AWS Solutions Library

Guidance for ISO 20022 Messaging Workflows on AWS

Modernize payment processes with an event-driven architecture

Go to sample code

Overview

This Guidance demonstrates how payment operators can deploy an event-driven architecture to receive, consume, and release ISO 20022 payment messages. Customers can benefit from a multi-Region architecture, tunable consistency, and with the decision-making process managed by API consumers. This allows for the acceptance, rejection, cancellation, and redrive of data processing workflows, with failover across AWS Regions. Payment operators can deploy this Guidance as a proxy in front of their existing payment infrastructure, on-premises, in the cloud, or use it as the foundational building block to modernize payment processes.

How it works

These technical details feature an architecture diagram to illustrate how to effectively use this solution. The architecture diagram shows the key components and their interactions, providing an overview of the architecture's structure and functionality step-by-step.

Download the architecture diagram

Well-Architected Pillars

The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.

Operational Excellence

This Guidance uses ready to deploy capabilities to monitor and observe your application's state and its business outcomes, it can be integrated through APIs, and deployed through infrastructure as code (IaC) of your choice. Amazon Elastic Container Registry (Amazon ECR) can store app-level code, and AWS Lambda can be deployed using continuous integration and continuous delivery (CI/CD) pipelines of your choice.

Read the Operational Excellence whitepaper

Security

This Guidance requires encryption in transit and at rest. API and AUTH endpoints have SSL/TSL enabled, and data stores such as Amazon S3, DynamoDB, Amazon Simple Queue Service (Amazon SQS), and Amazon SNS support encryption at rest using AWS Key Management Service (AWS KMS). AWS resources are protected through AWS Identity and Access Management (IAM), while Amazon API Gateway resources are protected through Cognito and 0Autho 2.0. Sensitive information, such as IDs, is stored using AWS Secrets Manager.

Read the Security whitepaper

Reliability

This Guidance supports reliability testing and implements Amazon S3 as a default backup and restore mechanism. Additionally, the transaction API verifies that each transaction ID is unique, First-In-First-Out (FIFO) queues verify that messages are processed in order and only once, and the Recovering API checks for Region failures and provides self-healing capabilities. AWS CloudWatch and AWS CloudTrail provide ready to deploy logs and default metrics, and you can choose an active-passive or an active-active architecture, depending on your requirements.

Read the Reliability whitepaper

Performance Efficiency

This Guidance uses serverless services, such as Lambda, Amazon Elastic Kubernetes Service (Amazon EKS), DynamoDB, and Amazon SQS, making it easier to scale and to monitor traffic and data access patterns. Additionally, you can submit ISO 20022 messages through APIs, observe experiment results through AWS monitoring and observability capabilities, and use the data in the AWS data services to further optimize your systems.

Read the Performance Efficiency whitepaper

Cost Optimization

This Guidance was built following Event-Driven Architecture (EDA) guidelines and best practices and uses serverless services that scale automatically with demand, so you only pay for the resources you actively use. You can also choose single-region or multi-region rates, depending on your requirements.

Read the Cost Optimization whitepaper

Sustainability

With serverless services, this Guidance makes it easier for you to scale and to maintain consistent high usage of deployed resources, minimizing the need for hardware and verifying that you will use only the minimum resources required. This Guidance also supports data access and storage patterns with services such as Amazon DynamoDB, Amazon SQS, Amazon SNS, and Amazon S3.

Read the Sustainability whitepaper

Implementation Resources

The sample code is a starting point. It is industry validated, prescriptive but not definitive, and a peek under the hood to help you begin.

Open sample code on GitHub

Disclaimer

The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.

Did you find what you were looking for today?

Let us know so we can improve the quality of the content on our pages