This Guidance demonstrates how aircraft operators can transfer digital content and perform software updates during flights. With over-the-air technology on AWS, crew operators can efficiently retrieve information while the aircraft is in-flight or at the airport gates. This reduces the time on the ground between flights and provides an alternative to the manual and time-consuming management of secure digital (SD) cards.

Architecture Diagram

Download the architecture diagram PDF 

Well-Architected Pillars

The AWS Well-Architected Framework helps you understand the pros and cons of the decisions you make when building systems in the cloud. The six pillars of the Framework allow you to learn architectural best practices for designing and operating reliable, secure, efficient, cost-effective, and sustainable systems. Using the AWS Well-Architected Tool, available at no charge in the AWS Management Console, you can review your workloads against these best practices by answering a set of questions for each pillar.

The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.

  • We heard our customers challenge the older, common practices that are inherent in rigid technologies within the airline industry. When our customer tried modifying the technology, it caused a cascade of other changes that were fraught with burden and risks. Which is why in this Guidance, we divided engineering functionalities into modules and then built each module using microservices. The modern architecture creates visibility and clear boundaries that enable airline customers to not only make changes easily, but also forecast the impact of changes before committing them. 

    Through AWS services such as AWS CloudTrail, Amazon CloudWatch, Amazon Simple Notification Service (Amazon SNS), and Amazon Simple Email Service (Amazon SES), customers can understand normal operational patterns, spot abnormalities, and respond to incidents and events.  

    Customers can integrate this Guidance with their existing operational patterns to ensure content is synced correctly. Customers can also introduce integrity checks within the component deployed on AWS IoT Greengrass to ensure nothing is deployed or executed which would cause instability or loss of data.

    Read the Operational Excellence whitepaper 
  • The AWS Shared Responsibility Model dictates that for AWS managed services, it is the responsibility of AWS to ensure the confidentiality, integrity, and the availability of its services. Customers who use this Guidance do not have the responsibility to protect and maintain the underlying compute and network for the services used (such as AWS IoT Core, Amazon S3, or AWS IoT Greengrass). AWS implements the appropriate controls and maintenance as outlined by AWS internal polices and the many regulatory, legal, and compliance frameworks AWS operates under.  

    AWS service endpoints use protocols to authenticate and encrypt data to establish secure connection tunnels. Certificate-based mutual authentication is used for each AWS IoT Greengrass deployment installed on the airplane’s central server. AWS IoT Core policies determine what an authenticated identity can do. Customers must have the appropriate access to manage the AWS IoT Greengrass deployment on the central server.

    The front-end portal and dashboard are secured by Amazon Cognito user pools and user groups, as well as a CloudFront configuration with a web application firewall.

    Read the Security whitepaper 
  • This Guidance decouples engineering activities with microservices for a reliable architecture. The individual services are managed by AWS and provide customers the resiliency and durability to operate even during service outages.  By leveraging AWS managed services, it reduces the network and compute complexity while eliminating additional points of failure. With the event-based architectures shown in the Guidance, customers can implement stateless compute, retry mechanisms, and Infrastructure as Code (IaC) to automatically resume or restart processes when interrupted.

    Customers wishing to test this in a controlled environment can simulate the airplane experience. They can do this by deploying AWS IoT Greengrass and the components on an Amazon Elastic Compute Cloud (Amazon EC2) instance. 

    AWS services have quotas that customers should monitor. Where possible, customers should request increases to the quota(s) if required to ensure appropriate capacity to scale. 

    There are some limits customers should be aware of. In aircraft where there is a single central server, there is no backup if the central server were to fail. This requires training the flight personnel to perform maintenance on the central server, and return it to operational status while in the air.  

    AWS IoT Greengrass enables logging to CloudWatch and CloudTrail directly. See Monitoring with AWS IoT Greengrass logs for more details. By using AWS managed services, actions are recorded in CloudTrail. Certain messages can be sent to CloudWatch to enable alerting and monitoring for errors.

    Read the Reliability whitepaper 
  • The AWS services were chosen to provide a centralized and managed capability that allows the customer to easily scale their implementation to any type of airplane and configuration. The ability to create, deploy, and manage components through the internet of things (IoT) ecosystem means that any future growth for solutions and data that need to be synced in-flight can be executed with a high level of efficiency. 

     The modern architecture of the microservices allows customers to plug-and-play with the new technologies and experiment with them, promoting innovation. 

    Customers will need to select a primary Region to manage the AWS IoT Core deployment and the groups of airplanes where AWS IoT Greengrass is deployed. Data can be stored in Regionally specified locations in Amazon S3 or other services the customer uses.

    Read the Performance Efficiency whitepaper 
  • With the custom download component and AWS IoT Core shadow manager, downloads will pause and resume as connectivity is established on the airplane. This ensures that data transfer is optimized and not duplicated. AWS IoT Core shadow manager makes it possible to only move necessary files or content and not entire catalogs, reducing the total volume needing to be transferred to the airplane.

    Where compute-based AWS services are used, such as Amazon EC2, customers can leverage Amazon EC2 Reserved Instances and Savings Plans to help reduce the cost of resources.

    Read the Cost Optimization whitepaper 
  • This Guidance provides two sustainability benefits. The first is that the IT infrastructure is elastic, which scales up and down based on usage that does not provide excess compute resources with unintended emissions.  You can follow your CO2 emissions using the AWS Customer Carbon Footprint Tool. The second gain is through the agility brought to engineering teams. The technologies like AWS IoT Core and AWS IoT Greengrass can help customers optimize their engineering operations to increase efficiency and minimize emissions.

    Read the Sustainability whitepaper 

Implementation Resources

A detailed guide is provided to experiment and use within your AWS account. Each stage of building the Guidance, including deployment, usage, and cleanup, is examined to prepare it for deployment.

The sample code is a starting point. It is industry validated, prescriptive but not definitive, and a peek under the hood to help you begin.

AWS Architecture


This post demonstrates how...


The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.

Was this page helpful?