Solutions
Solution
Industry spotlight
.avif)
Watch our latest video case study!
Check out how Colibri's partnership with Nomo Fintech has transformed their approach to data
Learn more
Success stories
Insights
Center Parcs UK and Ireland, renowned for its family-friendly forest retreats, sought to improve the security of its AWS environment to meet stringent industry standards and ensure operational integrity.
Center Parcs UK and Ireland offers short breaks for families at six forest locations. Each village is home to self-catering accommodation, the Subtropical Swimming Paradise,activities, restaurants, shops and more, all in a peaceful forest setting.
For several years, Colibri has supported Center Parcs by managing its AWS estate. This comprises several solutions that have been strategically deployed across multiple AWS accounts, allowing the organisation to optimise operations and deliver exceptional service to its customers.
In line with industry best practice, the use of root user capabilities within an AWS account should be limited to exceptional circumstances. The root user controls an entire AWS estate, including critical systems such as databases, servers, and applications. Therefore, any compromise of root user credentials can have serious consequences.
As part of ongoing consultancy and collaboration between Colibri and Center Parcs, it was recognised that a comprehensive solution was required to enhance security measures. Specifically, it was determined that a monthly report should be generated to capture any instances where the organisation's AWS accounts were accessed through the root user via the web console. This report would not only record essential information like the precise date and time of each event but would also include a reference to the unique multi-factor authentication (MFA)device utilised by staff members during the access process.
To further enhance security, an immediate alert would be dispatched to Center Parcs' internal security team whenever a root login event occurs. This measure ensures timely intervention to address any potential threats, safeguarding the integrity of Center Parcs' AWS environment.
Using serverless technology, Colibri has crafted a robust solution that empowers Center Parcs’ security team.
Colibri implemented Amazon EventBridge, a real-time data change tracking service, across all AWS accounts within the Center Parcs estate. By integrating it with AWS CloudTrail, the tool now captures root login events as they unfold, making audits much easier.
To orchestrate the process, an EventBridge rule was devised to collect and dispatch events to a dedicated AWS account specifically designed for reporting and auditing. Leveraging a Custom EventBridge Bus, events are relayed from the source AWS accounts to the audit account. Another EventBridge rule then forwards messages to two targets.
The first target distributes the raw message via a Simple Notification Service (SNS) topic,delivering real-time notifications to the Center Parcs security team. This ensures awareness and immediate action when root login events occur. The second target routes the events to Amazon Kinesis Firehose, a service that captures and transforms large volumes of streaming data. These events are then stored within an S3 bucket. A Glue Crawler catalogues the metadata of each new event within the bucket and sends that data to be queried by Amazon Athena.
At the start of each month,a CloudWatch event triggers a serverless Lambda function which then queries Athena to generate the last calendar months' worth of data. Shortly afterwards,a second Lambda function is triggered that receives the generated query results which are then converted to a user-friendly report format and distributed to Amazon Simple Email Service (SES) to be shared with the security team.
Colibri utilised the power of CloudFormation to provision the required cloud-native AWS services. Adopting a version-controlled Infrastructure as Code (IaC) approach ensures accuracy and repeatability with each deployment, guaranteeing a consistent solution.
This resilient and scalable solution has created a cost-effective way to handle root login events while meeting stringent security audit requirements.
Cost efficiency: Drawing on its optimisation expertise, Colibri identified the most suitable components for a streamlined and cost-effective deployment. The use of serverless architecture offers compute resource efficiency and maximises the value of Center Parcs' investment.
Security: The root access solution has empowered Center Parcs’ security team with greater visibility and control. They now have monthly reports which provide detailed insights into root user access across their entire AWS estate.
With real-time notifications, Center Parcs can respond quickly to unexpected activity. This approach aligns with industry best practice by embracing zero-trust principles and safeguarding critical systems from unauthorised access.
Observability: To enhance observability and ensure the health of this solution, Colibri deployed CloudWatch, an AWS monitoring tool. CloudWatch Alarms have been added to various components for real-time visibility into system behaviour. In the event of any anomalous activity, alerts are sent to support teams who quickly respond and investigate- further enhancing incident response.
Start of engagement: April 2023
End of engagement: April 20204
Reduced to within 6-second lead time
Faster predictions on customers' needs and capturing new opportunities
+ 20 headcount in the data team
Unlock growth, efficiency and innovation through data and AI
Turning raw data into actionable, competitive insight
Modernise with purpose. Transform with data. Scale with AI
Intelligent solutions built for real-world business impact
Empowering cloud-first operations with confidence
Can’t find the answer you’re looking for? Please chat to our friendly team.