About the Customer
Asociatia Techsoup is the largest technology and expertise resource center for nonprofit organizations in Romania and the Republic of Moldova. They build digital resources and opportunities for non-profit organizations, teachers, future teachers, and young people.
However, like many AWS users, they were facing a problem: their costs were spiraling out of control. This was despite no corresponding increase in their user base, making it difficult for them to justify the expense. That's when they turned to us, and we were able to help them achieve incredible results.
Elena Coman
Asociatia Techsoup, Director of Innovation and Growth
The Challenge
The AWS environment consisted of two EKS clusters, one for staging and one for production, that were operating on an on-demand model. Additionally, the stateful layer consisted of an RDS Aurora MySQL setup. As a non-profit organization, Asociatia Techsoup needed to reduce costs while maintaining the performance of their AWS environment.
Our Approach
We took a unique approach to Asociatia Techsoup's AWS environment, leveraging the AWS Well-Architected Framework to identify the top services that were driving up their costs and to understand their usage patterns. By working closely with their team, we were able to develop a comprehensive plan to optimize their AWS costs while maintaining performance and enhancing security.
The Review Process
The AWS Well-Architected Framework is a methodology designed to help cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications. The Well-Architected Framework provides a consistent approach for reviewing and improving existing architectures, as well as designing new ones.
The framework is based on six pillars: operational excellence, security, reliability, performance efficiency, cost optimization and sustainability. By reviewing an organization's cloud architecture through the lens of these pillars, the Well-Architected Framework helps identify potential areas of improvement in their AWS environment.
The review process involves a series of questions and best practices that are designed to help organizations optimize their AWS environment. These questions cover a broad range of topics, including cost optimization, security, performance, reliability, and operational excellence.
During the review process, AWS Solutions Architects work with organizations to identify areas of improvement and provide recommendations for how to optimize their AWS environment based on best practices. The Well-Architected Framework also provides a set of tooling and resources, including whitepapers, hands-on labs, and training courses, to help organizations implement these best practices.
In the case of Asociatia Techsoup, our team used the AWS Well-Architected Framework to conduct a comprehensive analysis of their AWS environment. Through this analysis, we were able to identify the top services that were driving up their costs and to understand their usage patterns. We then used this information to develop a customized plan to optimize their AWS costs, while also enhancing their security and maintaining performance.
Overall, the AWS Well-Architected Framework review process provides organizations with a comprehensive approach to reviewing and improving their cloud architecture, based on best practices and industry standards. It allows organizations to identify potential areas of improvement, implement best practices, and optimize their AWS environment for cost, security, and performance.
During the review process, our team uncovered several risks associated with Asociatia Techsoup's AWS environment. These included:
Over-allocation of resources, resulting in unnecessary costs
Lack of proper security controls, increasing the risk of data breaches and unauthorized access
Insufficient logging and monitoring, making it difficult to detect and respond to security incidents
To address these risks, we worked closely with Asociatia Techsoup's team to implement the initiatives mentioned above, reducing costs while enhancing security.
Identifying Areas of Optimization
Through our analysis of Techsoup's AWS environment, we were able to identify the areas where they were over-allocated and not utilizing their resources to their full capacity. The biggest costs were associated with EC2 on-demand instances and RDS clusters.
Reducing Costs
Using the AWS Well-Architected Framework, we were able to develop a comprehensive plan to optimize their AWS costs and the following initiatives were suggested:
Purchase a savings plan for the production EKS Cluster
A savings plan is a flexible pricing model offered by AWS that allows customers to save money by committing to a consistent amount of usage (measured in $/hour) over a one or three-year period. By committing to a one-year savings plan and paying all upfront, Techsoup was able to lock in a reduced hourly rate for their EC2 instances, resulting in a 35% reduction in associated costs.
Rightsize RDS
By analyzing the metrics of Techsoup's RDS instance, our team found that the RDS instance was over-allocated and not being used to its full capacity. Through efficient testing alongside the customer’s development team, we were able to agree upon an optimal instance type. This resulted in a 90% reduction in associated costs.
Transition staging environment from on-demand to spot
In AWS, spot instances allow customers to bid on spare Amazon EC2 capacity and run workloads at a much lower cost than on-demand instances. After discussing with the client and understanding their needs, we agreed to transition the staging environment from on-demand instances to spot instances. This resulted in a 65% reduction in cost, while also acknowledging that there could be a potential downtime of a few minutes in case of capacity loss, but it was a trade-off that the client was willing to make.
By implementing these initiatives, we were able to cut their AWS costs by 50%, saving them a significant amount of money that they could put towards their mission.
Enhancing Security
We took a comprehensive approach to enhancing Asociatia Techsoup's security, implementing several best practices to secure their AWS account, including:
Securing the AWS account
We implemented several security best practices to secure Asociatia Techsoup's AWS account. This included using strong passwords and enforcing password policies, enabling multi-factor authentication (MFA) for all accounts, and ensuring that all users had the appropriate permissions.
Using temporary credentials
We recommended using temporary credentials to access AWS resources. Temporary credentials have a limited lifespan, reducing the risk of misuse if they are compromised.
Relying on a centralized identity provider
We recommended using a centralized identity provider (IdP) to manage user access to AWS resources. This allows for better control over user access and helps to prevent unauthorized access.
Configuring service and application logging
We recommended using a centralized identity provider (IdP) to manage user access to AWS resources. This allows for better control over user access and helps to prevent unauthorized access.
Implementing WAF
We implemented the AWS Web Application Firewall (WAF) to protect Asociatia Techsoup's web applications from common web exploits and attacks.
Enforcing encryption at rest
We recommended enforcing encryption at rest for all of Asociatia Techsoup's AWS resources. This ensures that data is protected if it is stored on disk, and reduces the risk of data breaches.
By taking these steps, we were able to help Asociatia Techsoup achieve a higher level of security, protecting their critical work and their users' data.
The Value of Our Unique Approach
Our unique approach to Asociatia Techsoup's AWS environment involved a comprehensive analysis of their usage patterns and identifying areas of optimization through the AWS Well-Architected Framework. By leveraging our expertise and the AWS Well-Architected Framework, we were able to provide a customized solution that met their specific needs.
The initiatives we implemented, such as the savings plan, rightsizing RDS, and transitioning to spot instances, resulted in significant cost savings for Asociatia Techsoup. Additionally, our focus on enhancing their security through implementing best practices and configuring services and applications for better visibility helped to protect their critical work and their users' data.
The Results
Because of our efforts, Asociatia Techsoup has been able to continue using AWS to power mission-critical work while saving money and improving security. The rightsizing of RDS and transition to spot instances saved Asociatia Techsoup thousands of dollars in AWS costs, while the purchase of a savings plan for the production EKS cluster ensured that their services could continue to be delivered to their community without interruption. Asociatia Techsoup now has peace of mind knowing that their AWS environment is safe from common exploits and attacks thanks to the security upgrades.
Asociatia Techsoup was also eligible for $5000 in AWS credits as part of the workload remediation, following the review. These credits were made available to them as a result of the identified optimization opportunities in their AWS environment, and allowed them to continue using AWS to power their mission-critical work while further reducing their costs.
The credits were applied to their account and could be used to offset the cost of their AWS usage, including EC2 instances, RDS instances, and other AWS services. This provided Asociatia Techsoup with additional financial flexibility to further optimize their AWS environment and support their non-profit work.
Conclusion
By working with Asociatia Techsoup and using the AWS Well-Architected Framework, we were able to help them achieve significant cost savings and enhanced security. We hope that this success story inspires other organizations to take a closer look at their AWS environments and consider implementing the recommendations of the AWS Well-Architected Framework.