AWS Architecture Blog

Category: Security, Identity, & Compliance

Figure 1. MGN service architecture

Multi-Region Migration using AWS Application Migration Service

AWS customers are in various stages of their cloud journey. Frequently, enterprises begin that journey by rehosting (lift-and-shift migrating) their on-premises workloads into AWS, and running Amazon Elastic Compute Cloud (Amazon EC2) instances. You can rehost using AWS Application Migration Service (MGN), a cloud-native migration tool. You may need to relocate instances and workloads to […]

Architecture Diagram showing How to Audit and Report S3 prefix level access using S3 Access Analyzer

How to Audit and Report S3 Prefix Level Access Using S3 Access Analyzer

Data Services teams in all industries are developing centralized data platforms that provide shared access to datasets across multiple business units and teams within the organization. This makes data governance easier, minimizes data redundancy thus reducing cost, and improves data integrity. The central data platform is often built with Amazon Simple Storage Service (Amazon S3). […]

Figure 1. Multi-Region Amazon Cognito machine-to-machine architecture

How UnitedHealth Group Improved Disaster Recovery for Machine-to-Machine Authentication

This blog post was co-authored by Vinodh Kumar Rathnasabapathy, Senior Manager of Software Engineering, UnitedHealth Group.  Engineers who use Amazon Cognito for machine-to-machine authentication select a primary Region where they deploy their application infrastructure and the Amazon Cognito authorization endpoint. Amazon Cognito is a highly available service in single Region deployments with a published service-level […]

Figure 1. Connect data streaming automation workflow

Automate Amazon Connect Data Streaming using AWS CDK

Many customers want to provision Amazon Web Services (AWS) cloud resources quickly and consistently with lifecycle management, by treating infrastructure as code (IaC). Commonly used services are AWS CloudFormation and HashiCorp Terraform. Currently, customers set up Amazon Connect data streaming manually, as the service is not available under CloudFormation resource types. Customers may want to […]

Figure 1. Pulse ingestion module architecture

Codacy Measures Developer Productivity using AWS Serverless

Codacy is a DevOps insights company based in Lisbon, Portugal. Since its launch in 2012, Codacy has helped software development and engineering teams reduce defects, keep technical debt in check, and ship better code, faster. Codacy’s latest product, Pulse, is a service that helps understand and improve the performance of software engineering teams. This includes […]

Figure 2. Simulating Regional failover using service control policies

Minimizing Dependencies in a Disaster Recovery Plan

The Availability and Beyond whitepaper discusses the concept of static stability for improving resilience. What does static stability mean with regard to a multi-Region disaster recovery (DR) plan? What if the very tools that we rely on for failover are themselves impacted by a DR event? In this post, you’ll learn how to reduce dependencies […]

Figure 2. Control plane architecture

How Ribbon Built a Scalable, Resilient Robocall Mitigation Platform

Ribbon provides communications software, and IP and optical networking end-to-end solutions that deliver innovation, unparalleled scale, performance, and agility to service providers and enterprise. Ribbon is helping customers modernize their networks. In today’s data-hungry, 24/7 world, this equates to improved competitive positioning and business outcomes. Companies are migrating from on-premises equipment for telephony services and looking […]

Figure 4. High-level architecture pattern for discovering public IPs

Find Public IPs of Resources – Use AWS Config for Vulnerability Assessment

Systems vulnerability management is a key component of your enterprise security program. Its goal is to remediate OS, software, and applications vulnerabilities. Scanning tools can help identify and classify these vulnerabilities to keep the environment secure and compliant. Typically, vulnerability scanning tools operate from internal or external networks to discover and report vulnerabilities. For internal […]

Defense in depth applied to a web application

Insights for CTOs: Part 2 – Enable Good Decisions at Scale with Robust Security

In my role as a Senior Solutions Architect, I have spoken to chief technology officers (CTOs) and executive leadership of large enterprises like big banks, software as a service (SaaS) businesses, mid-sized enterprises, and startups. In this 6-part series, I share insights gained from various CTOs and engineering leaders during their cloud adoption journeys at […]

Multi-Region security, identity, and compliance services

Creating a Multi-Region Application with AWS Services – Part 1, Compute, Networking, and Security

Many AWS services have features to help you build and manage a multi-Region architecture, but identifying those capabilities across 200+ services can be overwhelming. In this 3-part blog series, we filter through those 200+ services and focus on those that have specific features to assist you in building multi-Region applications. In Part 1, we’ll build […]