Securing Cloud Ownership for JaraMarket: Establishing Governed Account Control

About the Company

JaraMarket is a Nigerian online grocery marketplace connecting households across Lagos and other major cities with fresh produce, packaged goods, and household essentials from local vendors. The platform has grown rapidly since launch, serving thousands of customers weekly and partnering with hundreds of small retailers who depend on the marketplace for daily sales.

Customer Challenge

When JaraMarket engaged Digitspot, the AWS account hosting its production workloads was registered under the email address of a former technical contractor. Billing alerts, root credentials, and recovery channels all pointed away from the company. Several engineers held long-lived access keys with broad permissions, and there was no consolidated record of who had logged in, what had been provisioned, or which configuration changes had taken place over the previous eighteen months.

The leadership team recognised that without clear ownership of the root identity, JaraMarket could not credibly answer basic governance questions during investor due diligence or vendor security reviews. They also faced the practical risk of losing administrative access entirely if the original contractor's mailbox were ever decommissioned.

Partner's Solution

Digitspot conducted a structured Account Ownership Transfer exercise and established a fully governed, Infrastructure as Code-driven cloud environment. Key components included:

• Root contact details migrated to a JaraMarket-controlled distribution list
• Root password rotated with a hardware MFA token issued under dual custody by the CEO and CTO
• IAM user audit with dormant identities removed and a least-privilege role model introduced using AWS IAM Identity Center
• Engineers now assume scoped roles rather than carry permanent credentials
• CloudTrail enabled across all regions with logs forwarded to a dedicated write-once S3 bucket protected by Object Lock and a separate KMS key
• AWS Config switched on to record resource state with conformance rules flagging public S3 buckets, unencrypted volumes, and wide-open security groups
• Billing alarm and cost anomaly detector configured for finance visibility
• Production VPC, ECS services, and RDS instances rebuilt in Terraform with state stored in S3 and locked via DynamoDB
• GitHub Actions workflow handling plan and apply stages with mandatory pull request review before any change reaches production

Results and Benefits

• JaraMarket holds undisputed ownership of its AWS environment with root identity fully under company control and protected by hardware MFA
• Standing privileged identities reduced from eleven to three through role-based access
• All administrative activity is traceable through CloudTrail logs retained for seven years
• Infrastructure changes that previously took a full day of manual console work are completed in under thirty minutes through the Terraform pipeline
• Engineering team has a documented baseline they can confidently extend as the marketplace grows

About the Partner

Digitspot, established in 2011, continues to pursue its vision of helping both small and large-scale companies leverage cloud solutions to drive growth and innovation. As an AWS Advanced Partner, Digitspot remains committed to delivering world-class cloud strategies and implementations.