AWS Architecture Blog

A high-level view of a SAML transaction between Amazon OpenSearch Service and Auth0

Building SAML federation for Amazon OpenSearch Service with Auth0

Amazon OpenSearch Service is a fully managed, distributed, open search, and analytics service that is powered by the Apache Lucene search library. OpenSearch Service is used for real-time application monitoring, log analytics, and website search. It’s ideal for use cases that require fast access and response for large volumes of data. OpenSearch Dashboards is derived […]

Aggregation of security services in security tooling account

Journey to Adopt Cloud-Native Architecture Series #5 – Enhancing Threat Detection, Data Protection, and Incident Response

In Part 4 of this series, Governing Security at Scale and IAM Baselining, we discussed building a multi-account strategy and improving access management and least privilege to prevent unwanted access and to enforce security controls. As a refresher from previous posts in this series, our example e-commerce company’s “Shoppers” application runs in the cloud. The company […]

Let's architect! logo

Let’s Architect! Architecting microservices with containers

Microservices structure an application as a set of independently deployable services. They speed up software development and allow architects to quickly update systems to adhere to changing business requirements. According to best practices, the different services should be loosely coupled, organized around business capabilities, independently deployable, and owned by a single team. If applied correctly, […]

Diagram of 3 steps to determine your migration discovery tool

Selecting the appropriate discovery tool for your cloud migration

Cloud migrations invariably require the coordination of multiple stakeholders, such as business and technical teams, partners, and third-party providers. As a stakeholder, understanding your portfolio is crucial to determine which workloads to migrate, and their requirements and interdependencies. But manually gathering these insights can be a daunting task. You can inform your decision by provisioning […]

Shared responsibility model for sustainability

Improve workload sustainability with services and features from re:Invent 2021

At our recent annual AWS re:Invent 2021 conference, we had important announcements regarding sustainability, including the new Sustainability Pillar for AWS Well-Architected Framework and the AWS Customer Carbon Footprint Tool. In this blog post, I highlight services and features from these announcements to help you design and optimize your AWS workloads from a sustainability perspective. […]

Figure 1. 32guards threat reports architecture

How Net at Work built an email threat report system on AWS

Emails are often used as an entry point for malicious software like trojan horses, rootkits, or encryption-based ransomware. The NoSpamProxy offering developed by Net at Work tackles this threat, providing secure and confidential email communication. A subservice of NoSpamProxy called 32guards is responsible for threat reports of inbound and outbound emails. With the increasing number […]

A proxy solution to the Amazon Cognito regional endpoint

Enriching Amazon Cognito features with an Amazon API Gateway proxy

This post was co-written with Geoff Baskwill, member of the Architecture Enabling Team at Trend Micro. At Trend Micro, we use AWS technologies to build secure solutions to help our customers improve their security posture. Sep 6 2022: Amazon Cognito user pools now support native integration with AWS Web Application Firewall (WAF), with this native […]

Solution architecture for multi-language notification system. It includes all the AWS services that are required in this solution. The flow is described as follows.

Build a multi-language notification system with Amazon Translate and Amazon Pinpoint

Organizations with global operations can struggle to notify their customers of any business-related announcements or notifications in different languages. Their customers want to receive notifications in their local language and communication preference. Organizations often rely on complicated third-party services or individuals to manually translate the notifications. This can lead to a loss of revenue due […]

Building an application with multi-Region services

Creating a Multi-Region Application with AWS Services – Part 3, Application Management and Monitoring

In Part 1 of this series, we built a foundation for your multi-Region application using AWS compute, networking, and security services. In Part 2, we integrated AWS data and replication services to move and sync data between AWS Regions. In Part 3, we cover AWS services and features used for messaging, deployment, monitoring, and management. […]

Replication across three Availability Zones with Amazon Aurora DB cluster

Selecting the right database and database migration plan for your workloads

There has been a tectonic shift in the approach to hosting enterprise workloads. Companies are rapidly moving from on-premises data centers to cloud-based services. The driving factor has been the ability to innovate faster on the cloud. Your transition to cloud can be straightforward, but it does go beyond the usual ‘lift-and-shift’ approach. To start […]