reference deployment

SWIFT Client Connectivity on AWS

A standardized environment for connecting to the SWIFT network

This Quick Start provides instructions for deploying SWIFT Client Connectivity on the Amazon Web Services (AWS) Cloud.

This deployment is for users who want a standardized environment that helps organizations with workloads that require connectivity to the SWIFT network. This falls under the compliance guidelines outlined in SWIFT’s Customer Security Program (CSP) Control Framework (CSCF). The CSCF consists of mandatory and advisory security controls for all SWIFT users. This deployment includes templates that automate the deployment using recommended settings that follow SWIFT CSP controls.

The SWIFT components in scope for the baseline implementation include SWIFT messaging interfaces, SWIFT communication interfaces, and SWIFT integration components. For more information, see the SWIFT glossary.

AWS logo

This Quick Start was developed by AWS.

  •  What you'll build
  • Use this Quick Start to set up the following SWIFT Client Connectivity environment on AWS:

    • An architecture that spans two Availability Zones.
    • A virtual private cloud (VPC) configured with private subnets, according to AWS best practices and in compliance with SWIFT CSP guidance, to provide you with your own virtual network on AWS.
    • In the private subnets:
      • Amazon MQ instances to handle communication for Alliance Messaging Hub (AMH).
      • An Amazon Relational Database Service (Amazon RDS) Oracle instance running in active or standby mode to store configuration and message data for AMH.
      • Amazon Elastic Compute Cloud (Amazon EC2) instances that run AMH, SWIFTNet Link (SNL), and SWIFT Alliance Gateway (SAG).
    • AWS Systems Manager, which removes the need for a jump server.
    • Amazon CloudWatch, which provides the mechanism to store, access, and monitor SWIFT activities.
    • A VPN gateway with load balancing, which connects the VPC to AWS Direct Connect.*
    • AWS Secrets Manager, which encrypts, stores, and retrieves passwords.
    • AWS Direct Connect, which establishes private connectivity between AWS and data centers or colocation environments.*

    * The cloud development kit (CDK) that deploys this Quick Start does not include the components marked by asterisks.

  •  How to deploy
  • To build your SWIFT Client Connectivity environment on AWS, follow the instructions in the deployment guide. The deployment process takes about 15 minutes and includes these steps:

    1. If you don't already have an AWS account, sign up at, and sign in to your account.
    2. If you are not already a SWIFT user, create a SWIFT account.
    3. Deploy this Quick Start using AWS CDK and Python.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on this solution.  

  •  Cost and licenses
  • You are responsible for the cost of the AWS services and any third-party licenses used while running this Quick Start reference deployment. There is no additional cost for using this Quick Start.

    The AWS CloudFormation template for this Quick Start includes configuration parameters that you can customize. Some of these settings, such as cluster tier, number of replica sets, storage size, and IOPS, affect the cost of deployment. See the pricing pages for each AWS service you use. Prices are subject to change.

    This deployment requires a SWIFT account and software license. To register for a SWIFT account, see How to become a user?