geoFluxus Well-Architected Framework Review Case Study

Mar 23, 2023

geoFluxus: Enabling Companies To Use Data To Reduce The Environmental Impact of their Waste Streams

geoFluxus was founded to help companies identify innovative ways to reduce the impact of their waste streams, and ultimately build more sustainable operations. The founders recognized that there was a significant gap between the data available to waste producers, especially small and medium-sized enterprises (SMEs), and waste processors. geoFluxus aims to bridge this gap, providing SMEs with the necessary clarity to make informed decisions regarding sustainability.

What Is A Well-Architected Framework Review (WAFR)? 

The Well-Architected Framework Review (WAFR) provides a standardized approach for companies to evaluate their AWS implementation and identify areas for improvement. The primary goal of these reviews is to ensure that companies comply with their obligations under Amazon’s shared responsibility model and to assist them in improving the overall performance of their implementation.

In geoFluxus’ case, the primary goal of the WAFR was to pinpoint areas that could be improved in terms of security and cost efficiency. Over the course of the review, Cloudvisor identified 12 high-risk areas, and after the initial remedial action, all urgent high-risk issues had been resolved.

Security 

Security was a core focus for this WAFR, as it is a top priority for both AWS and geoFluxus. Our team identified 3 key areas where security could be improved and provided immediate fixes during the first review. 

The first step was to set up VPC Flow logs on the production VPC, which were collected into an S3 bucket specifically designed for those logs. This enabled geoFluxus to monitor their network for security and optimization purposes. Athena Tables were introduced to make it easier to query the logs and identify potential problems.

Next, we implemented CloudTrail which was also stored in an S3 bucket. Cloudtrail is an AWS service that records actions taken by a user, role, or AWS service to make it easier to limit operational risk, and conduct audits. The VPC logs are kept for 30 days, and CloudTrail logs for 1 year. Once this was completed, we set up GuarDuty, which significantly enhanced the threat detection ability for geoFluxus, at the cost of just a few dollars a month. 

Our team also configured the Web Application Firewall (WAF) in front of geoFluxus’ load balancer using the AWS common ruleset. This common ruleset provides protection against a wide range of commonly occurring vulnerabilities and helps the geoFluxus team monitor web requests for anything out of the ordinary. 

Finally, the geoFluxus Slack channel was set up with an RSS feed for AWS security updates, ensuring that the team was informed of any new security announcements promptly.

Cost Optimization 

After handling these security issues, Cloudvisor wanted to identify ways to cost-optimize geoFluxus’ implementation. Our team identified that geoFluxus’ RDS database was over-provisioned. To help reduce costs, we scaled down the PROD API RDS database from a m5.large to a t3.medium. This reduced expenses by around half, without compromising CPU performance. 

In addition, we helped the geoFluxus team configure cost allocation tags for customer workloads.

Additional Recommendations

Once the review was complete, Cloudvisor provided geoFluxus with a number of additional recommendations. Firstly, we advised geoFluxus to set up multiple accounts as their workloads grow in size and complexity. This would ensure that there is already the infrastructure in place for the company to retain leading security and cost optimization procedures as they scale up. We also suggested creating additional user roles rather than relying on a single admin.

Additionally, we recommended that geoFluxus refine their disaster recovery procedures and provided detailed steps on how to begin this process. We also offered guidance on how to continue improving these procedures over time.

AWS Services Used

     

      • VPC Flow logs

      • CloudTrail logs

      • Athena Tables

      • AWS WAF

      • Cost allocation tags

    Ready To Find Out Why 1500+ Startups Like geoFluxus Trust Cloudvisor?

    Cloudvisor was able to quickly establish a strong working relationship with geoFluxus because we think like a startup. We are structured the same way as many of our clients and instinctively understand the unique needs of startups like yours. 

    This enables the Cloudvisor team to quickly identify pain points, and implement positive solutions, without getting bogged down in bureaucracy or corporate procedures. 

    Want to discover how you can take your AWS implementation to the next level? Book a Free Consultation!

    Other Case Studies