About the customer                                          

On the the biggest financial institutes in Central America. offers services through a network of more than 1,600 service points throughout its based country, as well as electronic access from anywhere in the world.

Issue

The customer was looking to implement a payment link project with which their customers can sell online without having a website, only sharing a payment link. For this project, we seek to have a robust infrastructure with high security levels.

Solution

Criptonube/Myappsoftware offered to host this payment link project in the AWS cloud, for security it was recommended to host the site and database in a private subnet, leaving a load balancer and a Checkpoint firewall in a public subnet, which would be in charge of receiving the traffic and direct it to the corresponding instances, likewise a second VPC was considered through which the customer’s collaborators would enter through a VPN to manage their services, at the customer´s request Checkpoint services were implemented to manage firewall/vpn rules and an AWS Transit Gateway was implemented to manage and monitor the network.

Within this same infrastructure, payment card information is not stored, but the load is received and arrives at the VISA Gateway.

AWS Services implemented

• Certificate Manager: to manage the security certificate

• Amazon Cloudwatch: View usage and logs metrics.

• AWS Config: Evaluates whether our resource configurations comply with relevant rules

• Amazon Cloudwatch Events (EventBridge): scheluded triggers for Lambdas to create/delete AMIs and stop/start instances.

• AWS IAM: To manage permissions of users and roles that manage the infrastructure.

• AWS Access Analyzer: Monitor policies and roles that access the resources.

• AWS Key Management Service: protect encrypted volumes.

• Network Load Balancer: to manage the requests to the webserver and avoid the server be expose

• Amazon EC2: Host web services

• Amazon RDS: to host databases in Aurora MySQL

• AWS Transit Gateway: connect VPCs and on-premise users.

Third Party software tools used

• CheckPoint CloudGuard

Results and benefits

Configure and keep the most critical resources in a private subnet, allowing the customer to avoid attacks or have open direct connections to their instances and databases.

AWS Transit Gateway allowed us to connect its VPN connections, connect its VPCs, and monitor network rules from a unique place.

Network Load Balancer: receives an average of 205 flow counts per day.

Amazon RDS: Aurora Mysql Database has an average of 1500 Selects/sec

AWS Config helps us make sure 6 rules are compliant, therefore we know our resources are compliant with what we need; encrypted volumes, backups enabled, public access check for rds, logs enabled.