Skip to main content

AWS Solutions Library

Guidance for Building Embedded Identity Services with Privacy-Safe Controls for Advertising on AWS

Overview

This Guidance helps you to create an environment where AWS customers can consume an Independent Software Vendor (ISV) Partner’s application within their own Amazon VPC, protecting the customer’s data while also protecting the Partner application’s implementation assets through isolated network access controls and subscription authorization.

How it works

These technical details feature an architecture diagram to illustrate how to effectively use this solution. The architecture diagram shows the key components and their interactions, providing an overview of the architecture's structure and functionality step-by-step.

Download the architecture diagram

Well-Architected Pillars

The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as amany Well-Architected best practices as possible.

You can make frequent, small, reversible changes by using the version published in the AWS Marketplace listing along with running the AWS CloudFormation script. Billing and logging details are also captured, making it easier to do any ‘post-mortem’ exercises.

Read the Operational Excellence whitepaper 

The seller’s code is running in network isolation mode, with proper separation of duties between buyer and seller applications. The seller data and the model are protected. The buyer does not have any permissions to access the SageMaker instance deployed using AWS Marketplace.

Read the Security whitepaper 

SageMaker instances can be scaled horizontally, depending on the transaction capacity required by the seller workload.

Read the Reliability whitepaper 

Resource provisioning and management is automated through serverless architecture (Lambda) and provisioning the seller Docker image through AWS Marketplace.

Read the Performance Efficiency whitepaper 

Expenditure and usage awareness is monitored via AWS Marketplace. The size of the SageMaker instance is based on the capacity needed by the buyer. On demand Lambda cost is based on number of transactions completed by the buyer application, whose usage can be governed in the AWS Cost Explorer by the buyer.

Read the Cost Optimization whitepaper 

Workload is right-sized and implemented with an efficient design to ensure high utilization and to maximize the energy efficiency of the underlying SageMaker instance and its hardware.

Read the Sustainability whitepaper 

Related Content

Deploy embedded services with privacy-safe controls on AWS

Amazon Web Services (AWS) customers across the advertising and marketing industry are seeking to further protect their customers’ information by limiting the movement and sharing of data outside of their control. This post demonstrates how industry Partners are increasingly seeking to deploy embedded services within trusted compute environments to offer more capabilities for their customers’ AWS data.

Read the full blog post

Power Identity Translation with LiveRamp in Your VPC

With the expansion of data privacy laws and deprecation of consumer identifiers such as third-party cookies, customers across the advertising and marketing industry are investing in first-party data and identity solutions that allow them to connect, control, and activate data quickly and securely. This post demonstrates how LiveRamp’s Embedded Transcoder in AWS Marketplace makes it safe and easy for companies to use data effectively.

Read the full blog post

Disclaimer

The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.

References to third-party services or organizations in this Guidance do not imply an endorsement, sponsorship, or affiliation between Amazon or AWS and the third party. Guidance from AWS is a technical starting point, and you can customize your integration with third-party services when you deploy the architecture.