[text]
This Guidance helps you implement digital thread infrastructure and connect heterogeneous enterprise systems to build data traceability, connectivity and seamless collaboration. Disconnected data and processes lead to lack of transparency and collaboration across organizations, resulting in slow decision-making, increased costs to deliver products, delayed time to market, and challenges with product quality. To unlock positive business outcomes, digital thread infrastructure in the cloud helps unify and orchestrate data across the product development lifecycle for improved data accessibility, continuity, and traceability. This Guidance enables digital thread infrastructure with an appropriate security, policy, and data governance framework. This reduces rework, minimizes defects by capturing design risks early, and translates engineering specifications along the product value chain for improved product planning and downstream operations.
Please note: [Disclaimer]
Architecture Diagram
[text]
Step 1
Remote end users connect to Amazon Route 53, which resolves hostname and connects to eQube® analytics and integration suites. Route 53 routes public internet traffic to the internet gateway associated with the virtual private cloud (VPC).
Step 2
Application Load Balancer (ALB) directs user traffic based on load and availability to eQube® integration and analytics suites across Availability Zones. AWS WAF integrates with ALB to protect infrastructure against common web exploits and bots.
Step 3
Amazon Elastic Compute Cloud (Amazon EC2) instances host the analytics suite, which consists of business intelligence (BI), augmented data analytics data profiler (ADA), and license servers (LS) in addition to the integration suite, which consists of migration and integration (MI), transformation module (TM), and Amazon API Gateway (AG).
Step 4
Amazon Relational Database Service (Amazon RDS) for PostgreSQL connects to eQube® analytics and integration suites and stores structured data with synchronous cross-Availability Zone replication to the Standby RDS instance, providing high resilience and fault tolerance.
Step 5
AWS Certificate Manager (ACM) creates and manages SSL/TLS certificates for encryption in transit. AWS Key Management Service (AWS KMS) manages encryption keys for Amazon RDS volumes at rest. Amazon GuardDuty protects AWS accounts with intelligent threat detection.
Step 6
Amazon Simple Storage Service (Amazon S3) stores deployment files. AWS Backup automates Amazon EC2 and Amazon RDS backups.
Step 7
AWS CloudTrail monitors and records account activity across AWS infrastructure. Amazon CloudWatch receives EC2 instance and eQube® metrics from Amazon CloudWatch Agent.
Step 8
Amazon Simple Email Service (Amazon SES) sends email notifications for alerts and alarms related to eQube® and AWS resources.
Step 1
Remote end users connect to Amazon Route 53, which resolves hostname and connects to eQube® analytics and integration suites. Route 53 routes public internet traffic to the internet gateway associated with the virtual private cloud (VPC).
Step 2
Application Load Balancer (ALB) directs user traffic based on load and availability to eQube® integration and analytics suites across Availability Zones. AWS WAF integrates with ALB to protect infrastructure against common web exploits and bots.
Step 3
Amazon Elastic Compute Cloud (Amazon EC2) instances host the analytics suite, which consists of business intelligence (BI), augmented data analytics data profiler (ADA), and license servers (LS) in addition to the integration suite, which consists of migration and integration (MI), transformation module (TM), and Amazon API Gateway (AG).
Step 4
Amazon Relational Database Service (Amazon RDS) for PostgreSQL connects to eQube® analytics and integration suites and stores structured data with synchronous cross-Availability Zone replication to the Standby RDS instance, providing high resilience and fault tolerance.
Step 5
AWS Certificate Manager (ACM) creates and manages SSL/TLS certificates for encryption in transit. AWS Key Management Service (AWS KMS) manages encryption keys for Amazon RDS volumes at rest. Amazon GuardDuty protects AWS accounts with intelligent threat detection.
Step 6
Amazon Simple Storage Service (Amazon S3) stores deployment files. AWS Backup automates Amazon EC2 and Amazon RDS backups.
Step 7
AWS CloudTrail monitors and records account activity across AWS infrastructure. Amazon CloudWatch receives EC2 instance and eQube® metrics from Amazon CloudWatch Agent.
Step 8
Amazon Simple Email Service (Amazon SES) sends email notifications for alerts and alarms related to eQube® and AWS resources.
Well-Architected Pillars
The AWS Well-Architected Framework helps you understand the pros and cons of the decisions you make when building systems in the cloud. The six pillars of the Framework allow you to learn architectural best practices for designing and operating reliable, secure, efficient, cost-effective, and sustainable systems. Using the AWS Well-Architected Tool, available at no charge in the AWS Management Console, you can review your workloads against these best practices by answering a set of questions for each pillar.
The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.
-
Operational ExcellenceRead the Operational Excellence whitepaper
This Guidance uses the CloudWatch Agent on EC2 instances to publish instance- and application-level metrics to CloudWatch. You can use the CloudWatch Agent and Amazon RDS-enhanced monitoring to obtain OS-level metrics that help you determine compute, memory, and storage performance needs, so you can right-size your infrastructure. Additionally, you can use Amazon RDS Performance Insights to quickly assess the load on databases.
You can configure CloudWatch alarms with Amazon SES notifications to send alerts about performance issues within the application or server. CloudTrail monitors and retains account activity and API usage to help you audit activity, monitor security, and troubleshoot operational issues.
-
SecurityRead the Security whitepaper
ACM simplifies the process of provisioning and managing SSL/TLS certificates to attach to ALB. Applications are deployed within private subnets in the VPC to protect AWS resources, such as EC2 instances. Specifically, security groups allow inbound and outbound traffic for associated resources, and network access control lists (ACLs) allow or deny inbound and outbound traffic at the subnet level.
Additionally, AWS WAF protects against bots and common web exploits, such as SQL Injection and Cross Site Scripting (XSS), that can affect availability, compromise security, or consume excessive resources. AWS WAF helps you filter out unwanted traffic by IP or patterns, while preventing bad actors from getting into the network.
GuardDuty uses anomaly detection, behavioral modeling, and threat intelligence feeds to continuously monitor AWS accounts, instances, container workloads, and databases for malicious activity, so you can quickly expose threats.
-
ReliabilityRead the Reliability whitepaper
Amazon RDS multi-Availability Zone (AZ) deployment creates a primary database and synchronously replicates data to a standby instance in different AZ. When a failure is detected, Amazon RDS automatically fails over to the standby. As your workloads grow, Amazon EC2 provides scalable compute capacity, reducing the time it takes to obtain and boot new server instances. Additionally, Elastic Load Balancing distributes traffic across multiple AZs to improve scalability and availability.
Route 53 gives you a reliable and cost-effective way to route end-users to Internet applications by independently monitoring endpoints to check their health and routing traffic only to healthy endpoints. You can also configure alarms to alert you when endpoints become unhealthy.
-
Performance EfficiencyRead the Performance Efficiency whitepaper
This Guidance supports deployment across any AWS Region, so you can choose the Region closest to your user base to minimize latency and network hops. ALB serves as the single point of contact for applications, distributing incoming application traffic across multiple targets in multiple AZs. This helps increase the availability and performance of applications.
-
Cost OptimizationRead the Cost Optimization whitepaper
When using Amazon RDS, you pay a monthly charge for each database instance that you launch without having to worry about upfront commitments. Once you’re finished with an Amazon RDS database instance, you can easily delete it so you don’t have to spend on infrastructure you no longer need. Amazon RDS offers reserved instances (RIs), through which you can reserve a database instance for a one- or three-year term for a significant discount compared to on-demand pricing for the same database instance. Additionally, you can easily start and stop Amazon RDS database instances for up to 7 days at a time, which is useful for development and testing purposes when a database does not need to be running all of the time.
-
SustainabilityRead the Sustainability whitepaper
Amazon RDS supports manual and automatic scaling of storage up to 64 TiB, allowing you to provision the exact amount of storage you need without having to unnecessarily use up resources. Amazon RDS automatically replaces the compute instance powering your deployment in the event of a hardware failure, reducing your need to maintain backup infrastructure that remains mostly idle.
With Amazon S3, you can store data across a range of different S3 storage classes for specific access patterns such as frequent, infrequent, and archival usage. AWS Backup uses lifecycle policies to create and delete Amazon RDS volumes, with a 7-day retention period. These features help you reduce storage resources, minimizing your overall carbon footprint.
Implementation Resources
A detailed guide is provided to experiment and use within your AWS account. Each stage of building the Guidance, including deployment, usage, and cleanup, is examined to prepare it for deployment.
The sample code is a starting point. It is industry validated, prescriptive but not definitive, and a peek under the hood to help you begin.
Related Content
[Title]
Disclaimer
The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.
References to third-party services or organizations in this Guidance do not imply an endorsement, sponsorship, or affiliation between Amazon or AWS and the third party. Guidance from AWS is a technical starting point, and you can customize your integration with third-party services when you deploy the architecture.