web Services is followed during the setup of the AWS account to ensure higher security standards are applied through the account. Using security automation checks and alerts implemented using Amazon GuardDuty, AWS CloudTrail and Amazon CloudWatch Events, anomalies and critical actions are reported immediately to security assurance teams.
According to the shared responsibility model of AWS, for Amazon EKS, AWS is responsible for the Kubernetes control plane, which includes the control plane nodes and etc database. It is possible for Amazon EKS to automatically detect and replace control plane instances that are in poor health. Moreover its ability to provide with version upgrades and patching enables the system to work smoothly while staying updated and secure without any disruption.
With their new secure environment on AWS, they can test new versions and security updates without interrupted reliability of the blockchain. Additionally, this green blockchain platform can scale with Amazon EKS for their users in a more secure and automated way.