Guidance for Content Management Using Salesforce on AWS
AI-powered content creation for deeper customer engagement with Salesforce on AWS
Overview
How it works
These technical details feature an architecture diagram to illustrate how to effectively use this solution. The architecture diagram shows the key components and their interactions, providing an overview of the architecture's structure and functionality step-by-step.
Well-Architected Pillars
The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.
Operational Excellence
This Guidance implements a modular, agile, and decoupled architecture that aligns with AWS operational best practices. For example, by using Amazon SNS topics, the Guidance can be decoupled, and you can add Lambda functions as needed. Additionally, AWS artificial intelligence (AI) services like Amazon Transcribe and Amazon Rekognition remove the need for you to manage machine learning (ML) models and infrastructure.
Security
One of the core advantages of serverless architectures is that AWS manages the underlying infrastructure, including network security. This alleviates the burden of securing the network layer, allowing you to focus on securing your application and data. However, you are responsible for managing access control through AWS Identity and Access Management (IAM).
By default, data stored in Amazon S3 is encrypted with Amazon S3 managed keys (SSE-S3), but it can also be encrypted using AWS KMS (SSE-KMS) or customer-provided encryption keys (SSE-C). Access to Amazon S3 is denied by default, and all public access is blocked. Amazon S3 access is authorized through IAM, allowing you to define access scope and permitted actions for services or users.
Furthermore, this Guidance uses AWS STS in conjunction with a JSON Web Token (JWT) authorizer. This approach enhances security by eliminating the need to store hard-coded AWS access keys in Salesforce, which could potentially be compromised. Instead, Salesforce obtains temporary, limited-privilege IAM credentials from AWS STS, which are used to securely access and interact with Amazon S3.
Reliability
This Guidance implements a highly available network topology by using a serverless architecture that is deployed in a single Region and runs across multiple Availability Zones (AZs). This eliminates the risk caused by a rare, but possible, AZ failure.
Application reliability is achieved by decoupling the application into individual components that focus on a single task, and Amazon SNS is essential for decoupling this architecture. If a subscribed endpoint is unavailable temporarily, Amazon SNS will retry delivering the message according to the retry policy. For messages that can't be delivered, Amazon SNS can target messages with a dead-letter queue (DLQ) to prevent message loss.
Finally, Amazon CloudWatch monitors Lambda functions, and you can review reports on metrics such as the number of requests, invocation duration, and errors. This helps track the performance and health of the Lambda functions. If a function invocation fails due to an error, it will be automatically retried at least three times.
Performance Efficiency
Decoupling individual services allows each component to work independently and run in parallel. Using a serverless architecture, each Lambda function is provisioned with the right amount of RAM and CPU to perform its task. And using Amazon SNS allows for asynchronous invocation of resources, so once a job is complete, it is not waiting for a synchronous response.
Cost Optimization
By using a serverless architecture, you only pay for what you use. Services like Lambda, Amazon SNS, or Amazon Rekognition only incur charges for the times that those services are invoked and used. Services like Amazon S3 incur charges for the amount of data that is actually used. And using serverless services allows the architecture to scale up and down to meet demand without having to overprovision resources.
Sustainability
Through right-sized, transient resources that avoid excess idling, this Guidance minimizes energy consumption and hardware waste. For example, rather than pre-provisioning servers that continually run even when unutilized, Lambda functions are invoked on-demand only when needed. Each function is individually configured with the optimal amount of memory and CPU capacity required to complete its designated task, avoiding over-provisioning of resources. By dynamically allocating just the right compute power when workloads arrive and terminating those resources after use, Lambda eliminates resource waste from idle servers.
Implementation resources
The sample code is a starting point. It is industry validated, prescriptive but not definitive, and a peek under the hood to help you begin.
Disclaimer
Did you find what you were looking for today?
Let us know so we can improve the quality of the content on our pages