From apser, you were offered an initial assessment that allowed us to analyze the current status of your AWS account and, subsequently, our Sherpa support service to implement the potential improvements detected during the assessment.

The initial assessment of apser, based on the best practices recommended by AWS for the different services involved in the customer’s AWS account, is very useful for identifying points of improvement in different services such as: AWS IAM, Amazon VPC, Amazon EC2, Amazon RDS, Amazon S3, Amazon Route53, as well as offering options for cost optimization and new functionalities that may be of interest to customers. Customer such as the use of AWS CloudTrail, AWS GuardDuty, AWS Elastic BeanStalk, Amazon Cloudfront or AWS WAF.

The solution proposed by apser revolved around two aspects:

On the one hand, absorb the Polygon Education AWS account into our AWS Organization to benefit from the legacy security layer (apser Atalaya): Control Tower, AWS Config, AWS SSO, SCPs, CloudTrail, GuardDuty.

On the other hand, carry out all the improvements analysed and detected in the initial assessment with the aim of increasing the security of the infrastructure and optimizing its costs. The following are some of the optimizations performed by service:

• AWS IAM. Nominal IAM users were created and passwords strengthened to increase the security of access to the account.
• Activation of AWS CloudTrail and AWS GuardDuty.
• Amazon VPC. Until now, the account had a default VPC. Following the best practices of AWS, a network was created with 3 public networks and 3 private networks and all resources were migrated to the new VPC, in order to have a correct dimensioning of the networking.
• Amazon EC2. An important work was done to secure and, through Amazon CloudWatch, some elements that were not currently being monitored were started to be monitored in order to have a better view of the use and consumption of the computing service. A new backups policy was also set up and an upgrade of t2 instances to state-of-the-art t3 instances was carried out with the aim of improving both performance and costs.
• Amazon RDS. Consumption was optimized by avoiding the traffic costs associated with the transfer of regional data between availability zones, and some improvements were implemented both in terms of security and configuration, such as the extension of the backup retention period to 30 days.
• Amazon Route 53: DNS management was carried out internally with Amazon Route 53. In this way, we manage to reduce DNS propagation times in case of modifications.
• Amazon S3 + Amazon Cloudfront: We moved public static content from Amazon EBS on Amazon EC2 to a bucket on Amazon S3 and started serving it through Amazon Cloudfront. In this way, we are able to improve costs and have secure access to data.
  Regarding cost optimization, some proposals were presented to reduce costs based on the contracting of Saving Plans or reserved instances

Some of the following steps proposed to the client are:

• Implementation of AWS WAF to add a layer of security to your infrastructure and improve your protection against the most common web attacks
• Deploy Amazon BeanStalk for your web applications, decoupling persistent storage
• Use of reserved instances or saving plans, with a commitment of one or three years, to significantly reduce infrastructure costs
• Using Amazon RDS MultiAZ as a way to improve platform availability
• Using Amazon SES to send emails from your apps

apser is the AWS Advanced Consulting Partner specializing in companies, public administrations, startups and non-profit.

The apser team provides a customized, easy-to-understand and agile approach with the goal of contributing to the widespread adoption of the cloud paradigm.

Our team operates through two business units: Cloud Solutions (acting as a managed services provider) and Cloud Professional Services (acting as a consulting firm).

In 2018 we had our first experience with AWS. Since then, we have not stopped incorporating knowledge and experience that, day by day, help us improve the effectiveness of our clients’ platforms. You can consult here our AWS Validated Qualifications.