Case studies/Center Parcs - Root Login

Center Parcs - Root Login

Using serverless technology, Nasstar designed and delivered a flexible solution that empowers Center Parcs’ security team.

CLIENT

Center Parcs

INDUSTRY

Leisure & hospitality

SERVICE

Cloud

PARTNER

aws

The client

CenterParcsUKandIrelandoffersshortbreaksforfamiliesatsixforestlocations.

For several years, Nasstar has supported Center Parcs by managing its AWS estate. This comprises several solutions that have been strategically deployed across multiple AWS accounts, allowing the organisation to optimise operations and deliver exceptional service to its customers. 

This case study can also be found over at Colibri Digital, part of The Nasstar Group.

Our goal

DeployserverlesstechnologytodefendCenterParcscloudestate.

The challenges

Inlinewithindustrybestpractice,theuseofrootusercapabilitieswithinanAWSaccountshouldbelimitedtoexceptionalcircumstances.

The root user controls an entire AWS estate, including critical systems such as databases, servers, and applications. Therefore, any compromise of root user credentials can have serious consequences.

As part of ongoing consultancy and collaboration between Nasstar and Center Parcs, it was recognised that a comprehensive solution was required to enhance security measures.

Specifically, it was determined that a monthly report should be generated to capture any instances where the organisation's AWS accounts were accessed through the root user via the web console. This report would not only record essential information like the precise date and time of each event but would also include a reference to the unique multi-factor authentication (MFA) device utilised by staff members during the access process.

Our solution

The resilient and scalable solution has created a cost-effective way to handle root login events while meeting stringent security audit requirements.

01

Using serverless technology, Nasstar has crafted a robust solution that empowers Center Parcs’ security team. Nasstar implemented Amazon EventBridge across all AWS accounts within the Center Parcs estate and integrated it with AWS CloudTrail to capture root login events in real time, significantly simplifying the audit process.

02

An EventBridge rule manages the process by sending events to a dedicated AWS account for reporting and auditing. A custom EventBridge Bus passes events from the source accounts to this audit account. From there, another rule sends the events to two places: an SNS topic that alerts the security team in real time, and Amazon Kinesis Firehose, which processes and stores the event data.

03

Events sent to Kinesis Firehose are stored in an S3 bucket. A Glue Crawler processes the data's metadata so it can be queried with Amazon Athena. At the start of each month, a CloudWatch event triggers a Lambda function to query the previous month’s data. Another Lambda function formats the results into a clear report and emails it to the security team using Amazon SES.

04

Nasstar used AWS CloudFormation to provision all necessary services. With version-controlled Infrastructure as Code (IaC), every deployment is accurate, repeatable, and consistent, ensuring long-term reliability and maintainability of the solution.

The outcome

Find out how our expertise could transform your organisation.

Cost efficiency

Using its optimisation expertise, Nasstar selected the best components for a streamlined, cost-effective deployment. The serverless architecture ensures efficient resource use and maximises Center Parcs' investment.

Security

The root access solution has provided Center Parcs’ security team with greater visibility and control. They now have monthly reports which provide detailed insights into root user access across their entire AWS estate.

With real-time notifications, Center Parcs can respond quickly to unexpected activity. This aligns with industry best practice by embracing zero-trust principles and safeguarding critical systems from unauthorised access.

Observability

To enhance observability and ensure the health of this solution, Nasstar deployed CloudWatch, an AWS monitoring tool. CloudWatch Alarms provide real-time visibility, and alerts notify support teams of unusual activity for quick investigation and response.

Center Parcs | Root Login | Nasstar