AWS Security and Infrastructure Consulting for Web Platform

In December 2016, a web platform company contacted me for what seemed like a routine performance analysis. The symptoms were puzzling: severe slowdowns despite running on oversized infrastructure with minimal user traffic. Within days, the investigation revealed something far more serious: the application had been compromised, with malicious code consuming most of the server’s resources.

What followed was a six-month engagement that combined crisis response, infrastructure modernization, and comprehensive monitoring implementation, transforming a compromised system into a secure, well-architected AWS environment.

The Discovery: Performance Analysis Uncovers Security Breach

The initial assessment began with deploying New Relic to understand application performance. The results were immediately concerning. The monitoring dashboard showed that over 70% of the application’s workload consisted of external HTTP calls to hundreds of unknown domains scattered across the internet.

This explained everything: the performance problems weren’t due to application inefficiency or infrastructure limitations. The platform was compromised, and the malicious payload was consuming resources intended for legitimate users.

Crisis Response: Security Remediation

The immediate priority was removing the malicious code and preventing future intrusions. I conducted a complete forensic analysis to identify compromised files, injection points, and attack vectors. The cleanup process involved:

With the immediate threat neutralized, the platform’s performance immediately improved. Resources previously consumed by malicious traffic became available for legitimate application workload.

Infrastructure Modernization

With security restored, the focus shifted to building a robust AWS infrastructure that could support the application’s growth and modernization plans.

Load Balancer and High Availability

I configured an Elastic Load Balancer (ELB) to distribute traffic across multiple application servers, implementing proper health checks to ensure traffic only reached healthy instances. The ELB configuration included:

The infrastructure included development and staging environments, allowing the team to test changes safely before deploying to production. I created Amazon Machine Images (AMIs) from properly configured servers, enabling rapid deployment of consistent environments.

Monitoring and Performance Analysis

Comprehensive monitoring became critical for maintaining the newly secured infrastructure. I implemented a two-phase monitoring strategy:

Phase 1: New Relic for Application Performance

During the initial months, New Relic provided deep visibility into application behavior, transaction performance, and database queries. This monitoring platform was instrumental in identifying the security breach and continued providing valuable insights during the remediation phase.

Phase 2: Percona Monitoring and Management (PMM)

When the New Relic trial period ended, I proposed Percona Monitoring and Management as an open-source alternative. PMM provided even more detailed MySQL monitoring than New Relic, including:

The PMM deployment proved that open-source tools can often outperform commercial solutions in specialized domains. For MySQL monitoring specifically, PMM provided superior capabilities at zero licensing cost.

Database Optimization

Armed with detailed monitoring data, I conducted systematic MySQL optimization. The Percona tools revealed slow queries that were impacting user experience, allowing me to:

• Analyze query execution plans and identify missing indexes
• Optimize complex queries with inefficient JOIN operations
• Tune MySQL configuration parameters for the workload characteristics
• Implement query result caching where appropriate

These optimizations reduced database response times by 60-80% for the slowest queries, dramatically improving the user experience for database-intensive operations.

Technology Stack Modernization

The client was planning a significant technology upgrade to modern frameworks and PHP versions. I supported this migration by:

Enhanced Security Measures

Beyond the immediate security remediation, I implemented additional security controls to protect the infrastructure:

• Multi-Factor Authentication (MFA) for administrative access to AWS and servers
• Automated SSL certificate management with Let’s Encrypt for all domains
• Certificate integration with the ELB for encrypted traffic from users to load balancer
• File integrity monitoring to detect unauthorized modifications
• Regular security updates for operating system and application dependencies

Results and Impact

The engagement transformed a compromised, poorly performing platform into a secure, well-monitored infrastructure:

Security transformation: The platform went from an actively compromised system to a hardened environment with MFA, automated certificate management, and comprehensive monitoring.

Performance recovery: By removing malicious workload and optimizing database queries, the legitimate application’s performance improved dramatically, providing a much better user experience.

Modern infrastructure: The technology stack migration to Symfony 3.2 and PHP 7 positioned the platform for future development with improved security, performance, and maintainability.

Operational efficiency: Comprehensive monitoring with Percona PMM provided ongoing visibility into database performance, enabling proactive optimization and capacity planning.

Key Lessons: When Performance Problems Hide Security Issues

This project reinforced critical lessons about security-conscious infrastructure management:

Performance anomalies are red flags. When a platform running on oversized infrastructure experiences severe performance problems with minimal load, investigate security first. Unexplained resource consumption often indicates compromise.

Monitoring is essential for security. The security breach was discovered through performance monitoring, not security tools. Comprehensive visibility reveals anomalies that indicate attacks.

Open-source can outperform commercial solutions. Percona Monitoring and Management provided superior MySQL monitoring compared to commercial APM tools, demonstrating that specialized open-source tools often excel in their domain.

Defense in depth works. Multiple security layers—MFA, automated certificate management, file integrity monitoring, and regular updates—create resilient infrastructure that can withstand attacks.