The media group manages approximately fifty websites hosted on AWS infrastructure, with Ouest-France.fr serving as its flagship site, attracting around 180 million monthly visits. All of these sites are deployed on a Kubernetes platform that encompasses over 300 applications spread across 4,000 containers, covering various environments.
Prior to the 2024 legislative elections, the group undertook a comprehensive review of its platform’s security, focusing initially on perimeter protection measures for its infrastructure. For the upcoming Paris 2024 Olympic Games, the emphasis shifted toward strengthening defenses against Web Application Firewalls (WAF) and Distributed Denial of Service (DDoS) attacks. Jérémy Chomat, Staff Engineer at Ouest-France, explains the motivation behind these enhancements: “Like any major web presence, we are regularly targeted by cyberattacks. Our daily security operations involve monitoring and responding to numerous incidents. These are routine activities, not isolated events. Some of our partners flagged potential cybersecurity risks related to the Olympics, which prompted us to implement more robust processes.”
Enhanced AWS Monitoring During the Event
A preliminary assessment of their current support services led Ouest-France to activate the AWS Enterprise On-Ramp support tier. This level of service provided the group access to specialized tools included in the package. Additionally, the team was assigned a dedicated AWS Solution Architect (SA), who collaborated with them to identify best practices and improvements ahead of the Olympics. Starting from February 2024, the team plans to put these recommendations into action. An architecture review focused on security is underway to identify quick wins and develop a strategic roadmap.
The security perimeter, already fortified during the 2024 legislative cycle, now directs efforts toward managing user authentication and permissions. Jérémy Chomat notes, “We realized that if a user with access rights on our platform had their account compromised, we weren’t fully covered against such scenarios. It’s crucial to detect unusual activity promptly and react accordingly.” Concurrently, the project team is working on implementing tools for traceability and anomaly detection.
For the Olympics, the security team enforced two-factor authentication for all individuals accessing the group’s AWS platform and centralized identity and security data on the root account.
Since perimeter defenses were already established for the 2024 legislative cycle, the current focus has shifted toward refining user authentication and access permissions. “We wanted to address the gap where a compromised user account could pose risks,” explains Jérémy Chomat. “It’s vital to detect unconventional activity and respond quickly.” The team is also developing tracking and monitoring tools to oversee anomalies.
Moving Toward Centralized Permission Management
To streamline team permissions management, a diagram illustrating how internal user rights are delegated on AWS infrastructure was quickly drafted. The goal is to leverage this existing setup by integrating it with the Active Directory (AD) knowledge base and connecting AD groups with AWS roles in the group’s on-premises Identity and Access Management (IAM). This approach aims to automate permission assignments based on specific needs: “The Identity Provider assigns roles to users after they authenticate with MFA. Then, appropriate permissions are granted—whether to support teams or development crews. Centralizing this process helps us manage numerous accounts more effectively and maintain a comprehensive view that extends up to the root account, where we activate services like CloudTrail, GuardDuty, and Security Hub.”
Ouest-France utilizes AWS CloudTrail’s Data Lake for logging all permission-related failures—such as attempts by users to perform actions outside their authorized scope. These events are stored for subsequent analysis, potentially flagging security incidents.
Alongside permission management, the team reviewed their cloud security tooling. Implementing a Cloud-Native Application Protection Platform (CNAPP), they identified and remediated configuration vulnerabilities in their cloud environment. This work also involved prioritizing and categorizing the most sensitive actions for better oversight.
Furthermore, the media group activated AWS’s Support Countdown feature during the Olympics—an option available only once per year. “We triggered this support level during the Games, which enabled us to request increased vigilance and resource awareness from AWS support teams. We provided them with a list of critical resources and discussed potential impacts of service degradation. This allowed us to ensure that their monitoring levels rose during this high-profile event,” says Jérémy Chomat.
No Increase in Cyber Attacks During the Event
Despite a surge in website traffic—about 45 million visits during the Olympic period, representing nearly a 20% increase—the platforms experienced no security breaches or account compromises. Their systems maintained 100% availability, demonstrating consistent reliability. “We logged approximately two million security events during the Olympics, a high number but within expected traffic trends. We didn’t encounter any surprises,” Jérémy Chomat confirms.
The team had only a few months to prepare, implementing new tools and best practices, prioritizing observability over proactive incident management at this stage. Moving forward, their security roadmap includes deploying AWS Identity Center to replace account-level authentication with centralized access management at the root account. This will simplify permissions configuration and delegation across child accounts.
The team also plans to adopt the Security, Identity, and Privilege (SIP) program within AWS Support’s On-Ramp initiative, focusing on continuous infrastructure security improvements informed by audits and strategic planning.
Reducing Attack Surface Through Permission Overhaul
A key future effort involves minimizing the attack surface via permission downscaling. “Many teams currently operate with broad rights on various environments,” notes Jérémy Chomat. “Reducing permissions outside business hours for teams that don’t need access can significantly lower risk in case of account compromise.”
This equally applies to application permissions, which are managed through numerous roles for different teams and services. “This process will require effort, but by iterating on existing roles and enforcing the principle of least privilege, we can ensure minimal permissions without disrupting operations,” he explains. These tighter restrictions will improve incident analysis by enabling more precise event granularity in CloudTrail logs.
“Every event should be seen as an opportunity to strengthen and complement our security defenses. The goal is that each implemented measure can serve as a foundation for ongoing improvements, progressively elevating our security posture.”
Jérémy Chomat, Staff Engineer at Ouest-France
