Protective Measures for Scrivito’s Cloud Infrastructure

Protective Measures for Scrivito’s Cloud Infrastructure

  • This article is purely informative. There is no need for you to take any action based on this article.

Scrivito makes use of several managed services hosted in the AWS Cloud infrastructure. To prevent this infrastructure from service interruptions or being ultimately taken down by denial-of-service attacks, defence measures have been taken. These measures are based on a best-effort approach that also considers the reasonableness of the costs associated with them.

The Scrivito services infrastructure hosted on AWS benefits from AWS Shield, a DDoS protection service that safeguards applications running on AWS against SYN/ACK floods, UDP floods and also DNS query floods, for example.

Learn below which AWS cloud services Scrivito uses and what protects them against attacks.

DynamoDB and ECS clusters for dynamic website content

The Scrivito services are tenant-based, meaning that our customers’ individual content is separated into CMS instances in an AWS DynamoDB database. Typically, the content of a customer’s CMS is made available to editors and visitors on websites that are driven by web applications.

Scrivito-based web applications follow the JAMStack architecture pattern and include an SDK that transparently handles all access to the content of a CMS instance. The SDK retrieves and stores the content using a central API that is provided through an AWS ECS cluster.

The ECS cluster scales automatically. Amazon CloudWatch alarms have been set up as a measure for identifying and addressing irregularities such as DoS attacks at an early stage. The backing DynamoDB service has tenant-based as well as overall rate limit settings to prevent bandwidth overuse and thus failures.

CloudFront and S3 for static HTML markup and binary assets

In conjunction with AWS website hosting, static HTML pages as well as static assets like images, videos and other binary files managed via Scrivito (cdnX.scrvt.com) are delivered using AWS CloudFront CDN services and hosted within AWS S3 buckets.

CloudFront and S3 are fully managed in terms of storage as well as network and transport layer security and scalability. CloudFront as a Content Delivery Network (CDN) uses so-called edge locations in data centers worldwide with efficient caching mechanisms to distribute and optimize content delivery. Both services are protected by AWS Shield Standard.

Route 53 for DNS and Routing

For many Scrivito customers, domain name serving and routing is done via AWS Route 53.

Route 53 is a managed and highly distributed as well as scalable routing service with built-in DDoS protection by AWS Shield Standard.