This Guidance helps you send DICOM images directly to the cloud and store these images in Amazon Simple Storage Service (Amazon S3). This is accomplished by configuring a DICOM destination in your existing Picture Archiving and Communication System (PACS) or Vendor Neutral Archive (VNA) systems. The DICOM destination will be capable of receiving instances using DICOM Message Service Element (DIMSE). In this Guidance, image data is encrypted, and data storage is scalable to support variable workloads.

Please note: [Disclaimer]

Architecture Diagram

[Architecture diagram description]

Download the architecture diagram PDF 

Well-Architected Pillars

The AWS Well-Architected Framework helps you understand the pros and cons of the decisions you make when building systems in the cloud. The six pillars of the Framework allow you to learn architectural best practices for designing and operating reliable, secure, efficient, cost-effective, and sustainable systems. Using the AWS Well-Architected Tool, available at no charge in the AWS Management Console, you can review your workloads against these best practices by answering a set of questions for each pillar.

The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.

  • This Guidance is deployed using AWS CDK, which allows operators to reduce deployment risk and gives them better control over the deployment process. By using Amazon ECR to store versioned container images, operators can more easily test changes and revert failed deployments with minimal impact to end users or the availability of the system. CloudWatch collects metrics and logs to provide insight into the operation of the system, making it easier to troubleshoot issues.

    Read the Operational Excellence whitepaper 
  • IAM roles and policies allow the system to contain no hard-coded credentials. AWS security groups and VPC endpoints are used to provide fine-grained access control. Further, this Guidance provides network segregation using public and private subnets. Data in transit is protected using TLS encryption. Data at rest is encrypted while stored on Amazon S3. Communication between tasks and Amazon S3 occurs over a VPC gateway endpoint and does not traverse the public internet.

    Read the Security whitepaper 
  • Elastic Load Balancing (ELB) routes requests to multiple Fargate tasks, running in different Availability Zones (AZs). Using managed services such as ELB and Fargate improves reliability by removing single points of failure. The Fargate scheduler replaces failed tasks, and auto scaling allows the system to respond to changes in load without impacting clients or end users. As more DICOM images are received and processed in parallel, auto scaling helps ensure necessary resources are available across multiple AZs.

    Read the Reliability whitepaper 
  • Fargate provides flexible task-sizing for both compute and memory capacity. This helps match resources to workload requirements to avoid overprovisioning. Amazon S3 provides performant object storage with virtually unlimited scalability, high availability, and multiple access tiers. Amazon S3 allows parallel access to objects without performance impact, and you can choose the most appropriate storage class based on data access for your workload.

    Read the Performance Efficiency whitepaper 
  • Amazon S3 Intelligent-Tiering can reduce storage cost by automatically transitioning objects into a lower cost tier based on access patterns. Additionally, VPC endpoints allow connectivity between AWS services over private networking and can be used to reduce public data transfer and NAT gateway costs. This helps minimize data transfer outside of the VPC, reducing overall data transfer charges. Fargate allows for tracking and automated adjustment of provisioned compute based on current system load, and tasks can be appropriately sized to maximize cost efficiency.

    Read the Cost Optimization whitepaper 
  • Amazon S3 and Fargate are managed services (operated at scale by AWS), which reduces the amount of infrastructure needed to support your workloads. Additionally, Amazon S3 Lifecycle policies can be used to reduce storage resources by automating the deletion of unneeded data.

    Read the Sustainability whitepaper 

Implementation Resources

The sample code is a starting point. It is industry validated, prescriptive but not definitive, and a peek under the hood to help you begin.

[Content Type]


This [blog post/e-book/Guidance/sample code] demonstrates how [insert short description].


The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.

References to third-party services or organizations in this Guidance do not imply an endorsement, sponsorship, or affiliation between Amazon or AWS and the third party. Guidance from AWS is a technical starting point, and you can customize your integration with third-party services when you deploy the architecture.