Based on best practices and the Well-Architected Framework, PatchKit has improved its infrastructure in the areas of security, reliability and cost optimization.
PatchKit is a Polish startup that has been dynamically evolving since 2015 with investment and support from The Knights of Unity and CShark. They operate a SaaS model solution built in the cloud, providing a game-oriented content distribution service that comes with a launcher and marketplace-related web services. The game distribution service has reached over 800 customers, and this number is constantly growing.
Continuity of content delivery is a key requirement for independent game developers to ensure a high level of player satisfaction. PatchKit uses the AWS cloud to maintain high availability of their platform with the content delivery network (CDN) delivery powered by Amazon Cloudfront. It also ensures that all legacy file data is protected, and provides reliable operations with minimal downtime and cost.
While PatchKit’s platform works without any problems, the client wanted to ensure a strong platform for growth through optimization, performance improvement and scalability to better meet the needs of customers. PatchKit wanted to ensure they were up to date with the latest best practices and newest services from AWS. This helped maintain the integrity of their platform and met the compliance requirements of their customers. The client wanted to ensure an objective and reliable assessment and make necessary changes with the support of a professional partner specialized in the AWS cloud.Â
Therefore, the client decided to undertake an external, objective review. The best solution for the client's needs was to conduct the Well-Architected Review, which gives a reliable picture of the current condition of the infrastructure and takes into account the risks and issues that may disrupt future performance.
There are the pillars of the Well-Architected Framework which help to review and improve cloud-based architectures.
The scope has been defined by five key pillars:
Additionally, we included Sustainability in this iconography, the 6th AWS Well-Architected Pillar. It was introduced just after the review and remediation of the client’s architecture were complete. It helps organizations to learn, measure, and improve their workloads using environmental best practices for cloud computing. Similar to the others, the Sustainability Pillar contains questions aimed at evaluating the design, architecture, and workloads implementation to reduce energy consumption and improve efficiency.
​​
We decided to review our infrastructure and become familiar with all the WA best practices. Our business can only exist when our clients trust us. We minimize risks by identifying hot spots, and we understand that a well-configured AWS infrastructure is one of the most important factors to ensure customer satisfaction.
Piotr Korzuszek, CEO & Backend Developer
Chaos Gears carried out the analysis processes gradually, from planning to implementation of improvements across the chosen areas.
The review was carried out in close cooperation with the client and performed in several stages.
‍
From the client’s point of view, the most important issue was to collaborate with a partner who understood what PatchKit is all about. One that would help select and apply only business-relevant recommendations from the available best practices.
The infrastructure design should be simple and clear to someone who is not well versed in it. A design that cannot be maintained is inefficient. We decided against some of the proposed solutions because they increase the complexity of the entire solution and even if they are good architecturally, they may have a different effect on the desired outcome.
- Piotr Korzuszek, CEO & Backend Developer
The result of the review was the selection and remediation of detected threats by Chaos Gears architects. In the case of PatchKit they indicated: 11 medium risks and 10 high risks.Â
1. Established the central management of the company's AWS accounts in one place with the implementation of an Security Control Policies (SCP) mechanism, defining the maximum permissions for account members in the organization.
2. Improved management of the AWS environment by launching the AWS CloudTrail service for the AWS accounts used, recording user actions, roles and AWS services. Implementing rules informs admins about unauthorized attempts to create a new IAM user or attempts to access the account without multi-factor authentication (MFA).
3. Restriction of permissions, e.g., for identity and access management (IAM) users by testing for automatic rules compliance with resources and the detection of weak policies.
1. Improve application performance and injection and other tests. Checking whether they pass tests from Chaos Engineering and FIS (AWS Fault Injection Simulator) services.
2. Creating protection against potential attacks on the client's environment by using test templates for selected services (e.g., simulating attacks on Lambda) created by Chaos’ engineers for the project.
1.Setting notifications about the upcoming, predefined monthly limit threshold and other overrun risks. Also, enabling standard budget monitoring through the activation of the AWS billing service.
2. Preparation of dashboards with visualizations of parameters detected by Amazon Trusted Advisor for all accounts in AWS organizations. This allows, among others, admins to identify unused resources versus costs or/and quickly locate accounts and users.
All actions set out in the recovery plan were implemented within the target deadline. All identified threats have been eliminated. After introducing changes to the infrastructure, a report was generated, highlighting improvements in the defined areas. Finally, the updated system is better secured and ready to serve customers, and to scale.
Piotr Korzuszek CEO & Backend Developer sums up the review:
As expected, we learned a lot about good practices, and the existence of many important solutions that we weren’t aware of. We will now be using them in our business and we have saved a lot of time on necessary research.
The cloud changes as the SaaS product evolves. Thanks to the revisions, the AWS cloud is better protected against attacks and failures. SaaS is still evolving and more changes are needed. Thanks to the changes, the organization of work and operations is better optimized. Selected components are prepared to scale the product while maintaining appropriate performance and cost levels.
‍
‍
Companies that conduct a WA through Chaos Gears can earn AWS Credits worth $ 5,000 from AWS Activate to make the necessary changes, as listed in Well Designed communications.
Here are the cloud-based projects we have successfully completed. See how we helped to create tailored solutions, and met and exceeded our clients' expectations.