Running A Company

How Ensures Serverless Architecture Security

How Ensures Our Serverless Architecture Security

While serverless is a relatively new concept, adoption is well underway and we at Droplr are using serverless architecture security. Still, many companies are shy about exploring and implementing serverless architecture, let alone publishing their successful migration story online.

Droplr’s engineering team shared their story about moving to serverless, covering the main steps of the process — planning, testing, security, and monitoring. plays an integral part of the multi-layered monitoring approach used by Droplr. We use it as the primary logging in the new architecture. We’re sharing more about our serverless architecture security in this blog post 

How Ensures Our Serverless Architecture Security

Searching for a Logging Solution

Droplr’s services are now built almost entirely upon a serverless architecture. Lambda functions handle both the processing of background jobs and all the public-facing microservices. The latter are now HTTP-invoked Lambda functions. Requests and responses are passed via the AWS API gateway, which in turn is placed behind CloudFront.   

CloudFront already let Droplr monitor all incoming and outgoing HTTP traffic using access logs. As such, the question was what log analysis tool to use. Droplr began exploring different logging solutions. AWS lacked the analysis features Droplr required, while other logging solutions did not integrate with AWS to a satisfying degree.

Because of previous experience with the ELK Stack, the team preferred an ELK-based solution that did not require investing resources in maintenance. As offered ELK as a scalable and secure service, we evaluated it and found it to suit Droplr’s requirements and architecture. As Antoni Orfin, Solutions Architect at Droplr, puts it: “ fit our serverless – and pay for what you use – concept perfectly“.

How Ensures Our Serverless Architecture Security

Onboarding with

Migrating to was seamless and took less than a day’s work. CloudFront logs are shipped to an S3 bucket, from where they are pulled using’s built-in support for AWS.

Since Droplr’s CloudFront logs contain some custom fields for measuring bandwidth abuse, there was some initial parsing work. This was performed with the assistance of the support team at All processing is now performed on’s end. CloudFront logs are parsed automatically to allow efficient analysis and visualization.  

Monitoring File Downloads

More than half a million users download files from Droplr every day. It goes without saying that these downloads need to be carefully monitored. Limitations on file downloads need to be enforced and abusive behavior identified on time.

Droplr analyzes and monitors file downloads using the CloudFront access logs. These logs contain typical HTTP-related fields (e.g. status, method, IP, result). As mentioned above, they have also been customized to include some Droplr-specific metrics. Kibana dashboards have been developed on top of the logs to give the team a good indication of when the system is being used as expected.

Triggering Lambdas with Alerts

Droplr has also developed a way to automatically block a user once anomalous behavior is identified in the CloudFront logs.

This method is based on two components that integrate with Droplr’s serverless architecture. On the side, an alert has been configured based on specifically defined thresholds. Once triggered, this alert calls an http endpoint which is actually a Lambda function. This function then blocks the user.  

How Ensures Our Serverless Architecture Security

End result

The entire IT team at Droplr use as their primary log analysis tool. Access is given to the development team as well upon request, for visibility into how the services are performing in production. Approximately 5 GB of CloudFront logs are shipped to a day, helping Droplr not only monitor HTTP traffic but also save the company money.

Antoni Orfin, Solutions Architect at Droplr, sums it up: “After a few months of using, we were amazed at how great it fits our serverless architecture. Using has helped us to effectively analyze abusive usage of Droplr and has ultimately saved us tens of thousands of dollars a month.”

This article appeared originally on: 

If you like what you’ve just read, stay tuned for more feed on the serverless architecture security!

Capterra Rating
GetApp Rating
G2 Rating
Software Advice Rating
TrustRadius Rating
CNET Rating

Experience working faster, not harder

Questions? Ask us on a live chat now.