Ruuvi's AWS Platform, Continuously Secured and Optimised by Cloudvisor

Back

The Client

Ruuvi is a Finnish startup that empowers users with affordable measurement tools for their homes and businesses. High-quality sensors measure humidity, air pressure, movement, and temperature and provide feedback via the Ruuvi mobile app or Ruuvi gateway. Ruuvi’s solution is also open source, which allows it to be integrated with a customer’s existing cloud solution, even if it is third-party.

Industry:Technology & Services
Company Size:11-50 employees
Country:Finland

Challenges

As Ruuvi’s sensor platform grew in scale and geographic reach, three interconnected challenges were limiting their ability to move fast and operate reliably.

Production and non-production environments shared the same AWS account, security groups were overly permissive, IAM roles were too broadly scoped, and Lambda functions contained hardcoded secrets in environment variables.
The Lambda-to-database connection model was creating latency and CPU overhead under load, with no load-testing validation to understand where the ceiling was.
CI/CD build and test cycles were taking 15–20 minutes due to sequential, uncached test execution, slowing down every feature release. Production deployments were fully manual with no atomic rollback capability.

Ruuvi also wanted to extend their platform with mobile push notifications — a capability that required a reliable, scalable cloud-native foundation before it could be safely delivered to end users.

Solutions

Cloudvisor addressed Ruuvi’s immediate challenges across security, reliability, and delivery — then delivered a Well-Architected audit before transitioning Ruuvi onto a Cloudvisor Managed Service subscription.

Security hardening

Account separation — Split non-production and production into distinct AWS accounts, preventing accidental production pushes.
Network security — Replaced open security groups with component-specific groups for RDS and ElastiCache; scoped all Lambda IAM roles to least privilege.
Threat detection — Enabled AWS Config rules and GuardDuty with VPC and CloudTrail monitoring for continuous threat detection.

Reliability & performance

RDS Proxy — Introduced in front of Lambda functions to reduce connection overhead and minimise database CPU load.
Concurrency limits — Set execution limits on Lambda functions to prevent runaway costs from malfunctioning functions.
Graviton migration — Moved Lambda and database workloads from x86 to AWS Graviton for better performance and lower cost.
Load testing — Validated infrastructure at 20× current traffic to confirm serverless scaling behaviour.

CI/CD acceleration & push notifications

Faster builds — Build caching and parallel test execution reduced CI/CD cycles from 15–20 minutes to 4–5 minutes — a 75% reduction.
Push notifications — Built a cloud-native solution using Amazon SNS + FCM for Android and iOS, with rate limiting to prevent notification fatigue.

Well-Architected audit

Security — Migrated 37 Lambda functions from hardcoded secrets to AWS Secrets Manager / Parameter Store (23 DB passwords and 21 API tokens removed). Enabled deletion protection on 11 production DynamoDB tables. Activated Inspector, Security Hub, Access Analyzer, and GuardDuty (Lambda + RDS protection plans).
Cost optimisation — Cleaned up redundant AWS Backup plans; decommissioned old DynamoDB and RDS snapshots with a Lambda-on-cron to keep inventory clean. Adjusted CloudWatch log retention from “Never expire” to a 3-month policy.
Reliability — Enabled Multi-AZ with auto-failover on ElastiCache; validated backup/restore procedures with full recovery testing.

Ongoing Managed Service

After the initial engagement and audit, Ruuvi moved onto the full Cloudvisor Managed Service subscription — shifting from project-based engagements to a continuous engineering partnership.

Bi-weekly environment checks
Automated WAFR-aligned scans against the post-audit baseline, delivered as a structured report with findings remediated by Cloudvisor engineers.
Monthly optimisation cycles
Cost optimisation, architecture drift review, RI/Savings Plan coverage, and time-bound items like certificate expiry and runtime EOL tracking.
24/7 monitoring & alerting
Grafana + CloudWatch alerts across 15 services, plus bespoke Lambda concurrency monitoring for 16 production functions — all firing to a dedicated Slack channel.
Direct engineering access
A dedicated Slack channel for urgent fixes, design questions, and unplanned support — no Statement of Work needed.

CI/CD modernisation
Build-once/promote-many pipeline with OIDC auth, versioned artifact storage, atomic rollback in 2–3 minutes, and supply-chain defence on every release.
Active roadmap
EC2 modernisation, AWS Bedrock AI integration, and phased remediation of the residual audit backlog.

Learn more

AWS Services Used

RDS
RDS Proxy
Lambda
REST API

Gateway
ElastiCache
Serverless Framework
VPC

NAT Gateway
SSM Parameter Store
CloudWatch

Results

Ruuvi came to Cloudvisor with a fast-growing IoT platform that needed hardening, a delivery pipeline that was slowing the team down, and a push notification feature waiting to be shipped. What followed was a complete transformation — and then a continuous partnership that keeps the platform secure, optimised, and moving forward.

75% faster CI/CDBuild and test cycles cut from 15–20 min to 4–5 min, preserved through the new pipeline architecture.

Built to grow with the platformAs Ruuvi's product surface expands, Cloudvisor's recurring cycles ensure the AWS estate keeps pace — securely and efficiently.