AWS Architecture Blog

De-centralized logging using Amazon EventBridge and AWS Lambda

Monitoring and alerting break-glass access in an AWS Organization

Organizations building enterprise-scale systems require the setup of a secure and governed landing zone to deploy and operate their systems. A landing zone is a starting point from which your organization can quickly launch and deploy workloads and applications with confidence in your security and infrastructure environment as described in What is a landing zone?. […]

Read More
Inverting application proxy

Implementing lightweight on-premises API connectivity using inverting traffic proxy

This post will explore the use of lightweight application inversion proxy as a solution for multi-point hybrid or multi-cloud, API-level connectivity for cases where AWS Direct Connect or VPN may not be practical. Then, we will present a sample solution and explain how it addresses typical challenges involved in this space. Defining the issue Large […]

Read More
Multi-Region backup

Disaster recovery with AWS managed services, Part 2: Multi-Region/backup and restore

In part I of this series, we introduced a disaster recovery (DR) concept that uses managed services through a single AWS Region strategy. In part two, we introduce a multi-Region backup and restore approach. With this approach, you can deploy a DR solution in multiple Regions, but it will be associated with longer RPO/RTO. Using […]

Read More
Let's Architect

Let’s Architect! Creating resilient architecture

The AWS Well-Architected Framework defines resilience as “the capability to recover when stressed by load (more requests for service), attacks (either accidental through a bug, or deliberate through intention), and failure of any component in the workload’s components.” The need for resilient workloads transcends all customer industries, but it can often can be misunderstood, which […]

Read More
Figure 1. A modernized microservices-based rearchitecture

Modernization pathways for a legacy .NET Framework monolithic application on AWS

Organizations aim to deliver optimal technological solutions based on their customers’ needs. Although they may be at any stage in their cloud adoption journey, businesses often end up managing and building monolithic applications. However, there are many challenges to this solution. The internal structure of a monolithic application makes it difficult for developers to maintain code. […]

Read More
Figure 7. Final optimized architecture

Use direct service integrations to optimize your architecture

When designing an application, you must integrate and combine several AWS services in the most optimized way for an effective and efficient architecture: Optimize for performance by reducing the latency between services Optimize for costs operability and sustainability, by avoiding unnecessary components and reducing workload footprint Optimize for resiliency by removing potential point of failures […]

Read More
A single AWS account and single-region model

Running hybrid Active Directory service with AWS Managed Microsoft Active Directory

Enterprise customers often need to architect a hybrid Active Directory solution to support running applications in the existing on-premises corporate data centers and AWS cloud. There are many reasons for this, such as maintaining the integration with on-premises legacy applications, keeping the control of infrastructure resources, and meeting with specific industry compliance requirements. To extend […]

Read More
Cloud architecture of the sample code

Throttling a tiered, multi-tenant REST API at scale using API Gateway: Part 2

In Part 1 of this blog series, we demonstrated why tiering and throttling become necessary at scale for multi-tenant REST APIs, and explored tiering strategy and throttling with Amazon API Gateway. In this post, Part 2, we will examine tenant isolation strategies at scale with API Gateway and extend the sample code from Part 1. […]

Read More
Figure 1. Cloud Architecture of the sample code.

Throttling a tiered, multi-tenant REST API at scale using API Gateway: Part 1

Many software-as-a-service (SaaS) providers adopt throttling as a common technique to protect a distributed system from spikes of inbound traffic that might compromise reliability, reduce throughput, or increase operational cost. Multi-tenant SaaS systems have an additional concern of fairness; excessive traffic from one tenant needs to be selectively throttled without impacting the experience of other […]

Read More