Case Study: LinkID - Complex networking connectvity with multiple AWS accounts for gamification platform
FTI - A Comprehensive AWS deployment partner in Vietnam market
LinkID is a global technology and software development service provider, and a strategic Loyalty partner of VPBank. LGP is a gamification platform which focuses on delivering gamification activities to the marketers to attract and maintain users’ sessions in the applications
✅Challenges of LinkID
LinkID must connect with multiple vendors and customers’ accounts, LinkID is only strong in DevOps and developing software and applications on AWS, so the client really need a partner specializing in Networking and connectivity to support IP planning and solve the following difficulties.
1. Share single endpoint of application instance to multiple VPCs across AWS accounts.
2. Improve the security of network traffic across VPCs and inter-region peering and connect to the internet of instances
3. NAT data processed costs are too high and want to reduce this costs, but they didn’t know where are the traffics were heading to.
4. The networking connections between VPCs and cross accounts are difficult to manage
5. Simplify integration between WAF and CDN solution, in replacing Cloudflare
✅ FPT Telecom International's Solution
Using AWS Route53 and Route53 Resolver endpoint
- FTI used AWS Route53 and AWS Route53 Resolver endpoints are used. FTI created the Resolver rules and ability to use outbound endpoint to forward the requests defined by these rules to other AWS accounts’ VPCs (inbound endpoint is not shared). And inbound endpoint to forward requests from on-premises Domain server.
- Other related AWS services: Amazon VPC, AWS Resource Access Manager is used to share the AWS resources.
Encrypt the connection from the office to AWS Regions
- Encrypt all the traffic leaving AWS physical premises and use MACSec layer 2 encryption for traffic over the Direct Connect. AWS Direct Connect provides both last-mile connectivity from LinkID’s office to AWS Singapore region with High resiliency model.
- AWS Transit Gateway to encrypt traffic using AES-256 encryption at the virtual network layer as it travels between Regions.
- We migrated all of the workload instances from public subnet to private subnets, behind NAT Gateway.
- Other related AWS services: Amazon VPC, Amazon CloudWatch & CloudWatch Events
Using VPC endpoint to connect privately to Amazon S3 bucket
- FTI used the VPC Flow Logs to identify the traffic destinations and recognized that lots of traffics were heading to Amazon S3.
- FTI implemented VPC Endpoints to Amazon S3 buckets to solve the high NAT data processed costs and allowed LinkID to access privately from its workloads to S3 buckets.
- Other related AWS services: Amazon VPC, Amazon CloudWatch & CloudWatch Events, AWS Service Endpoints, AWS NAT Gateway
Simplify network management between AWS accounts and VPCs with AWS Transit Gateway
- AWS Transit Gateway is used to simplify the networking management; support connecting cross accounts and between multiple Amazon VPCs.
- Other related AWS services: Amazon VPC, VPC Peering, Amazon CloudWatch & CloudWatch Events
AWS WAF + Amazon CloudFront
- In replacing Cloudflare and simplify the service management, FTI recommended the customer to use AWS CloudFront. FTI will create an AWS WAF web access control list (web ACL), configure rules to protect your servers from common web threats, and attach the web ACL to the CloudFront distribution for LinkID.
FTI supported LinkID to use the WAF automation on AWS solution with Terraform which automatically deploys a set of AWS WAF rules that filter common web-based attacks, customized on this GitHub project: https://github.com/aws-samples/aws-waf-automation-terraform-samples. The below AWS Managed Rules rule groups are configured: Baseline rule groups / Use-case specific rule groups / AWS WAF Bot Control Rule group
- Other related AWS services: Amazon VPC, AWS WAF, Elastic Load Balancing (ELB), AWS Route53
✅ Outcomes & Benefits
⭐Securely share applications to other vendors/end-customers with only single endpoint
⭐Reduce egress data costs by 40% and increase security when connecting privately to Amazon S3 buckets.
⭐Reduce the latency and lagging issues when remoting and connecting to AWS Singapore region up to 50%.
⭐Simplify the networking connection between VPCs and AWS accounts.
⭐Enable instances present in a private subnet rather than public subnet
⭐Simplify the service management, only use AWS services for the infrastructure.
⭐Receive comprehensive networking connectivity and dedicated support from FTI team.
✅ About FPT Telecom International (FTI)
⭐FPT Telecom is an AWS Advanced Technology Partner. Since January 2021, FPT Telecom has become Amazon Direct Connect Delivery Partner of AWS in Asia Pacific (APAC). From January 2, 2022, FPT Telecom becomes AWS Advanced Tier Services Partner providing AWS consulting, payment and Managed Service solutions.
⭐In March 2022, FPT Telecom was the first partner in Vietnam to achieve AWS Networking ISV Competency, this certification validates a partner's ability and in-depth experience in consulting, implementing, and administering AWS Direct Connect. Moreover, FPT Telecom is also an AWS Public Sector Partner, certification has experience in providing solutions to government, educational and non-profit organization clients throughout the Vietnam region and around the world.
⭐Information overview of FPT Telecom on APN: https://partners.amazonaws.com/partners/0010h00001cCj5aAAC/
#aws #FPTTelecom #spp #solutionprovider
Hotline: 1900 6973 — Sales: 090.745.1357
Email: [email protected]
Business registration certificate number:
0305793402 first issued by the Department of Planning and Investment of Ho Chi Minh City on May 22, 2008
COPYRIGHT © 2022, FPT TELECOM INTERNATIONAL