Cairo Amman Bank (CAB)

Context & Importance

Cairo Amman Bank (CAB) aimed to modernize their CSOC environment by leveraging AWS. Their goal was to store all data collected from security sensors and metadata for their SIEM system, while ensuring a cost-effective, high-performance, and secure cloud environment aligned with best practices in centralized log storage, automated alerts, and multi-account management.

Problem & Gaps

CAB previously stored critical financial transfer logs on an on-premise server, facing multiple challenges: limited high availability, no automated backups, poor fault tolerance, manual log clearing, and complex maintenance. The server often reached full capacity, creating operational delays and additional costs.

Strategy & Solution

CAB requested a full migration of their environment to AWS, including rebuilding servers from scratch to allow full control over configurations. Cirrusgo proposed a scalable, secure, and multi-account AWS architecture designed to address performance, availability, and auditing requirements while optimizing costs.

Architecture & Technology

• Network & Accounts: A dedicated Network account with VPN and Transit Gateway ensures all traffic flows securely. A Log Archive account stores logs generated by AWS Control Tower for auditing, while an Audit Account manages CloudTrail logs across all accounts.
• Compute & Storage: Multi-tier log storage with SIEM servers across three AZs, backed by Auto Scaling and Multi-AZ deployment. Cold storage retains logs for one year.
• High Availability & DR: VPN tunnels for HA, DR VPN for fault tolerance, daily AMI backups via AWS DLM, and multi-region replication. Terraform-based Infrastructure as Code enables one-click DR environment creation.
• Monitoring & Security: CloudWatch metrics, logs, alarms, Insights, CloudTrail, and AWS Config ensure real-time monitoring, auditing, and compliance.

Process & Automation

• Auto Scaling Groups (ASG) integrated with Application Load Balancers for traffic distribution and self-healing.
• AWS Lambda and EventBridge automatically update ASG Launch Templates with latest AMIs.
• CloudWatch alarms automatically trigger predefined responses to thresholds, reducing manual intervention.
• Automated auditing and configuration checks using AWS Config and Lambda improve response times and security posture.

Business Impact

• Security: Enhanced data security and auditing capabilities.
• Cost Efficiency: Optimized AWS costs while maintaining performance.
• Operational Efficiency: Reduced manual maintenance and downtime through automation and scalable architecture.

Scalability & Governance

The multi-account AWS setup supports future growth, enabling independent team management through CloudFormation templates. Centralized logging, automated monitoring, and IAC ensure governance, compliance, and operational consistency across all accounts.

Outcomes & Future Vision

• CAB successfully migrated to a secure, scalable, and cost-effective AWS environment.
• Lessons learned highlight the importance of leveraging AWS APN partners and following the AWS Well-Architected Framework to minimize TCO and maximize efficiency.
• Future plans include continued automation, monitoring enhancements, and potential expansion of the cloud infrastructure to support evolving business needs.