Customer Stories / Software

株式会社 ecbeing

ecbeing Streamlines Operations through Integrated Edge Services on AWS

10 months

duration of AWS WAF and Amazon CloudFront applied to over 1,000 websites

1 business day

lead time to apply WAF to a customer

Stronger protection against DDoS attacks

Streamlined operations through centrally managed edge services


ecbeing provides an eponymous platform for building e-commerce sites. The company, which powers its service platform with multiple clouds, adopted the Amazon CloudFront edge service and AWS WAF for e-commerce sites with greater responsiveness and security. ecbeing also integrated Web Application Firewalls (WAFs) at the edge for cross-vendor operation and enhanced services.


Opportunity | Adopting AWS WAF for PCI DSS compliance

Many large and medium-sized enterprises have adopted ecbeing to power over 1,600 websites since the company launched in 1999. Providing one-stop services that cover e-commerce strategizing, website construction, support for digital marketing and design, and infrastructure security, the company employs 500 developers and 200 marketers to support customers with one of the largest teams in Japan.

In the 2010s, ecbeing shifted its on-premises service delivery platform for e-commerce sites to the cloud. In 2020, the company adopted more cloud technology, operating its platform with the cloud services of multiple separate vendors concurrently. “We develop purpose-built websites, websites for customers who want specific locations, and websites for clients who require flexible use of server resources such as controlling local access,” says Yohei Fujikawa, general manager of the ecbeing Server Services Department.

ecbeing adopted AWS in 2014 when it introduced Amazon CloudFront for website image caching. At the time, websites had become richer in content, ecbeing was deploying services to more sites of larger scale, and load on service delivery platform servers (origin servers) had intensified. The company aimed to improve responsiveness by using a contents delivery network (CDN) to provide content from edge locations. By 2018, DDoS attacks had grown in scale, and ecbeing wanted to secure dynamic pages through AWS Shield DDoS protection. It began using Amazon CloudFront with reverse proxies hosting entire sites on a CDN.

According to Fujikawa, “Back in 2014, Amazon CloudFront was the leading CDN. We decided to use it because there were plenty of case studies and it was easy to get started.”More recently, the growing number of increasingly sophisticated attacks on e-commerce sites has made multi-layered defense essential. Additionally, the Payment Card Industry Data Security Standard (PCI DSS) v4.0 mandates WAFs for web applications, which prompted ecbeing to adopt AWS WAF.


AWS WAF has enabled ecbeing to make our services even more secure."

Yohei Fujikawa
General Manager, Server Services Department, ecbeing

Solution | Integrate Edge Services Using Amazon CloudFront and AWS WAF

ecbeing adopted AWS WAF and decided to unify its edge services with Amazon CloudFront.“AWS WAF can be managed in conjunction with Amazon CloudFront and offers convenient mode switching,” explains Fujikawa. “We can centrally manage it with the Amazon CloudFront management console and apply WAF rules to multiple sites. We decided to unify edge services with AWS, which enabled us to protect the multiple other vendors’ clouds comprising our service delivery platform as well.”

ecbeing mainly applies Amazon CloudFront and AWS WAF to around 1,000 large-scale websites operating on business to consumer (B2C) e-commerce platforms. The company began the deployment in May 2023, completing all applicable websites in March 2024.

The deployment proceeded smoothly due to knowledge gained from years of operating Amazon CloudFront and collaboration between ecbeing’s infrastructure engineers, application engineers, and Computer Security Incident Response Team (CSIRT) security specialists. Yoshimichi Ohno, Senior Lead Engineer of ecbeing’s Server Services Department, provides more details below.

“Setting up AWS WAF was simple; it took only a few minutes per website and we completed all websites in about a week. However, the post-setup log check work was enormous. We spent about two months on it, throwing waves of workers at the task. We queried logs using Amazon Athena, removing rules that hindered normal operation and adding preventative rules. Our CSIRT department, which has experience in developing ecbeing packages and knows the behaviors of all applications, adjudicated the logs and provided advice, which allowed us to complete the deployment quickly.”

Outcome | CDN Offloads Stress on Origin Servers, Optimized Infrastructure Costs

“Deploying AWS WAF further fortified ecbeing's security services,” says Fujikawa.Amalgamating the company’s WAF with AWS WAF has simplified administrative work by enabling bulk application of ecbeing-managed IP block lists and centralized updates. ecbeing previously took a month to deploy WAFs on a per-user basis. With AWS WAF, it can deploy a WAF in one business day. The company’s CSIRT department has run verification tests to add puzzle authentication to user ID and password logins and is steadily reinforcing security.AWS WAF has also enhanced ecbeing’s edge services. Receiving requests from users at the front end reduces loads on service delivery platform origin servers, which optimizes overall infrastructure costs.

“Now that we’ve expanded our services and our content has grown, without Amazon CloudFront, our origin servers would require over double the specs of the current ones and server costs would be higher,” says Ohno. “And AWS edge services also reduce running costs.”

ecbeing plans to analyze AWS WAF log data and fine-tune its system to further improve security, identify cyberattack trends, and update relevant sites. The company is also enhancing its website for better experience for end users and continually evolving through efforts to build unique services such as virtual “waitingroom” on AWS. ecbeing will continue to focus on edge services to handle server-side processing for its service delivery platform.

“We are grateful to AWS tech specialists and the U.S. headquarters service team for providing us with regular meetings and a variety of information since the project began,” says Fujikawa. “We’re anticipating future feature updates to move server-side processing to edge services.”

AWS Services Used


AWS WAF helps you protect against common web exploits and bots that can affect availability, compromise security, or consume excessive resources.

Learn more »

Amazon CloudFront

Amazon CloudFront is a content delivery network (CDN) service built for high performance, security, and developer convenience.

Learn more »

More Professional Services Customer Stories

no items found 


Get Started

Organizations of all sizes across all industries are transforming their businesses and delivering on their missions every day using AWS. Contact our experts and start your own AWS journey today.