Droople is a Swiss-based water technology company specializing in developing IoT-enabled smart water monitoring and management solutions. Their mission is to drive water sustainability by providing real-time data on water consumption, quality, and distribution. Droople's technology helps businesses and organizations optimize water use, reduce waste, and enhance operational efficiency across various sectors, including real estate, hospitality, and industrial facilities.

Droople faced significant challenges with their existing AWS infrastructure. The production database, running on PostgreSQL 12, was approaching its end of life in 2024, creating a need for an upgrade. Additionally, the database was publicly accessible, which posed serious security risks. The infrastructure lacked proper isolation between development and production environments, increasing the risk of accidental modifications in production. Furthermore, the absence of advanced security services left the system vulnerable to potential attacks.

Droople chose AWS as their cloud provider due to its comprehensive suite of tools and services tailored for secure, scalable, and resilient infrastructure management. AWS provides the necessary features for Droople to implement robust security measures, optimize database performance, and achieve better workload isolation. The ability to use AWS Organizations, Identity Center, and a range of security services like GuardDuty, Security Hub, and Inspector made AWS an ideal choice for addressing Droople’s challenges.

SnapSoft collaborated closely with Droople to implement a comprehensive remediation plan that addressed their security, scalability, and operational efficiency needs. The solution included:

1. Production Database Isolation: The production database was isolated using a VPC, ensuring that it was no longer exposed to the public internet, significantly enhancing security.
2. Lambda VPC Integration: SnapSoft updated Droople's Lambda functions to operate within the VPC, allowing secure access to private resources and better control over network traffic.
3. Database Upgrade: The PostgreSQL 12 database was upgraded to a more current version, with a focus on zero-downtime during the migration. An Aurora cluster was set up as part of the upgrade, providing better performance and cost efficiency.
4. Security Enhancements: Advanced security services were introduced, including GuardDuty, Security Hub, and Inspector, to continuously monitor and protect the infrastructure. AWS Secrets Manager was integrated to manage database credentials securely.
5. Multi-Account Architecture: Droople’s AWS environment was restructured into a multi-account architecture, separating development and production environments. This setup improved security, cost management, and operational control.
6. Automated Deployments: CodeBuild was implemented to automate the deployment of Lambda functions and database migrations, replacing the less secure and flexible Amplify deployment process.
7. Cross-Account Database Copy: A solution was designed to automate the weekly copy of production data to the development environment using AWS services, ensuring data availability for testing without compromising security.

• Amazon VPC: For isolating the production environment and securing database access.
• AWS Lambda: Updated to run within VPCs for secure access to private resources.
• Amazon RDS (Aurora): Deployed for the upgraded production database, offering enhanced performance and availability.
• AWS Secrets Manager: To securely manage and access database credentials.
• AWS CodeBuild: For automating Lambda deployments and database migrations.
• AWS Organizations & Identity Center: For managing multi-account architecture and centralized access control.
• Amazon GuardDuty, AWS Security Hub, Amazon Inspector: For continuous security monitoring and threat detection.

• Enhanced Security: The isolation of the production database and integration of AWS security services reduced the risk of unauthorized access and potential breaches. Droople's infrastructure now meets industry best practices for security and compliance.
• Improved Performance and Cost Efficiency: The upgrade to Aurora and the use of RDS Proxy improved database performance while optimizing costs. The multi-account architecture also allows for better cost tracking and resource management.
• Operational Efficiency: Automated deployment processes and the cross-account data copy mechanism streamlined development workflows, reducing manual intervention and the potential for errors.
• Scalability and Future-Proofing: With the new architecture and upgraded infrastructure, Droople is better positioned to scale its operations and adopt new technologies, ensuring long-term sustainability and growth.

This comprehensive remediation and optimization project has empowered Droople to focus on its core mission of driving water sustainability with a robust and secure AWS infrastructure supporting its innovative solutions.