AWS Architecture Blog

Category: Security, Identity, & Compliance

Field Notes: Building Multi-Region and Multi-Account Tools with AWS Organizations

It’s common to start with a single AWS account when you are beginning your cloud journey with AWS. Running operations such as creating, reading, updating, and deleting resources in a single AWS account can be straightforward with AWS application program interfaces (APIs). Because an organization grows, so does their account strategy, often splitting workloads across […]

Read More
Multi-account hierarchy

Journey to Adopt Cloud-Native Architecture Series: #4 – Governing Security at Scale and IAM Baselining

In Part 3 of this series, Improved Resiliency and Standardized Observability, we talked about design patterns that you can adopt to improve resiliency, achieve minimum business continuity, and scale applications with lengthy transactions (more than 3 minutes). As a refresher from previous blogs in this series, our example ecommerce company’s “Shoppers” application runs in the cloud. […]

Read More
Figure 5. Event registration and check-in

Using AWS Serverless to Power Event Management Applications

Most large events have common activities such as event registration, check-in upon arrival, and requesting of amenities. When designing applications, factors such as high availability, low latency, reliability, and security must be considered. In this blog post, we’d like to show how Amazon Web Services (AWS) can assist you in event planning activities. We’ll share […]

Read More
Figure 2. Architecture to view Security Hub findings using AWS serverless analytics services

Visualize AWS Security Hub Findings using Analytics and Business Intelligence Tools

September 8, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. To improve the security posture in your organization, you first must have a comprehensive view of your security, operations, and compliance data. AWS Security Hub gives you a thorough view of your security alerts and security posture across all your […]

Read More
Document processing architectural diagram

Convert and Watermark Documents Automatically with Amazon S3 Object Lambda

When you provide access to a sensitive document to someone outside of your organization, you likely need to ensure that the document is read-only. In this case, your document should be associated with a specific user in case it is shared. For example, authors often embed user-specific watermarks into their ebooks. This way, if their […]

Read More

Reduce Cost and Increase Security with Amazon VPC Endpoints

This blog explains the benefits of using Amazon VPC endpoints and highlights a self-paced workshop that will help you learn more about them. Amazon Virtual Private Cloud (Amazon VPC) enables you to launch Amazon Web Services (AWS) resources into a virtual network that you’ve defined. This virtual network resembles a traditional network that you’d operate […]

Read More
Figure 3. Multi-VPC centralized architecture

Choosing Your VPC Endpoint Strategy for Amazon S3

This post was co-written with Anusha Dharmalingam, former AWS Solutions Architect. Must your Amazon Web Services (AWS) application connect to Amazon Simple Storage Service (S3) buckets, but not traverse the internet to reach public endpoints? Must the connection scale to accommodate bandwidth demands? AWS offers a mechanism called VPC endpoint to meet these requirements. This […]

Read More
Figure 1. Validation system for data classification

Using Amazon Macie to Validate S3 Bucket Data Classification

Securing sensitive information is a high priority for organizations for many reasons. At the same time, organizations are looking for ways to empower development teams to stay agile and innovative. Centralized security teams strive to create systems that align to the needs of the development teams, rather than mandating how those teams must operate. Security […]

Read More
Microservices-based order submission workflow

Architecting a Highly Available Serverless, Microservices-Based Ecommerce Site

The number of ecommerce vendors is growing globally, and they often handle large traffic at different times of the day and different days of the year. This, in addition to building, managing, and maintaining IT infrastructure on-premises data centers can present challenges to their businesses’ scalability and growth. This blog provides you a Serverless on […]

Read More
Figure 1. Data pipeline that cleans, processes, and segments data

How Financial Institutions can use AWS to Address Regulatory Reporting

Since the 2008 financial crisis, banking supervisory institutions such as the Basel Committee on Banking Supervision (BCBS) have strengthened regulations. There is now increased oversight over the financial services industry. For banks, making the necessary changes to comply with these rules is a challenging, multi-year effort. Basel IV, a massive update to existing rules, is […]

Read More