Customer Stories / Travel


Traveloka Takes Off with AWS Security Solutions, Bolstering Infrastructure Security and Management

Traveloka enhanced its security capabilities by integrating AWS WAF, AWS Shield, and AWS Firewall Manager to better mitigate risk, prevent DDoS incidents, and protect customer data.


of monthly customer transactions secured

Ease and speed

of integration with AWS security services


higher efficiency in security management

Enhanced Security

Dozens of DDoS incidents prevented


Traveloka is Southeast Asia’s leading travel platform, with more than 122 million app downloads and 42 million monthly active users. Cybersecurity is Traveloka’s utmost priority, with the platform welcoming millions of users each day. To enhance its security posture and automate and centralize security management, the organization implemented AWS Web Application Firewall (AWS WAF), AWS Shield, and AWS Firewall Manager.

By using AWS security solutions, Traveloka is securing millions of customer transactions while improving platform effectiveness. The company’s investment in enhanced security measures from AWS ensures its customer data stays protected.

heavy traffic moving at speed on UK motorway in England at sunset

Opportunity | Optimizing Security for Millions of Online Transactions

Every day, millions of people reserve flights, hotels, trains, cars, and other travel components on Traveloka, one of Southeast Asia’s leading travel platforms. Founded in 2012, Traveloka now operates in six countries across Southeast Asia.

Like all enterprises that deal with customer data, Traveloka focuses heavily on cybersecurity for online services. The company adopts a proactive and preventative cybersecurity strategy to maintain regulatory compliance in the six countries where it operates. “Responsible operation is a top priority, and we place utmost importance on security throughout our business processes,” says Jose Dalino, head of Engineering, Technology Architecture & Operations at Traveloka. “Whether it's safeguarding our platform, protecting consumer and partner data, or securing online payments, we understand the importance of protecting data.”

As its business grew, Traveloka sought to enhance its security capabilities effectively. For example, the company wanted to automate the detection of endpoints such as API gateways and load balancers on its network. As part of these efforts, the company looked to integrate its web application firewall security tools with its growing Amazon Web Services (AWS) Cloud environment. “We have formed a strategic relationship with AWS since inception, and we trust AWS technology solutions for Traveloka’s platform. Our goal was to manage security effectively through integration with AWS,” says Dalino.


The seamless integration of AWS WAF, AWS Shield, and AWS Firewall Manager into our existing AWS environment simplified deployment and centralized security management.”

Jose Dalino
Head of Engineering, Technology Architecture & Operations, Traveloka

Solution | Integrating AWS Security Solutions to Streamline Security Management

Since many of Traveloka’s workloads had already utilized AWS’ solutions, it was easy for the business to deploy AWS Web Application Firewall (AWS WAF) to increase endpoint protection and provide its applications with an additional layer of security. AWS WAF is a cost-effective solution that reduces the need for manual security tasks and provides automated security controls—features that were essential to Traveloka.

Following a successful proof of concept, Traveloka deployed AWS WAF into production within two months. The business collaborated with AWS Enterprise Support for a thorough review of its distributed denial-of-service (DDoS) response process, which was validated by the Shield Response Team.

Furthermore, AWS Enterprise Support worked closely with Traveloka to review and analyze Traveloka's WAF rules. The aim was to ensure compliance with security standards and address critical application security vulnerabilities effectively. Dalino explains, “With a strong emphasis on security implementation in our platform, AWS played a pivotal role in providing valuable support to our team. They promptly addressed our inquiries and assisted us in the seamless rollout of these AWS services.”

To further protect its applications, Traveloka implemented AWS Shield, a managed service that guards against DDoS incidents, and AWS Firewall Manager, a security management service that centralizes firewall policy configuration and management across multiple accounts. “The seamless integration of AWS WAF, AWS Shield, and AWS Firewall Manager into our existing AWS environment simplified deployment and centralized security management,” Dalino says.

Outcome | Mitigating Risk through Automated Endpoint Discovery and Protection

With the native AWS integration of AWS WAF and AWS Shield, Traveloka receives prompt notification of any incidents. This allows the business to respond faster and minimize service disruptions. The utilization of machine learning in analyzing patterns and creating rules also allows the company’s system to automatically mitigate and protect against DDoS incidents. Dalino adds, “It is now easier for us to manage our environment and make necessary changes in case of network outages.”

By deploying AWS WAF, AWS Shield, and AWS Firewall Manager, Traveloka has increased its security management efficiency by 70 percent. The company is currently evaluating AWS Security Hub and Amazon Inspector, which would automatically detect security gaps and configure remediation rules to fix them. "The positive outcomes we have witnessed from integrating AWS security services have reinforced our commitment to grow alongside AWS in safeguarding our website and customers' data. As the industry landscape continues to evolve, we remain dedicated to staying relevant and ensuring the ongoing protection of our digital assets with the support of AWS,” Dalino concludes.

Learn More

About PT Traveloka Indonesia

Traveloka, one of Southeast Asia’s leading travel platforms, enables consumers to access, discover, and purchase a wide range of travel, local services, and financial services products. Traveloka’s comprehensive product portfolio includes transport booking services such as flight tickets, bus, trains, car rental, airport transfer. It also offers access to the largest accommodation inventory in Southeast Asia, including hotels, apartments, guest houses, homestays, resorts, and villas.

AWS Services Used


AWS Web Application Firewall (AWS WAF) helps you protect against common web exploits and bots that can affect availability, compromise security, or consume excessive resources.

Learn more »

AWS Shield

AWS Shield is a managed DDoS protection service that safeguards applications running on AWS.

Learn more »

AWS Firewall Manager

AWS Firewall Manager is a security management service that allows you to centrally configure and manage firewall rules across your accounts and applications in AWS Organizations.

Learn more »

Get Started

Organizations of all sizes across all industries are transforming their businesses and delivering on their missions every day using AWS. Contact our experts and start your own AWS journey today.