Well-Architected Review Securing the AI-Powered Broker Application

As a profound Well-Architected Partner of AWS, we initiated a meticulous AWS Well-Architected Review (WAR) of the client’s cloud infrastructure and architecture to evaluate it and pinpoint all its weaknesses and areas of improvement. WAR is a comprehensive evaluation process aligned with best AWS standards that helps to determine the security level, protection level, and resiliency of the cloud ecosystem. When conducted on our client’s infrastructure, this assessment immediately identified a significant room for improvement.

Except for the architectural deficiencies, the WAR assessment revealed the weak protection of the entire ecosystem, which must be addressed in the short term.

The full scope of fixes and implementations we performed in the first iteration consisted of:

• Implementing multi-factor authentication (MFA) enforcement for all identity and access management (IAM) users, and establishing critical authorization protocols where none existed.

• Closing publicly exposed, unnecessary internet ports and refining IAM roles to strictly adhere to the principle of least privilege.

• Implementing AWS Secrets Manager for secure storage and access control of sensitive credentials and API keys.

• Deploying web application firewall (WAF) web ACL rules to protect the application from common web exploits and unwanted traffic.

• Configuring API Gateway throttling limits to protect backend resources from overload and defend against DoS attacks.

• Updating AWS S3 bucket policies to mandate server-side encryption for all objects at rest within the data storage layer.