AWS Architecture Blog
Category: Security, Identity, & Compliance
Integrate Okta to Extend Active Directory Infrastructure into AWS
Are you ready to extend your on-premises Active Directory to Amazon Web Services (AWS) to remove undifferentiated heavy lifting? Would you like to maintain a highly available Directory Service for your applications? Companies who have already set up integration with Okta Identity Cloud for external or internal applications require Active Directory objects to be synced […]
Read MoreMigrate your Applications to Containers at Scale
AWS App2Container is a command line tool that you can install on a server to automate the containerization of applications. This simplifies the process of migrating a single server to containers. But if you have a fleet of servers, the process of migrating all of them could be quite time-consuming. In this situation, you can […]
Read MoreField Notes: Analyze Cross-Account AWS KMS Call Usage with AWS CloudTrail and Amazon Athena
Businesses are expanding their footprint on Amazon Web Services (AWS) and are adopting a multi-account strategy to help isolate and manage business applications and data. In the multi-account strategy, it is common to have business applications deployed in one account accessing an Amazon Simple Storage Service (Amazon S3) encrypted bucket from another AWS account. When […]
Read MoreHow Parametric Built Audit Surveillance using AWS Data Lake Architecture
Parametric Portfolio Associates (Parametric), a wholly owned subsidiary of Morgan Stanley, is a registered investment adviser. Parametric provides investment advisory services to individual and institutional investors around the world. Parametric manages over 100,000 client portfolios with assets under management exceeding $400B (as of 9/30/21). As a registered investment adviser, Parametric is subject to numerous regulatory […]
Read MoreField Notes: Building Multi-Region and Multi-Account Tools with AWS Organizations
This blog post was updated November 19, 2021. It’s common to start with a single AWS account when you are beginning your cloud journey with AWS. Running operations such as creating, reading, updating, and deleting resources in a single AWS account can be straightforward with AWS application program interfaces (APIs). Because an organization grows, so […]
Read MoreJourney to Adopt Cloud-Native Architecture Series: #4 – Governing Security at Scale and IAM Baselining
In Part 3 of this series, Improved Resiliency and Standardized Observability, we talked about design patterns that you can adopt to improve resiliency, achieve minimum business continuity, and scale applications with lengthy transactions (more than 3 minutes). As a refresher from previous blogs in this series, our example ecommerce company’s “Shoppers” application runs in the cloud. […]
Read MoreUsing AWS Serverless to Power Event Management Applications
Most large events have common activities such as event registration, check-in upon arrival, and requesting of amenities. When designing applications, factors such as high availability, low latency, reliability, and security must be considered. In this blog post, we’d like to show how Amazon Web Services (AWS) can assist you in event planning activities. We’ll share […]
Read MoreVisualize AWS Security Hub Findings using Analytics and Business Intelligence Tools
September 8, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. To improve the security posture in your organization, you first must have a comprehensive view of your security, operations, and compliance data. AWS Security Hub gives you a thorough view of your security alerts and security posture across all your […]
Read MoreConvert and Watermark Documents Automatically with Amazon S3 Object Lambda
When you provide access to a sensitive document to someone outside of your organization, you likely need to ensure that the document is read-only. In this case, your document should be associated with a specific user in case it is shared. For example, authors often embed user-specific watermarks into their ebooks. This way, if their […]
Read MoreChoosing Your VPC Endpoint Strategy for Amazon S3
This post was co-written with Anusha Dharmalingam, former AWS Solutions Architect. Must your Amazon Web Services (AWS) application connect to Amazon Simple Storage Service (S3) buckets, but not traverse the internet to reach public endpoints? Must the connection scale to accommodate bandwidth demands? AWS offers a mechanism called VPC endpoint to meet these requirements. This […]
Read More