The proposed architecture is capable of running at scale as it leverages managed services where possible. The traditional COTS applications would leverage Amazon EC2 instance metrics with Amazon CloudWatch alarms and logs. Auto Scaling groups and managed Amazon RDS can recover from failure.

The architecture uses managed services where possible, so a large portion of security responsibility falls to AWS, following best practices of security including Amazon S3 encrypted data, IAM roles scoped down, and Amazon DynamoDB encryption at rest. Strong identity is enforced for Consumers through Amazon Cognito, and for operators through IAM roles. CloudWatch Logs and AWS CloudTrail provide traceability, and can be used with organization-wide capabilities, such as Amazon GuardDuty, AWS Security Hub, and a central SIEM.

Using managed services, reliability is achieved by default. Redundancy in storage on Amazon S3 and DynamoDB, scaling of Amazon SageMaker instances, Amazon Redshift, Athena, Amazon SageMaker Canvas, Amazon Pinpoint, Amazon Personalize, AWS AppSync, and EventBridge are also highly available by design. In case of any issues, the data can be replayed from raw events on Amazon S3 using the same pipeline. Events can also be replayed by using the EventBridge archive and reply functionality. The container architecture scales horizontally on a choice of either Amazon Elastic Container Service (Amazon ECS) or Amazon Elastic Kubernetes Service (Amazon EKS) running on AWS Fargate and dynamically adapts to capacity demands.

Scaling is based on the use of AWS Serverless services like AWS Lambda, DynamoDB, SageMaker endpoints, and Amazon Redshift, where possible.

The use of managed and serverless services ensures the minimum cost for the architecture, because they’re designed to charge only when in use.

The proposed architecture uses managed and serverless services where possible to have a sustainable approach, only running when needed. The AWS customer carbon footprint tool can be used to obtain total impact figures.