Pos Malaysia is the national courier service provider and sole licensee for universal postal services in the country, delivering to more than 10 million addresses across the nation. With a track record of over 200 years, the Pos Malaysia Group has progressed from a traditional postal service into a dynamic mail and parcel services, financial services and supply chain solutions provider with the largest delivery and touchpoint network in Malaysia. Pos Malaysia’s Integrated Parcel Centre (IPC) was upgraded to process over 300,000 items a day. With the growing demand, Pos Malaysia incorporates various technologies to deliver several services to its customers and to realize its vision, “We deliver. We connect. We improve lives.”
• IAM User best practice: POS Digital account has IAM users and wanted to improve their security posture in terms of IAM users, password policy, temporary access, secrets manager etc by implementing best practices to protect against unauthorized access across the cloud environment.
• Automation: POS Digital account wanted to have a reliable platform with a modernized environment by leveraging AWS cloud-native services with higher fault isolation.
• Reliability: POS Digital account’s objective is to enhance their testing process to validate the multi-deployment strategy along with the auto-scaling group to minimize the peak load performance.
• Higher Availability for Application Recovery: POS Digital account wants to improve its application resiliency with multi-account strategy with a disaster recovery plan.
• Enable IAM key rotation for more than 90 days.
• Configure password policy to match organization standards.
• Implement AWS Secrets Manager in SSM parameter.
• Enable IMDSv2 to secure EC2 instances where IAM roles are enabled.
• Enable multi-account strategy to plan for DR setup.
• Enable auto healing layer by leveraging AWS Autoscaling group for business-critical instances.
• Enable Route53 for more control over the data plane.
• Enable metrics for infra and app layer with application insights to have more control of all layers.
• Use AWS Config to have a proper audit of all the resources.
• Improved Security: The POS Digital account has enabled security posture across the environment in terms of MFA and IAM best practice and have enabled IMDSv2 to protect all the EC2 instances.
• Enhanced Reliability: POS Digital account enabled auto-scaling group with a highly reliable environment. And customer has performed distributed load testing using Apache JMeter.
• Cost Optimization: AWS Compute Optimizer has been enabled to have more control over the rightsizing of resources and addressed RI instances for better cost optimization.
• Security Standards: End-to-end monitoring has been enabled on both the infra and app layer with application insights. Also tested some canary scripts for Synthetic monitoring on the web layer.
The POS Digital account has made significant enhancements across multiple fronts in its AWS environment. These include improved security through the implementation of Multi-Factor Authentication (MFA), adherence to IAM best practices, and the deployment of IMDSv2 to safeguard all EC2 instances. Additionally, the account has bolstered reliability by establishing an auto-scaling group for a highly dependable system, validated through distributed load testing using Apache JMeter. Cost optimization efforts have been prioritized by enabling AWS Compute Optimizer to fine-tune resource allocation and address Reserved Instances (RIs) for cost efficiency. Lastly, security standards have been elevated with end-to-end monitoring spanning both infrastructure and application layers, aided by application insights and the introduction of canary scripts for synthetic monitoring at the web layer to proactively identify and address potential issues.
Minfy Technologies is a Cloud Native System Integrator helping enterprises, start-ups and fast-growing businesses navigate digital journeys leveraging AI & Cloud technologies. We assist our customers in accelerating Digital Transformation, Cloud Adoption and Innovation. Our transformative services include Cloud Consulting, Migration & Legacy modernizations, Cloud-Native Application Development and DeepTech implementations while offering reliable and world class 24x7 managed services.