$35K in AWS Credits & Well-Architected Review: Making Buzzer Scale-Ready
The Client
Buzzer is a digital sports platform that combines social media, professional sports networking, and innovative monetization and investment tools.
Designed for athletes, fans, clubs, managers, and investors, it allows users to build brands, share content, generate income, and support careers through a transparent, blockchain-powered ecosystem focused exclusively on sports.
- Industry:Software development
- Company Size:11-50
- Country:UAE
Working with Cloudvisor gave us the confidence that our AWS architecture is not only secure and cost-efficient today, but truly ready to scale with our growing user base. The Well-Architected Review helped us formalise key areas like security, observability, and disaster recovery, turning implicit knowledge into a structured, future-proof foundation.
Challenges
Buzzer had built a sophisticated, heavily event-driven platform on AWS Amplify, with multiple live environments and a growing user base. As the feature surface expanded, the team wanted an independent review to validate their architectural decisions, surface improvements, and ensure the platform was ready to scale with confidence.
- Establishing a formal security baseline across multiple AWS accounts – With multiple AWS accounts spanning several environments, the team wanted a structured assessment of their identity controls, access policies, and threat model to make sure everything was properly documented and in line with AWS best practices.
- Strengthening network and data protection controls for the database tier – As part of aligning fully with AWS Well-Architected standards, Buzzer wanted to improve network-layer controls around the database and ensure data protection mechanisms, including encryption at rest, were properly in place across the stack.
- Gaining clear visibility into AWS spend and uncovering backend cost savings – With costs distributed across dozens of services and multiple accounts, there was no structured way to attribute spend to specific features or environments. The team wanted a proper tagging strategy, active cost optimisation tooling, and a pricing model review for high-volume services like CloudFront.
- Confirming the platform could support reliable growth and high availability – As content volume increased across Reels, Stories, real-time chat, and the Arena feature, the team wanted confidence that the underlying architecture, spanning Lambda, SQS, DynamoDB, RDS, and OpenSearch, was set up to handle ongoing growth without reliability risks.
- Getting an independent expert review of the overall architecture – Having built the platform internally at pace, the team wanted an impartial assessment to validate their architectural decisions, confirm what was working well, and produce a prioritised roadmap for future improvements.
- Standardising infrastructure monitoring and log management – With 70+ Lambda functions across multiple accounts, the team wanted consistent log retention and a centralised observability setup with CloudWatch dashboards and alerts to stay ahead of any infrastructure issues.
- Formalising disaster recovery planning – The engineering team carried strong operational knowledge but had not yet translated it into a documented DR plan with defined recovery targets, tested runbooks, and a clear restoration strategy.
Solutions
Cloudvisor conducted a comprehensive AWS Well-Architected Framework Review covering the Security, Reliability, and Cost Optimization pillars. The review produced a structured set of findings and improvement recommendations, of which 19 were prioritised and fully remediated, with the remaining items deferred based on current business needs.
Remediation combined hands-on technical delivery, detailed documentation, and tooling enablement, all structured around a clear and prioritised plan.
Establishing a security baseline across multiple AWS accounts
Cloudvisor reviewed the multi-account setup, improved SSO policies, and enforced MFA. A formal threat model was also introduced to guide future security decisions.
Implemented IAM visibility and least-privilege controls
IAM Access Analyzer was enabled across all accounts, and Lambda roles were aligned with least-privilege principles.
Standardised logging across the Lambda environment
Logging was unified across 70+ Lambda functions with consistent retention policies, improving visibility while reducing CloudWatch storage costs.
Secured the database layer and improved network architecture
The RDS cluster was migrated to private subnets and encryption at rest was enabled without downtime.
Introduced continuous vulnerability scanning
Amazon Inspector was enabled for container-based Lambda workloads. The team also received guidance on improving base image security.
Validated encryption and defined data handling standards
All endpoints were confirmed to enforce TLS, and a data classification framework was introduced to guide how different data types are handled.
Established incident management processes
A structured incident response plan was created, including roles, escalation paths, and severity levels.
Deployed centralised monitoring and alerting
A CloudWatch dashboard was implemented to cover key infrastructure components. Real-time alerts now provide immediate visibility into potential issues.
Improved system resilience and failure handling
Timeout configurations were standardised and dead-letter queue coverage was validated across critical flows.
Formalised backup and disaster recovery strategy
RTO/RPO targets were defined and documented alongside a clear recovery approach. A warm standby model was established for production.
Introduced cost allocation and governance
A tagging strategy was implemented across accounts, enabling accurate cost attribution across environments and features.
Enabled cost optimisation tooling and pricing improvements
Compute Optimizer and Cost Optimization Hub were activated to surface savings opportunities. CloudFront usage was also reviewed for pricing optimisation.
AWS Services Used
- AWS AppSync (GraphQL API)
- Amazon DynamoDB
- AWS Lambda
- Amazon S3
- AWS IAM and IAM Access Analyzer
- Amazon OpenSearch Service
- AWS MediaConvert
- Amazon ECR
- Amazon API Gateway
- AWS Secrets Manager
- AWS Compute Optimizer
- Amazon SNS
- Amazon Cognito User Pools
- Amazon Aurora Serverless (RDS)
- Amazon SQS
- Amazon CloudFront
- Amazon CloudWatch
- Amazon Personalize
- Amazon Rekognition
- AWS EventBridge
- AWS Amplify
- AWS Cost Optimization Hub
- Amazon Inspector
- Amazon VPC
Results
Together with Cloudvisor, Buzzer improved how its AWS infrastructure is managed and optimised — building a setup that’s more efficient today and easier to scale over time. This created better visibility into usage and clearer control over costs and operations.
$35,000 in AWS credits securedSupporting continued infrastructure optimisation and scalable growth.
-
Stronger reliability and operationsStandardised logging, centralised monitoring, and defined RTO/RPO targets.
-
Improved cost control and optimisationImplemented tagging, enabled optimisation tools, and identified savings opportunities.
-
Improved security postureEnforced MFA, strengthened identity controls, and introduced a threat model.
-
Production-grade database securityMoved RDS to private subnets with encryption at rest - without downtime.
-
Production-ready AWS foundation for scaling19 improvements delivered a more observable, reliable, and cost-efficient architecture.
