Download PDF

About Cargomatic

Cargomatic is a logistics technology company based in Long Beach, California. Founded by a tech entrepreneur and a logistics expert, the company provides unique solutions that streamline and facilitate the movement of cargo during shipments.

Cargomatic’s web and mobile applications minimize unwanted delays during shipments by seamlessly connecting shippers and a network of truckers.

Migrating AWS Infrastructure from A Single Account

Cargomatic initially sought TrackIt’s expertise to migrate and disperse its infrastructure within AWS for this effort. In March 2019, an assessment of Cargomatic’s cloud infrastructure revealed security vulnerabilities which needed to be addressed.

The company was running all of its environments (Development, Staging, and Production) in one single account and this was proving to be a challenge. In order to remediate the security issues and also improve visibility and cost management, Cargomatic decided to split its AWS infrastructure into three separate and well-architected accounts – one for each environment.

TrackIt helped Cargomatic move the following applications and services from one account into three separate accounts:

● Applications running on Fargate and ECS
● Elasticsearch
● Redis
● Amazon API Gateway
● S3 buckets
● SQS queues
● Amazon RDS
● Lambda functions

The Need For An Additional Layer of Security

Cargomatic also leveraged TrackIt’s expertise to resolve a storage and data security issue they were facing with one of their S3 buckets. The company had unprotected and sensitive data stored in a public S3 bucket that had to be shielded from unauthorized access.

In addition to requiring an additional layer of security to protect the information contained in the bucket, Cargomatic still needed to retain the ability to access this information using a direct link.

TrackIt helped Cargomatic add an additional layer of security using three AWS services: the Amazon API Gateway, Amazon CloudFront, and a Lambda function.

With the new layer of security added, a user requiring access to the information contained in the S3 bucket first needs a certificate to make an API call to the Amazon API Gateway. The API call triggers a Lambda function that, in turn, makes a call to Amazon CloudFront, generating a temporary/presigned link that is sent back to the user. The user can then use the presigned link to gain secure and direct access to the information stored within the S3 bucket.

TrackIt’s Expertise in Storage

TrackIt’s work with Cargomatic required in-depth knowledge and expertise in storage, security, software development, and of course, Amazon Web Services.
“TrackIt has helped Cargomatic many times over the last several years. Their overall AWS expertise and familiarity with our infrastructure enabled an easy, efficient and ultimately successful migration into a clean, well-architected environment” 
Michael Seay, Cargomatic Engineering Team Lead 

Challenge(s)

Poorly architected legacy AWS infrastructure
Sensitive and unprotected data contained in a public S3 bucket

Solution(s):

Migrate to three separate AWS accounts: one for each environment (Development, Staging, and Production)
Add a data security layer to S3 bucket access

Outcome(s):

Increased visibility and efficiency with infrastructure strategically dispersed across three separate AWS accounts
Protection of sensitive data without compromising ease of access

Download PDF