Executive Summary

Klub is an investment platform utilizing financial innovation and deep data-driven analytics to provide growth capital to entrepreneurs. Klub partnered with Comprinno to enhance the security landscape of its AWS cloud infrastructure to create a robust, secure and reliable environment for its customers.

About the Customer

Klub is India’s leading FinTech platform focusing on growth capital for brands through revenue-based financing. They are a team of FinTech, investment banking, venture capital, and technology professionals, determined to create a seamless funding experience for business founders, through technology & data. Investment platform combines financial product innovation, deep data-driven analytics, high-frequency collections, and community engagement. Klub has facilitated over 600 investments in 250+ leading brands including SMOOR, Bewakoof, Third Wave Coffee Roasters and have onboarded 7000+ patrons.


As a responsible cloud adopter, Klub wanted to ensure that its AWS cloud infrastructure was robust and foolproof to avoid any security breaches. They also wanted to ensure that they were audit ready with an enhanced security landscape. To market their innovations faster, they required a setup for secure and fast deployments.



Klub, being a FinTech company is in a domain that has stringent security requirements. To fortify the AWS cloud architecture Comprinno undertook a series of security strengthening measures.

Threat of HTTP flood attacks and distributed denial of service (DDoS) attacks designed to take down its website, loomed large. The company needed protection against rogue robots that could flood its website with traffic and SQL-injection attacks designed to extract data. Comprinno configured AWS WAF for the application load balancer as an additional level of security against common web exploits and bots, that may affect availability, compromise security or consume excessive resources.

AWS Organizations was introduced for managing and governing AWS accounts centrally and efficiently. Separate accounts were created for all environments and a separate management account was created. AWS SSO has been used to centrally manage single sign-on access and user permissions across all the AWS accounts in AWS Organization. AWS IAM is used to provide access with least-privilege permissions. AWS SSO was integrated with G-Suite allowing users to access AWS accounts with their G-suite credentials. AWS IAM is used to provide access with least-privilege permissions. Mechanism was devised for root login notification.

AWS Client VPN Endpoints were utilized for accessing private resources using SSO as identity provider. It provides a secure TLS connection from any location using the OpenVPN client and it automatically scales to the number of users connecting to your AWS resources.


Amazon EKS cluster and database was deployed in private subnets in Amazon VPC. Application was deployed on Amazon EKS instances in Auto scaling group in private subnets for high scalability. Security groups were reviewed and restricted. Configuration changes were made enabling data encryption at rest in AWS EC2 and AWS RDS.

AWS Secrets Manager was used to rotate, manage and retrieve the database credentials and API keys. AWS Key Management System (KMS) was used for encrypting data as per AES-256 standard, to guarantee high level of security for the data during the transactions. This also guaranteed security provided for sensitive Personal Identifiable Information.
As per Security best practices, AWS GuardDuty, Amazon Inspector and AWS Security Hub have been used for security threat detection and monitoring.

AWS CloudTrail was used to monitor and record account activity across AWS infrastructure, giving control over storage, analysis, and remediation actions. All AWS Services logs were generated and stored in Amazon S3. Amazon S3 buckets associated with Amazon CloudTrail logs were configured to use the Object Lock feature in Compliance mode, in order to prevent tampering of stored logs and meet regulatory compliance. Application logs were shipped from Amazon EKS to Amazon Kinesis Firehose with Fluentbit log shipping tool. All AWS Services metrics were aggregated to create a common AWS CloudWatch Dashboard. Application metrics were exposed using Kubernetes Dashboard. Relevant alarms were configured in AWS CloudWatch Alarms for the infrastructure components.

Infrastructure was automated using Terraform. Terraform was an essential part disaster recovery strategy as it helps put up new infrastructure very quickly and efficiently.

CI/CD pipeline was implemented using Jenkins. Jenkins is triggered whenever code is committed to repository because of webhooks configured. Jenkins here was used for building the docker image, pushing it to AWS ECR and then deploying to AWS EKS. Whenever the new code is pushed to the repo, Jenkins is triggered which then clones the repository in its file system and sends it to SonarQube for checking the code quality.
SonarQube then checks the code on the rules defined in quality gate and sends back a JSON to Jenkins which reports the status of the code. If the code passes the quality gate the code is deployed and if it does not pass the quality then the pipeline is aborted.



- Enhanced security posture
- An automated, scalable security solution has been built
- DDoS attacks are thwarted
- Improved incident response times by automating incident management process
- Secured static website
- Effective logging and monitoring of AWS services
- Reduced delivery time owing to automatic deployments via CI/CD.

Related Case Studies

Octate Opts for Modernized Workloadswith Amazon EKS
Octate, a prominent Social B2B marketplace firm, is renowned for providing a comprehensive solution to both buyers and vendors
BoAt's Strategic Alliance with Comprinno for Robust Infrastructure Management
BoAt is the world's 2nd largest wearable brand and India’s No.1 Earwear brand. Company offers its various products for sale on its web portal and mobile app.
Synaptic Modernizes infrastructure with Well-Architected EKS Package
Synaptic specializes in data analytics and alternative data solutions, offering actionable insights about private and public companies on a no-code platform.
Fibe collaborates with Comprinno to build a resilient architecture
Fibe (formerly EarlySalary) is one of India's leading consumer lending apps focused on young working professionals. Their mission is to create a financial ecosystem that helps mid-income groups fulfill their aspirations and drive affordability at scale.
Cometchat modernizes its infrastructure using Amazon ECS
A pioneer in user-friendly communication platforms, CometChat empowers websites and applications with seamless text chat, voice, and video functionalities.
A Winning Formula: LightMetrics and Comprinno’s Collaboration for Operational Brilliance
LightMetrics revolutionizes commercial fleets with RideView video telematics
Youvah’s journey to efficiency with AWS infrastructure adoption
Youvah is India's First Internship Platform for teenagers. They are an IIM Bangalore Incubated
Highway Delite adopts a resilient AWS architecture
Highway Delite is a pioneering travel app specifically designed
Pando: Building a Resilient Infrastructure
Pando, a leading global supply chain technology company, is renowned
Skill-Lync migrates to AWS from Digital Ocean
Skill-Lync offers industry-relevant advanced engineering courses for engineering students
Leher migrates to AWS
Leher provides tools to creators for hosting exclusive communities
ISO 27001 compliant architecture
ISO 27001 compliant AWS infrastructure architected by Comprinno
Secure AWS architecture with data localization
FinTech company allies with Comprinno to clear data localization audit
GigsBoard migrates to AWS with assistance from Comprinno
Bigyellowfish Technologies
Bigyellowfish engages with Comprinno to conduct a Well-Architected Review
Klub fortifies its AWS Cloud infrastructure by partnering with Comprinno
Neural Hive
Neural Hive launches its cloud journey by partnering with AWS and Comprinno
AyuRythm gears up for high demand volumes for its wellness app
FinTech case study
Asia’s largest Fintech company partners with Comprinno for a PCI DSS Compliant infrastructure
DynamoDB Cost Optimization For boAt
AWS inter-region migration in record time during Covid-19 lockdown period
Cutting edge cloud technology solution for India’s leading healthcare service provider
Mantle Labs  
High-Speed Satellite Image Processing for a Partner Geobotanic AI Platform
Distributed database that is optimized for Partner handling heavy workloads for an AI platform
AWS Workspace-based virtual office for a global Clinical Research Organization (CRO)
Secure CRM access to WFH telemarketer during Covid-19 lockdown