Akbank Case Study

Solution

By using the Control Tower service on AWS, we have provided the opportunity to manage their environments and teams more effectively. AWS Control Tower provides the easiest way to set up and govern a secure, multi-account AWS environment, called a landing zone. It creates your landing zone using AWS Organizations.

Quickly set up and configure a new AWS Accounts with Control Tower

Akbank wanted to create separate environments for both its applications and users. Creating and configuring new accounts for each user would have been much work. Therefore, with AWS's Control Tower service, environments can be created quickly and they will be facilitated through Organizations with SCP (Service Control Policies) for authorizations.

Access to services and access to accounts were restricted using SSO service with Control Tower.

Cost Optimization - Automation for unused resources

When we looked at Akbank’s infrastructure, we  observed that the unused resources created too much cost. So, to avoid any cost for unused resources, Lambda functions were used to follow certain Cloudwatch parameters and these resources were stopped as needed.

Centralized Log Management & Security

By using the Control Tower service, we have eliminated the problems that may occur in terms of Centralized Log Management and Security. 

- Security : We checked the probes that may occur in terms of Security over a common Account. At this point, AWS GuardDuty and AWS Config services were enabled in the Security Account, and a security layer was created for auditing and threat detection.

- Log Management : A Log Management Account was created at the bottom by creating the Core Organizational Unit. The reason for this was to manage the logs of the transactions performed by the user and account owners from a single place using the CloudTrail service.