Secure E-commerce Infrastructure Deployment with AWS CloudFront Security

Overview

At A Glance

Industry

Retail & E-commerce

Region

Canada

Duration

4 Weeks

Technical Stack

Kubernetes

AWS

AWS S3

AWS EC2

AWS Application Load Balancer

Amazon CloudFront

AWS Shield

AWS WAF

PostgreSQL

Client Profile

The client is a Canada-based SaaS company offering an e-commerce platform and a digital marketplace that enables artists to sell handmade artwork while supporting indigenous social communities. Their eCommerce marketplace solution helps artists reach a wider audience while maintaining cultural impact.

Challenge

Region-Restricted Access Requirements
The client needed IP whitelisting on CloudFront to ensure that only approved regions or IPs could access their distribution, reinforcing the need for a secure content delivery network.
Controlled Content Access & Efficient Caching
They required a customised cache policy that would allow only specific websites to access the S3 bucket content, along with optimised static asset serving for returning users. This also required effective CloudFront caching to ensure smooth and efficient delivery of content, further emphasising the importance of strong AWS CloudFront security to protect controlled access.
Problems with Speed and Responsiveness
The website was experiencing speed and responsiveness issues because of a significant amount of text and files that were created and edited every day, which highlighted the need for overall website speed optimisation.
Broken Product Image Behaviour
Product images are downloaded automatically when clicked, instead of navigating users to the product details page, impacting user experience and conversion.
Requirement for a Secure and Scalable AWS Configuration
The client required a more secure, scalable, and optimised cloud infrastructure to support e-commerce activities and enhance customer engagement within their e-commerce marketplace solution.

A cloud computing infrastructure on AWS for efficient and secure art e-commerce, enabling seamless transactions and enhanced user experience

Solution

Implemented WAF with IP Whitelisting
Seaflux established a Web Application Firewall (WAF) on the CloudFront distribution and introduced IP sets restricted to specific regions, meaning that only whitelisted IPs would be able to access the platform. This significantly improved CloudFront security by preventing unauthorised access and strengthening AWS access control across the environment.
Configured S3 Bucket Policy with Domain-Level Access Control
The S3 bucket policy was updated to allow access only from approved websites. The client can now specify allowed URLs under resources, effectively blocking unwanted traffic. In addition, cache policies were added to optimise the delivery of static assets. The team also used internal S3 bucket policy examples to validate and refine the final configuration.
Enabled Automatic Compression in CloudFront
CloudFront was configured to automatically compress all uploaded text files, reducing response sizes and significantly improving load times. This worked seamlessly alongside the existing AWS S3 bucket access policy, ensuring that only permitted content was delivered efficiently and securely.
Corrected Image Handling in S3
The S3 bucket settings were updated so that browsers will respect MIME types for image files correctly. This will prevent them from being downloaded and provide smooth navigation to product detail pages.

Key Benefits

19% Reduction in Irrelevant Traffic
Only whitelisted IPs and regions can access the CloudFront distribution, thanks to enhanced protection from CloudFront WAF, which significantly reduces irrelevant visits to the website.
14% Increase in Sales
Fixing the product image behaviour ensured users were directed to the product details page instantly, resulting in a noticeable boost in sales.

Develop Your Idea

Let’s transform your idea into a real product with scalable solutions.