About the Company
One of the largest utility service providers, servicing approximately 4 million customers in more than 300 urban, suburban and rural communities, including New Jersey’s six largest cities. The company serves the population in an area consisting of a 2,600-square-mile (6,700 km2) diagonal corridor across an East Coast state in the United States.
The company used legacy Identity and Access management systems deployed on premises. As the customers grew, the number of hits to the site grew, and downtime started increasing. Major downtimes were encountered during dire need, especially during natural calamities when customers required the site up and running.
Considering this growing downtime issues, and the ability to serve its growing customer base, the company decided to move to an efficient solution which would be faster, secure, low downtime, and most importantly cost effective.
Kapstone proposed and implemented a solution using Amazon Web Service (AWS) which would meet all the needs of the company. We used this utility – an AWS hosted IDAM solution as a replacement to the legacy solution. Single Sign On for internal applications were done using either OAuth 2.0 or OpenID Connect, and external apps were integrated using SAML provided by this utility.
We used AWS Lambda to host the APIs that are consumed by the core application. Due to the versatility of AWS Lambda, the APIs could be written in Java using SpringBoot which made the development much more flexible. Authorization of the Lambda functions were handled using Spring Security. The Lambda endpoints were protected using the API Gateway. End Points from API Gateway are exposed to the core application.
AWS S3 is used as a storage for the code. The compiled version is over 20 MB, and the compiled code is stored in an AWS bucket. The data within the S3 bucket is encrypted using AWS KMS. The ARN of the S3 is used as the Code Entry Point.
AWS CloudWatch is used to monitor the logs generated by the Lambda Functions and API Gateway.
The environment variables used for the Lambda functions were encrypted using KMS.
2 EC2 instances were used to host Internal Administration applications and its dependent APIs. 3 additional EC2 instances were used for Analytics purposes to report customer activities.
The EC2 instances were load balanced using AWS Load Balancers. Data is encrypted on the network using TLS 1.2. The secure channel is used consistently throughout the environment.
As a result, the company was able to provide an efficient and secure application with minimal downtime to its customers, and at the same time reduce its own costs by a huge margin as it no longer had to maintain the servers On-Premises. The applications were easily auto scalable to meet traffic peaks and then scale the infrastructure down during quieter times. And, because the company pays only for the AWS resources it consumes, the AWS infrastructure proved to be highly cost-effective.