Customer Stories / Construction & Real Estate
How AvalonBay Accelerated Secure Development by 75% Using Solutions from AWS
Learn how AvalonBay Communities Inc. optimized its secure multiaccount environment using Solutions from AWS.
AvalonBay Communities Inc. (AvalonBay), an equity real estate management company, has an ambitious growth strategy, but its on-premises infrastructure wasn’t conducive to fast development. Further, the personal identifiable information it stores requires it to have strong security.
The company wanted to enhance its online services while improving its development tools and maintaining its data-security posture. It moved to a serverless strategy on Amazon Web Services (AWS) and implemented several solutions from the AWS Solutions Library, which provides vetted solutions and guidance for business and technical use cases. Now, its teams can build faster, using automations, templates, and built-in security controls to reduce manual tasks and speed up infrastructure deployments.
Opportunity | Using AWS to Unlock the Flexibility and Efficiency of Serverless Architecture
AvalonBay is a real estate investment trust that develops and manages apartment homes in major US markets. Renters use its applications to apply for apartments, sign leases, and manage payments, so storing personal data with strong security is mission critical to the company’s operations. To drive growth while maintaining security, AvalonBay decided to modernize its infrastructure on AWS. In 2019, the company started migrating its on-premises infrastructure to AWS.
AvalonBay uses a multiaccount strategy in which each business unit has its own set of AWS accounts. As it adopted more AWS services, the company began to implement automations and security controls that would make sure that every unit complied with the company’s security requirements. “We want to give our developers a lot of freedom without forcing them to use standardized templates or code,” says Michael Ellis, cloud security architect at AvalonBay. “Anything that we can adopt to avoid misconfigurations through proactive security controls and to automate our internal processes is our preferred solution.”
To reduce manual development work and increase cost efficiency, the company created a new serverless environment that is based on a range of AWS services, including AWS Control Tower, which orchestrates multiple AWS services on an organization’s behalf while maintaining its security and compliance needs. AvalonBay also implemented serverless solutions, such as Amazon Cognito, which businesses can use to implement secure, frictionless customer identity and access management that scales. With these modernizations in place, the company launched several new tools in 2022, such as AppLease, which customers can use to view and sign leases.
The automation that we have achieved on AWS has reduced manual work for our teams. It has made it faster and simpler to stand up new AWS accounts.”
Cloud Security Architect, AvalonBay Communities Inc.
Solution | Simplifying Multiaccount Security and Reducing Costs by 40%
When AvalonBay started its custom AWS Control Tower project, it was managing nine accounts. Now, the company has 30. AvalonBay uses Customizations for AWS Control Tower, which it procured from the AWS Solutions Library. This tool combines AWS Control Tower and other highly available, trusted AWS services so that businesses can employ them to more quickly set up a secure, multiaccount AWS environment using AWS best practices. “Automating the process saves us from manual work every time we create new accounts and makes it much simpler,” says Ellis. These automations have virtually eliminated what could otherwise be a 3-day setup process. AvalonBay is also using AWS Control Tower proactive controls to check that resource configurations are correct at the time of deployment.
To track and manage security findings, AvalonBay adopted AWS Security Hub, which automates AWS security checks and centralizes security alerts. The company uses Automated Security Response on AWS alongside AWS Security Hub to provide predefined response and remediation actions that are based on industry compliance standards and best practices for security threats. “The automation that we have achieved on AWS has reduced manual work for our teams,” says Ellis. “It has made it faster and simpler to stand up new AWS accounts, and it prevents us from having to spend time on resolving new findings.” Since adopting Solutions from AWS, AvalonBay has increased its AWS Security Hub score by more than 40 percent.
In 2021, the company centralized customer authentication using Amazon Cognito. Later, AvalonBay began managing user profiles using Amazon Cognito User Profiles Export Reference Architecture, which businesses can apply to export Amazon Cognito user information to facilitate more complex user queries or provide resiliency. Using this solution, AvalonBay aims to replicate Amazon Cognito profiles across both of its AWS Regions. “This centralized authentication system is the biggest benefit,” says Kausik Dey, director of software engineering at AvalonBay. “Our ultimate goal is to have all customer applications available in both Regions.”
With better security automation, AvalonBay’s new serverless infrastructure gives developers more time to enhance the company’s offerings. And developers can customize AWS CloudFormation, which speeds up cloud provisioning with infrastructure as code. “Developers can create whatever resources they need using AWS CloudFormation,” says Ellis. By using AWS CloudFormation templates, which simplify provisioning and management on AWS, the company has accelerated some aspects of development by 75 percent.
AvalonBay’s flexible and efficient infrastructure has resulted in significant cost savings. Since migrating to AWS, the company has reduced costs by 40 percent. Throughout the migration, AvalonBay received support from an AWS solutions architect. “The AWS solutions architect was a key resource in educating us about Solutions from AWS,” says Dey. “We’ve accelerated development multiple times over since we migrated to AWS,” says Ellis. “Serverless is a great model for us. It reduces the things we need to worry about as security engineers.”
Outcome | Preparing for Future Growth with Strong Cloud Security
Out of AvalonBay’s eight applications, six are running completely on AWS. The company is working to further improve its business deliverables and migrate the rest of its applications to AWS. It has engaged AWS Enterprise Support, which provides concierge-like service where the main focus is helping businesses achieve their outcomes and find success in the cloud.
“Modernizing on AWS has exceeded our expectations,” says Dey. “The way AWS releases new features is valuable as we plan our future enhancements.” AvalonBay will continue to modernize its infrastructure to further reduce costs and manual maintenance work by using serverless computing on AWS.
About AvalonBay Communities Inc.
AvalonBay is a real estate investment trust that develops and manages apartment homes and communities that are located in major US markets. It offers applications for renters to apply for apartments, sign leases, and manage payments.
AWS Services Used
AWS Solutions Library
Vetted solutions and guidance for business and technical use cases.
Customizations for AWS Control Tower
Quickly set up a secure, multi-account AWS environment using AWS best practices.
Automated Security Response on AWS
Automatically address security threats with predefined response and remediation actions in AWS Security Hub.
Amazon Cognito User Profiles Export Reference Architecture
Build a framework for exporting user profile and group information from your Amazon Cognito user pools.
Organizations of all sizes across all industries are transforming their businesses and delivering on their missions every day using AWS. Contact our experts and start your own AWS journey today.