AWS Architecture Blog

Category: Security, Identity, & Compliance

Figure 1. Active Directory objects synchronization to Okta identity cloud

Integrate Okta to Extend Active Directory Infrastructure into AWS

Are you ready to extend your on-premises Active Directory to Amazon Web Services (AWS) to remove undifferentiated heavy lifting? Would you like to maintain a highly available Directory Service for your applications? Companies who have already set up integration with Okta Identity Cloud for external or internal applications require Active Directory objects to be synced […]

Read More
Figure 1. App2Container scaling architecture overview

Migrate your Applications to Containers at Scale

AWS App2Container is a command line tool that you can install on a server to automate the containerization of applications. This simplifies the process of migrating a single server to containers. But if you have a fleet of servers, the process of migrating all of them could be quite time-consuming. In this situation, you can […]

Read More
Figure 2- Spoke and hub architecture

Field Notes: Analyze Cross-Account AWS KMS Call Usage with AWS CloudTrail and Amazon Athena

Businesses are expanding their footprint on Amazon Web Services (AWS) and are adopting a multi-account strategy to help isolate and manage business applications and data. In the multi-account strategy, it is common to have business applications deployed in one account accessing an Amazon Simple Storage Service (Amazon S3) encrypted bucket from another AWS account. When […]

Read More
Figure 1. Audit Surveillance data lake architecture diagram

How Parametric Built Audit Surveillance using AWS Data Lake Architecture

Parametric Portfolio Associates (Parametric), a wholly owned subsidiary of Morgan Stanley, is a registered investment adviser. Parametric provides investment advisory services to individual and institutional investors around the world. Parametric manages over 100,000 client portfolios with assets under management exceeding $400B (as of 9/30/21). As a registered investment adviser, Parametric is subject to numerous regulatory […]

Read More

Field Notes: Building Multi-Region and Multi-Account Tools with AWS Organizations

This blog post was updated November 19, 2021.  It’s common to start with a single AWS account when you are beginning your cloud journey with AWS. Running operations such as creating, reading, updating, and deleting resources in a single AWS account can be straightforward with AWS application program interfaces (APIs). Because an organization grows, so […]

Read More
Multi-account hierarchy

Journey to Adopt Cloud-Native Architecture Series: #4 – Governing Security at Scale and IAM Baselining

In Part 3 of this series, Improved Resiliency and Standardized Observability, we talked about design patterns that you can adopt to improve resiliency, achieve minimum business continuity, and scale applications with lengthy transactions (more than 3 minutes). As a refresher from previous blogs in this series, our example ecommerce company’s “Shoppers” application runs in the cloud. […]

Read More
Figure 5. Event registration and check-in

Using AWS Serverless to Power Event Management Applications

Most large events have common activities such as event registration, check-in upon arrival, and requesting of amenities. When designing applications, factors such as high availability, low latency, reliability, and security must be considered. In this blog post, we’d like to show how Amazon Web Services (AWS) can assist you in event planning activities. We’ll share […]

Read More
Figure 2. Architecture to view Security Hub findings using AWS serverless analytics services

Visualize AWS Security Hub Findings using Analytics and Business Intelligence Tools

September 8, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. To improve the security posture in your organization, you first must have a comprehensive view of your security, operations, and compliance data. AWS Security Hub gives you a thorough view of your security alerts and security posture across all your […]

Read More
Document processing architectural diagram

Convert and Watermark Documents Automatically with Amazon S3 Object Lambda

When you provide access to a sensitive document to someone outside of your organization, you likely need to ensure that the document is read-only. In this case, your document should be associated with a specific user in case it is shared. For example, authors often embed user-specific watermarks into their ebooks. This way, if their […]

Read More
Figure 3. Multi-VPC centralized architecture

Choosing Your VPC Endpoint Strategy for Amazon S3

This post was co-written with Anusha Dharmalingam, former AWS Solutions Architect. Must your Amazon Web Services (AWS) application connect to Amazon Simple Storage Service (S3) buckets, but not traverse the internet to reach public endpoints? Must the connection scale to accommodate bandwidth demands? AWS offers a mechanism called VPC endpoint to meet these requirements. This […]

Read More