Automotive enthusiasts' social network

Client background: This Ukrainian startup aims to enhance the user experience of automotive blogs through a social network-like interface and seamless integration with other platforms and import tools.Business challenge: Immediate infrastructure cost adjustment is needed for a basic setup; best practices implementation is required for layout.

Project goals:

- Database setup review
- Database cost optimization and capacity verification
- Creation of Terraform IaC unified setup from scattered manifests
- Dynamo DB access refinement
- CloudFront implementation instead of direct S3 Bucket site hosting
- Implementation of AWS Web Application Firewall for CloudFront
- Shift left from Lamda functions usage when performing traffic-intensive operations due to natural limitations of the product

Solution overview: After assessment, we identified that the initial DB setup was excessive for the intended use, some of the configurations we potential vulnerability points, and though infrastructure was written in terraform, it was not unified to be deployed as a whole and there was no state management in place

Implementation:

1) After revision of the infrastructure code, we’ve performed a cleanup, added missing parts, endorsed modularity, and created a setup that allied whole footprint deployment as a unified solution.
2) Cost optimization was performed and showed a decrease of 40% due to the verification of the required capacity.
3) Web interface responsiveness improvement with the help of CloudFront and configuration of caching policies.
4) The concept design of EC2 Fleet adoption for traffic-intensive processes showed a moderate increase in bandwidth allocation for each process.
5) WAF2 allowed to detect and mitigate major security risks for web applications and allowed regional traffic filtering with additional DDOS protection configured.
6) Additional CloudFront integration for image distribution from S3 brought performance improvements to the whole setup and was benchmarked at x3 score when downloading, compared to the initial setup.

Resources: AWS, RDS Postgres, EC2 Fleet, Terraform, Route53, WAF2, Dynamo DB, S3, API Gateway

Results: The application is performing better than expected, surpassing the MVP targets. We have implemented baseline security controls, and we have covered the possible weak spot in S3 bucket access with an AWS policy that only allows access to data through CloudFront. Additionally, we were able to optimize our costs, which resulted in a decent decrease. Our IaC has been refined, and its modular structure allows for easy creation of new environments with minimal changes. It is now ready for further use.