AWS Architecture Blog

Category: Security, Identity, & Compliance

Current high-level solution architecture for the ALLFINANZ solution

How Munich Re Automation Solutions Ltd built a digital insurance platform on AWS

Underwriting for life insurance can be quite manual and often time-intensive with lots of re-keying by advisers before underwriting decisions can be made and policies finally issued. In the digital age, people purchasing life insurance want self-service interactions with their prospective insurer. People want speed of transaction with time to cover reduced from days to […]

Read More
The AWS Well-Architected Custom Lens Lifecycle

Implementing the AWS Well-Architected Custom Lens lifecycle in your organization

In this blog post, we present a lifecycle that helps you build, validate, and improve your own AWS Well-Architected Custom Lens, in order to roll it out across your whole organization. The AWS Well-Architected Custom Lens is a new feature of the AWS Well-Architected Tool that lets you bring your own best practices to complement the existing […]

Read More
Figure 1. Oracle Database in Amazon EC2 using AWS Backup and S3 for backup and restore

Using AWS Backup and Oracle RMAN for backup/restore of Oracle databases on Amazon EC2: Part 1

Customers running Oracle databases on Amazon Elastic Compute Cloud (Amazon EC2) often take database and schema backups using Oracle native tools, like Data Pump and Recovery Manager (RMAN), to satisfy data protection, disaster recovery (DR), and compliance requirements. A priority is to reduce backup time as the data grows exponentially and recover sooner in case […]

Read More
Data flow when using AWS Application Migration Service (black diamonds denote potential points of contention)

Identification of replication bottlenecks when using AWS Application Migration Service

Enterprises frequently begin their journey by re-hosting (lift-and-shift) their on-premises workloads into AWS and running Amazon Elastic Compute Cloud (Amazon EC2) instances. A simpler way to re-host is by using AWS Application Migration Service (Application Migration Service), a cloud-native migration service. To streamline and expedite migrations, automate reusable migration patterns that work for a wide […]

Read More
Cloud architecture of the sample code

Throttling a tiered, multi-tenant REST API at scale using API Gateway: Part 2

In Part 1 of this blog series, we demonstrated why tiering and throttling become necessary at scale for multi-tenant REST APIs, and explored tiering strategy and throttling with Amazon API Gateway. In this post, Part 2, we will examine tenant isolation strategies at scale with API Gateway and extend the sample code from Part 1. […]

Read More
Figure 1. Cloud Architecture of the sample code.

Throttling a tiered, multi-tenant REST API at scale using API Gateway: Part 1

Many software-as-a-service (SaaS) providers adopt throttling as a common technique to protect a distributed system from spikes of inbound traffic that might compromise reliability, reduce throughput, or increase operational cost. Multi-tenant SaaS systems have an additional concern of fairness; excessive traffic from one tenant needs to be selectively throttled without impacting the experience of other […]

Read More
Aggregation of security services in security tooling account

Journey to Adopt Cloud-Native Architecture Series #5 – Enhancing Threat Detection, Data Protection, and Incident Response

In Part 4 of this series, Governing Security at Scale and IAM Baselining, we discussed building a multi-account strategy and improving access management and least privilege to prevent unwanted access and to enforce security controls. As a refresher from previous posts in this series, our example e-commerce company’s “Shoppers” application runs in the cloud. The company […]

Read More
A proxy solution to the Amazon Cognito regional endpoint

Enriching Amazon Cognito features with an Amazon API Gateway proxy

This post was co-written with Geoff Baskwill, member of the Architecture Enabling Team at Trend Micro. At Trend Micro, we use AWS technologies to build secure solutions to help our customers improve their security posture. This post builds on the architecture originally published in Protect public clients for Amazon Cognito with an Amazon CloudFront proxy. […]

Read More
Solution architecture for scanner and probe automation (xxx represents the numbers as defined by the use case)

Dream11: Blocking application attacks using AWS WAF at scale

As the world’s largest fantasy sports platforms with more than 120 million registered users, Dream11 runs multiple contests simultaneously while processing millions of user requests per minute. Their user-centric and data-driven teams make it a priority to ensure that the Dream11 application (app) remains protected against all kinds of threats and vulnerabilities. Introduction to AWS […]

Read More

Reduce Cost and Increase Security with Amazon VPC Endpoints

This blog explains the benefits of using Amazon VPC endpoints and highlights a self-paced workshop that will help you learn more about them. Amazon Virtual Private Cloud (Amazon VPC) enables you to launch Amazon Web Services (AWS) resources into a virtual network that you’ve defined. This virtual network resembles a traditional network that you’d operate […]

Read More