Centrum Broking Limited, part of the Centrum Group, is a diversified financial services organization offering investment banking, institutional equities, wealth management, broking, and financial technology solutions.The organization operates multiple digital platforms and enterprise applications across AWS infrastructure supporting different business functions and operational environments.
Business ChallengeAs Centrum Broking’s AWS environment expanded across multiple business platforms and workloads, the organization faced increasing complexity in managing governance, security, access management, and operational visibility across multiple AWS accounts. Manual IAM user creation and account-level access management across more than eight AWS accounts created operational inefficiencies and increased administrative overhead. The lack of centralized monitoring and logging limited overall infrastructure visibility and made audit evidence collection and compliance management time-consuming. Inter-account connectivity and network architecture also lacked scalability and centralized governance.
Goals & ObjectivesThe organization aimed to establish a secure, scalable, and governance-driven AWS multi-account framework capable of simplifying operations, improving visibility, strengthening compliance management, and enhancing overall cloud governance.The objective was also to standardize AWS account onboarding, centralize identity management, improve security monitoring, and simplify operational administration across all business platforms.
Solution ApproachPentagon System & Services designed and implemented a comprehensive AWS multi-account governance framework using AWS Control Tower. A centralized Landing Zone architecture was created to organize Production, UAT, Networking, Shared Services, Audit, and Log Archive accounts using AWS Organizations and AWS Control Tower best practices. To simplify access management, AWS IAM Identity Center (AWS SSO) was implemented, enabling centralized user authentication and role-based access management across all AWS accounts. Comprehensive monitoring and governance capabilities were established using AWS CloudTrail with centralized log archival, Amazon GuardDuty, AWS Security Hub, Amazon CloudWatch, AWS Config, and AWS Lambda for automated compliance monitoring and security governance.
Implementation ApproachTo simplify inter-account communication and network scalability, AWS Transit Gateway was deployed for centralized VPC connectivity across the AWS environment. Security governance was further enhanced using AWS WAF, AWS Backup, AWS Inspector, and infrastructure automation through AWS CloudFormation. The deployment also included operational standardization across Amazon ECS, Amazon EKS, Amazon EC2, Amazon RDS, Amazon ElastiCache, and AWS Direct Connect environments.
- AWS Control Tower
- AWS IAM Identity Center (SSO)
- Amazon EC2
- Amazon VPC
- Amazon RDS
- Amazon S3
- AWS CloudTrail
- Amazon CloudWatch
- AWS Security Hub
- Amazon GuardDuty
- AWS Config
- AWS Transit Gateway
- AWS WAF
- AWS Backup
- Amazon ECS
- Amazon EKS
- AWS CloudFormation
- AWS Direct Connect
- Amazon ElastiCache
Results
The implementation enabled Centrum Broking Limited to establish a scalable and governance-driven AWS operating model across multiple business platforms and AWS accounts. User provisioning efforts were reduced by nearly 85%, decreasing access management time from several hours to just a few minutes through centralized identity management and standardized onboarding processes. Centralized CloudTrail logging and governance automation improved audit readiness and reduced compliance evidence collection efforts by approximately 60–70%. The organization achieved 99.9% operational uptime through centralized monitoring, proactive governance, and continuous operational visibility. Unified monitoring and centralized security controls improved threat visibility, accelerated security event correlation, and strengthened governance across the AWS environment. The resulting multi-account architecture provided a scalable and secure cloud foundation capable of supporting future business growth while maintaining operational consistency and compliance standards.
