Customer Name: Airpay Payment Services

Client Profile

Airpay, India's first integrated omnichannel financial services platform, collaborates with over 200 financial institutions and 1,000 business partners globally. Previously, their infrastructure was housed in Tata Communications' on-premise data center. To handle a growing customer base and modernize operations, Airpay sought to migrate to AWS.

Challenge

Airpay required a secure and scalable way to analyze AWS WAF logs stored in Amazon S3 to detect suspicious activity, review blocked requests, and support compliance reporting. The key requirement was to convert raw JSON WAF logs into a structured and easily queryable format, enabling the security team to perform efficient analysis without managing complex infrastructure.

✓ AWS WAF logs are delivered to Amazon S3 in raw JSON format, which is not directly queryable or report-friendly for security analysis and compliance use cases.
✓ The log schema is semi-structured and can evolve over time as AWS introduces new fields, making manual schema management difficult and error-prone.
✓ Continuous or scheduled Glue Crawler executions on unchanged data led to unnecessary scans and increased Glue cataloging costs.
✓ Repeated crawling of the same S3 objects provided no additional value while impacting overall performance efficiency.
✓ Airpay required a cost-optimized and controlled cataloging approach that updates schemas only when actual structural changes occur.

Solution

To address its log analytics needs, Airpay implemented a fully serverless solution using AWS Glue Data Catalog and Amazon Athena. AWS WAF delivers all allowed and blocked request logs to a centralized Amazon S3 bucket in raw JSON format, providing scalable and durable storage without managing ingestion infrastructure. An AWS Glue Crawler is executed only when schema changes or new partitions are expected, reducing unnecessary scans and optimizing cost while keeping the catalog accurate. Amazon Athena then queries the S3 data using the Glue metadata, enabling security and compliance teams to analyze attack patterns, identify blocked IPs, and generate audit-ready reports through simple SQL queries.

Business Impact

This solution enabled Airpay to perform fast and flexible security analytics by querying AWS WAF logs directly in Amazon Athena, helping teams quickly identify blocked requests and suspicious activity. By using a fully serverless stack with Amazon S3, AWS Glue Data Catalog, and Athena, infrastructure management and operational costs were kept minimal. Automated schema detection through Glue Crawlers reduced manual effort and reporting errors, while structured, queryable logs improved compliance reporting and audit readiness.