The customer’s infrastructure is running on AWS Cloud leveraging multiple services of AWS like Amazon Elastic Compute Cloud to house various VMs designated for different operations and applications of the customer and provide secure and resizable compute capacity in the cloud.
Each EC2 instance is attached with Amazon Elastic Block Store Volume which is a high-performance block storage service designed for use with Amazon Elastic Compute Cloud (EC2) for both throughput and transaction intensive workloads at high scale. This duo of EC2 instances and EBS Volumes resides safely on Amazon Virtual Private Cloud.
The customer also uses various other services like AWS CloudTrail which is a service that enables governance, compliance, operational auditing, and risk auditing along with a service for monitoring and observing named Amazon CloudWatch. Amazon Aurora was used as a MySQL and PostgreSQL-compatible relational database built for the cloud, that combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open source databases.
Amazon ElasticSearch is used as a managed service in the AWS Cloud that makes it simple and cost-effective to set up, manage, and scale a search solution for your website or application. Along with that is configured AWS Lambda, used to run the backend service code without provisioning or managing servers as an optimization strategy for managing costs and paying for only the consumed compute time.
For managing the AWS Account, AWS IAM service was used. AWS Identity and Access Management (IAM) is a web service for securely controlling access to AWS services. With IAM, one can centrally manage users, security credentials such as access keys, and permissions thereby control which AWS resources users and applications can access.
For safeguarding web applications, AWS WAF Service was used. AWS WAF is a web application firewall that monitors HTTP and HTTPS requests that are forwarded to an AWS API Gateway API, AWS CloudFront or an Application Load Balancer. AWS WAF also controls access to content. Based on conditions specified, such as specific IP addresses requests that originate from or the values of query strings, it responds either with the requested content or with an HTTP 403 status code (Forbidden).
For Monitoring the provisioned resources and Auditing users Amazon CloudWatch & AWS CloudTrail services were used. Amazon CloudWatch monitors AWS Web Services (AWS) resources and the applications that run on AWS in real time. One can use CloudWatch to collect and track metrics, which are variables that can be measured for resources and applications. AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of AWS account[s]. With CloudTrail, one can log, continuously monitor, and retain account activity related to actions across their AWS infrastructure.