Eurowag - Optimizing AWS Networking for Eurowag’s Payment Solutions and Connectivity

Eurowag required a stable, high-availability infrastructure to support their payment systems, with seamless integration across multiple data centers. Trustsoft implemented a robust AWS networking solution, utilizing Site-to-Site VPNs, Transit Gateways, and proactive monitoring to ensure uptime and cost predictability.
Client
Eurowag
Date
20.1.2025
Website
https://www.eurowag.com

Problem Statement/ Definition

  • The customer wants stable infrastructure “as a service”.
  • The solution should be working 24/7 with main emphasis on the business work days. The drivers using the payment systems operate mainly during the day, although late night or early morning transactions are common too.
  • Main criteria are that the infrastructure is working end to end and the applications are able to process incoming transactions without issues.
  • The infrastructure needs to seamlessly integrate with other data centers and cloud providers used by the customer.
  • Updates and new container image deployment should be fast, with a clear approval process.
  • In case there are issues, the monitoring system has to capture them, alert the Trustsoft support team and the customer, if necessary.

Proposed Solution and Architecture

  • AWS Infrastructure designed with both legacy and modern applications in mind.
  • Fully automated deployment via pipeline with separation for application container deployment and Infrastructure IaaC in Terraform.
  • Separated Shared account, Application accounts and Audit and management accounts. All deployed and managed by AWS Organizations and AWS Control Tower.
  • Robust networking and links to external datacenters and providers that utilizes AWS Site-to-site VPNs. Accounts are networked with Transit gateway and Internal load balancing, where needed. For special high reliability connections AWS PrivateLink is used.
  • The target groups for load balancers are monitored to ensure the external endpoints are reachable.
  • Trustsoft monitors both internal and external endpoints, including proactive transaction monitoring - to minimize our response latency and reduce dependency or wait time for the action of external partners.

Outcomes of Project and Success Metrics

The customer is very sensitive about two financial aspects. The predictability of the Cloud spend and the business impact in case the solution is down. Each minute the solution is down costs money for the customer. Trustsoft however does not know financial obligations between EuroWag and its end customers. It is a business secret.
Trustsoft team had received 932 critical alerts between 2024-06-01 and 2025-01-09 from the monitoring solution. These were taken care of with minimal impact on production. There was one incident concerning production Aurora DB in this period that lasted for 1 hour and 47 minutes. The customer was affected, but the service was not interrupted (long DB responses).
The budget predictability is also crucial to EuroWag’s procurement. FinOps became a substantial part of the project as Trustsoft long term keeps the AWS spend under the agreed limit of 10 500 EUR per month. This was achieved despite increasing consumption of AWS services.

Describe the TCO Analysis Performed

Trustsoft conducted a thorough analysis of the Total Cost of Ownership (TCO) for Eurowag before the migration project. This included a Right Sizing Analysis to identify the most suitable resources and AWS services for the monitoring and cost of operations. We also compared the costs between the existing setup and potential modernization on AWS. TrustSoft provided a plan with a cost estimate, detailing the expenses for AWS services and offering advice on the operational approach. The TCO analysis underscored the financial advantages of moving to open source solutions, along with potential improvements in business agility and innovation. To align with the client's needs, TrustSoft held meetings and workshops, using the AWS pricing calculator to produce accurate cost estimates.

Lessons Learned

  • Transit gateways can greatly simplify the routing and cross-account communication. Pairing it with Dynamic routing for Site to site VPNS (when BGP is supported on the other side) proved more resilient than static routing which was used previously.
  • AWS Site-to-site VPN is very stable and reliable, however it still lacks in terms of logging and configurability to be usable in place of robust ipsec/firewall that connects to endpoints with many different solutions like Cisco ASA, Fortigate, Checkpoint, etc. In this case we’ve found it easier to use solution like Strongswan.
  • It proved efficient to monitor the critical AWS Components with native AWS solutions, like CloudWatch alarms. We were able to get better results for specialized monitoring (e.g. application states, transactions) with the Grafana, Prometheus, Loki stack.

Introduction Case Study

Results

BEFORE
NOW

Testimonial

No items found.

Ask our Experts

Leave us a contact, we will get back to you

Thank you! We've received your email.
Oops! Please try again later.

Case Study

Real-World Impact of Our Cloud Expertise

Transport&Logistics

Eurowag – from on-prem to AWS with MAP

Media & Entertaiment

Ringier - Well Architected Review and landing zone building

All Case Studies