What does this AWS Solutions Implementation do?
Amazon S3 Standard, S3 Standard–IA, S3 One Zone-IA, S3 Intelligent-Tiering, S3 Glacier, and S3 Glacier Deep Archive storage classes are all designed to provide 99.999999999% durability of objects over a given year. These services are designed to sustain concurrent device failures by quickly detecting and repairing any lost redundancy, and they also regularly verify the integrity of data using checksums.
The Serverless Fixity for Digital Preservation Compliance solution makes it easier for customers who require an on-demand fixity check process to validate the checksums for compliance and audit requirements. Using this solution, AWS customers can check the integrity of their objects stored in any Amazon S3 storage class using either the MD5 or SHA1 checksum algorithm without having to incur the cost and complexity of third-party software.
With this solution, you can start the fixity check process using the AWS Management Console, Amazon API Gateway, or the AWS Command Line Interface (CLI). Fixity check results are mailed to subscribers using Amazon Simple Notification Service (Amazon SNS) notifications.
AWS Solutions Implementation overview
The diagram below presents the architecture you can automatically deploy using the solution's implementation guide and accompanying AWS CloudFormation templates.

Serverless Fixity for Digital Preservation Compliance solution architecture
This solution includes an AWS CloudFormation template (serverless-fixity-for-digital-preservation-compliance) you deploy in the account you want to run on-demand automated fixity checks. The template launches an AWS Step Functions state machine, AWS Lambda functions, and Amazon SNS. The AWS Step Functions state machine workflow restores and computes using either an MD5 or SHA1 checksum algorithm, and validates objects stored in your Amazon S3 buckets.
The solution orchestrates the fixity check process in various states. If necessary, the workflow restores the object from the Amazon S3 Glacier or Amazon S3 Glacier Deep Archive storage class. Then, the process incrementally computes the fixity. After the MD5 or SHA1 checksum is calculated, the calculated checksum is validated with the original checksum value stored with the object. The results of the fixity check process are sent to an Amazon SNS topic, which is then sent to subscribers.
The solution also creates an Amazon API Gateway endpoint that provides a RESTful API to start and monitor the fixity check process. The RESTful API requires authentication using valid AWS Identity and Access Management (IAM) credentials. By default, the solution works with Amazon S3 buckets and objects in your existing AWS account in which the solution is deployed.
Serverless Fixity for Digital Preservation Compliance
Version 1.0
Last updated: 12/2019
Author: AWS
Estimated deployment time: 5 min
Implementation resources
Note: To subscribe to RSS updates, you must have an RSS plug-in enabled for the browser you are using.
Features
Fixity checks using native AWS services
Flexible fixity check options
Meet compliance requirements
Receive notifications for fixity check results

Browse our library of AWS Solutions Implementations to get answers to common architectural problems.

Find AWS certified consulting and technology partners to help you get started.

Browse our portfolio of Consulting Offers to get AWS-vetted help with solution deployment.