AWS Architecture Blog

Category: Security, Identity, & Compliance

Figure 1. A Service Catalog based DNS architecture setup with Route 53 Outbound DNS product, Inbound DNS product, and Route 53 Private DNS product

Deploy consistent DNS with AWS Service Catalog and AWS Control Tower customizations

Many organizations need to connect their on-premises data centers, remote sites, and cloud resources. A hybrid connectivity approach connects these different environments. Customers with a hybrid connectivity network need additional infrastructure and configuration for private DNS resolution to work consistently across the network. It is a challenge to build this type of DNS infrastructure for […]

Read More
Figure 1. Architecture diagram of QsrSoft TV solution

QsrSoft launches Digital Huddle Board in 3 months with AWS serverless and Fire devices

QsrSoft is a software as a service (SaaS) company that develops solutions for clients in the restaurant, hospitality, and retail industries to help them achieve operational excellence. QsrSoft has provided these services for more than two decades and now services over 14,000 locations. QsrSoft started using AWS in 2015 and fully migrated all their workloads […]

Read More
Figure 1. AWS cross-account CodePipeline for production and non-production workloads

Using DevOps Automation to Deploy Lambda APIs across Accounts and Environments

by Subrahmanyam Madduru – Global Partner Solutions Architect Leader, AWS, Sandipan Chakraborti – Senior AWS Architect, Wipro Limited, Abhishek Gautam – AWS Developer and Solutions Architect, Wipro Limited, Arati Deshmukh – AWS Architect, Infosys As more and more enterprises adopt serverless technologies to deliver their business capabilities in a more agile manner, it is imperative […]

Read More
Let's architect! logo

Let’s Architect! Architecting for Security

At AWS, security is “job zero” for every employee—it’s even more important than any number one priority. In this Let’s Architect! post, we’ve collected security content to help you protect data, manage access, protect networks and applications, detect and monitor threats, and ensure privacy and compliance. Managing temporary elevated access to your AWS environment One […]

Read More
Figure 1. MGN service architecture

Multi-Region Migration using AWS Application Migration Service

AWS customers are in various stages of their cloud journey. Frequently, enterprises begin that journey by rehosting (lift-and-shift migrating) their on-premises workloads into AWS, and running Amazon Elastic Compute Cloud (Amazon EC2) instances. You can rehost using AWS Application Migration Service (MGN), a cloud-native migration tool. You may need to relocate instances and workloads to […]

Read More
Architecture Diagram showing How to Audit and Report S3 prefix level access using S3 Access Analyzer

How to Audit and Report S3 Prefix Level Access Using S3 Access Analyzer

Data Services teams in all industries are developing centralized data platforms that provide shared access to datasets across multiple business units and teams within the organization. This makes data governance easier, minimizes data redundancy thus reducing cost, and improves data integrity. The central data platform is often built with Amazon Simple Storage Service (Amazon S3). […]

Read More
Figure 1. Multi-Region Amazon Cognito machine-to-machine architecture

How UnitedHealth Group Improved Disaster Recovery for Machine-to-Machine Authentication

This blog post was co-authored by Vinodh Kumar Rathnasabapathy, Senior Manager of Software Engineering, UnitedHealth Group.  Engineers who use Amazon Cognito for machine-to-machine authentication select a primary Region where they deploy their application infrastructure and the Amazon Cognito authorization endpoint. Amazon Cognito is a highly available service in single Region deployments with a published service-level […]

Read More
Figure 1. Connect data streaming automation workflow

Automate Amazon Connect Data Streaming using AWS CDK

Many customers want to provision Amazon Web Services (AWS) cloud resources quickly and consistently with lifecycle management, by treating infrastructure as code (IaC). Commonly used services are AWS CloudFormation and HashiCorp Terraform. Currently, customers set up Amazon Connect data streaming manually, as the service is not available under CloudFormation resource types. Customers may want to […]

Read More
Figure 1. Pulse ingestion module architecture

Codacy Measures Developer Productivity using AWS Serverless

Codacy is a DevOps insights company based in Lisbon, Portugal. Since its launch in 2012, Codacy has helped software development and engineering teams reduce defects, keep technical debt in check, and ship better code, faster. Codacy’s latest product, Pulse, is a service that helps understand and improve the performance of software engineering teams. This includes […]

Read More
Figure 2. Simulating Regional failover using service control policies

Minimizing Dependencies in a Disaster Recovery Plan

The Availability and Beyond whitepaper discusses the concept of static stability for improving resilience. What does static stability mean with regard to a multi-Region disaster recovery (DR) plan? What if the very tools that we rely on for failover are themselves impacted by a DR event? In this post, you’ll learn how to reduce dependencies […]

Read More