Sunray Group
AWS-Lambda-Service
Industry Vertical – Hospitality
The Client
Sunray Group is a family-owned, multifaceted corporation specializing in hospitality and development. Sunray believes in the strength of brand equity. The group is successfully building an ever-increasing portfolio of award-winning brands, which include Marriott, Starwood, Hilton, Radisson, Best Western, IHG, Wyndham and Choice Hotels. They have also developed prominent brands such as Tim Horton's, McDonald's, Fionn McCool’s, Shell and Petro Canada.
Problem Statement
Prior to implementing a serverless solution, Sunray struggled with a lack of centralization and automation for their file intake process. Files were collected manually via email or basic upload portals and stored without real-time validation or metadata classification. This led to serious inefficiencies including lost documents, duplication, inconsistent naming conventions, and delays in internal routing. Moreover, because many of the documents involved PII or contractual data, there were significant security and compliance concerns. Audit trails were incomplete or manual, and monitoring upload activity in real time was not feasible. Downtime due to storage misconfigurations or access issues added to the operational load and hampered service delivery.
As a fast-scaling organization, Sunray required a backend system that could scale seamlessly, eliminate manual steps, and enforce strict access and compliance controls. Traditional server-based file handling was expensive, brittle, and resource-intensive. The organization wanted to move toward a scalable, serverless architecture that could support rapid growth without compromising on security or operational governance.
Solution Provided by Hallmark (Powered by AWS Lambda):
Hallmark proposed and deployed a serverless file intake platform named SecureDrop, built using AWS Lambda at its core. This event-driven architecture eliminated the need for Sunray to manage any underlying infrastructure, allowing their internal teams to focus on business logic and client service delivery. The solution was designed to trigger workflows automatically upon file uploads and enforce rules such as file-type validation, size restrictions, metadata tagging, and user alerting.
Amazon S3 was used as the secure storage entry point where users could upload files via a web interface or pre-signed URLs. Each upload generated an s3:ObjectCreated event that invoked a dedicated Lambda function. This function performed checks on the file, logged metadata to a DynamoDB table, and sent alerts through Amazon SNS to designated operations staff.
Additional Lambda functions were developed for:
- Validating file extensions and blocking disallowed formats.
- Logging and indexing uploads by user ID and timestamp.
- Sending automatic email notifications to relevant teams.
- Preparing future hooks for downstream integration with HRMS and CRM systems.
AWS SAM (Serverless Application Model) was used for template-driven deployment of Lambda functions, ensuring reliable rollouts across dev and production environments. Infrastructure-as-Code allowed easy reusability, version control, and rollback when necessary.
Security Architecture and Operational Visibility: To meet strict compliance requirements, the following security best practices were implemented:
IAM policies enforced least-privilege access to Lambda, DynamoDB, and S3 resources.
All environment variables were encrypted and securely managed via AWS Systems Manager Parameter Store.
Upload buckets enforced encryption-at-rest using AWS KMS.
CloudWatch Logs captured every invocation and error trace in near real time.
Alerting mechanisms using SNS and metric alarms ensured quick visibility into system anomalies.
The architecture was intentionally kept lightweight and self-healing, and with Lambda’s managed runtime, patching and scaling were completely offloaded to AWS.
Business Impact and Outcomes: The serverless implementation yielded immediate and long-term benefits for Sunray:
Eliminated downtime and manual processing — Uploads are processed instantly with no human intervention.
Strong cost-efficiency — Pay-per-use Lambda model removed idle compute costs.
Security compliance — PII files are validated, logged, and encrypted automatically.
Real-time monitoring — Operational visibility improved dramatically with CloudWatch integration.
Faster response to client needs — Automated workflows shortened turnaround time for onboarding and file validation tasks.
Sunray now operates a scalable and auditable document intake platform that aligns with AWS Well-Architected principles. The serverless transition has freed up their development and operations teams, allowing them to innovate faster and provide exceptional service reliability to their clients.
This solution forms a cornerstone in Sunray’s modernization strategy and stands as a reference-grade workload for AWS Lambda adoption in HR tech and compliance-sensitive industries.
