PayMe, a leader in embedded finance and a PCI-certified financial services provider recognized for its long-standing credibility and excellence, is redefining how SMBs access financial services globally. To stay ahead, they needed an infrastructure as modern and efficient as the platform they deliver.
Date: June 23, 2025
The Challenge
PayMeโs AWS environment was built on EC2 with Elastic Beanstalk and NAT Gateway routing traffic through the public internet. The setup was expensive, hard to manage, and lacked modern security monitoring. Threat detection was reactive, and maintaining the infrastructure was eating up valuable engineering cycles.
What PayMe Needed
โ Compute Modernization โ Shift from legacy EC2 to a serverless container approach.
โ Private Connectivity โ Establish a secure, low-latency channel to their payment partner.
โ Real-Time Security Visibility โ Gain centralized, automated threat detection and alerting.
โ Lower Operational Overhead โ Eliminate patching, scaling, and instance management.
The Solution
2bcloud worked with PayMe to rebuild their infrastructure using modern AWS primitives that prioritized security, efficiency, and performance.
Compute Modernization with ECS Fargate
- Migrated workloads from EC2 + Beanstalk to ECS Fargate to remove infrastructure management.ย
- Deployed ECS Service Discovery for more reliable inter-service comms.ย
- Streamlined deployments with CI/CD pipelines and auto-scaling, minimizing downtime.ย
Private Network Connectivity
- Implemented AWS Direct Connect to securely link AWS with PayMeโs Israeli payment processor.ย
- Eliminated NAT Gateway usage, reducing latency and data transfer costs.ย
- Encrypted, dedicated connection replaced flaky internet-based routing.ย
Security Visibility and Threat Detection
- Enabled AWS GuardDuty org-wide to monitor threats across all accounts.ย
- Integrated with Slack and email for instant alerting.ย
- Moved ECS workloads to private subnets with strict security group rules.ย
The Technical Stack
1๏ธโฃ ECS Fargate + Service Discovery
- No EC2 managementย
- Faster, more reliable inter-service trafficย
2๏ธโฃ AWS Direct Connect
- Static latency, no public internet exposureย
- Cost savings on data transferย
3๏ธโฃ AWS GuardDuty Integration
- Centralized threat detection across the orgย
- Alerts routed via Slack & email in real-timeย
4๏ธโฃ CI/CD Pipeline Revamp
- GitHub Actions and IAM roles streamline deploymentsย
- Reduced release friction and overheadย
The Results
โ 30%+ cost reduction by cutting EC2 and NAT Gateway usage
โ Significant drop in latency to the payment partner via Direct Connect
โ Near-zero maintenance overhead with serverless infrastructure
โ Real-time threat detection and centralized observability
Why It Matters
“As a PCI-certified financial platform, we continuously align our infrastructure to meet high compliance and performance standards. Migrating to ECS Fargate, eliminating NAT Gateway, and using Direct Connect was a strategic move that directly supports our platform’s scalability, and security needs to serve our customer’s best”.
Looking Ahead
PayMe remains focused on maintaining enterprise-grade security while accelerating innovation. With infrastructure off their plate, PayMe’s engineering team is now fully focused on building features that matter to their users. Their platform is scaling securely and cost-efficiently, opening up more opportunities to serve global SMBs with faster, safer, and more reliable embedded finance solutions.
