Kistler
CloudFront and AWS WAF in front of EKS for an industrial sensor platform — end-to-end TLS, no application changes.
Kistler's measurement platforms underpin live manufacturing operations, and DDoS attacks against them were getting more frequent and more sophisticated. Any mitigation had to sit cleanly in front of an existing EKS estate, preserve end-to-end TLS with no intermediate termination, and distinguish legitimate machine-to-machine API traffic from malicious bots — all without taking the service down.
Amazon CloudFront and AWS WAF in front of the EKS load balancers, with managed rule groups, custom rate limits tuned to real traffic patterns, and Bot Control configured to permit Kistler's known automated clients. Origin security groups locked to CloudFront ranges via Origin Access Control, ACM-managed TLS terminating at the edge with HTTPS-only origin protocol, and a phased Route 53 weighted-DNS cutover with WAF rules in count mode first.
The migration completed with zero customer-visible downtime and no support tickets. End-to-end TLS validation confirmed no plaintext exposure, and Kistler's EKS ingress, service mesh and deployment pipelines required zero changes. Four subsequent DDoS events were absorbed entirely at the edge before reaching origin.
Under the hood
“We needed DDoS protection without disrupting our production services or compromising our security standards. Remāngu delivered exactly that, with a cutover so smooth our end users never noticed the change.”
Next case study
Global advertising holding (Top 5 worldwide)