reference deployment

SWIFT Client Connectivity Using AWS CDK

A standardized environment for connecting to the SWIFT network

View deployment guide
Download security controls matrix

This solution deploys SWIFT Client Connectivity in the Amazon Web Services (AWS) Cloud using the AWS Cloud Development Kit (AWS CDK) developed in Python. It creates a standardized environment for organizations with backend payment applications that need to interface with the SWIFT financial-messaging network.

The templates in this automated deployment include settings that follow the SWIFT Customer Security Programme (CSP) controls and the SWIFT Customer Security Controls Framework (CSCF), which comprises mandatory and advisory security controls for all SWIFT users. These templates do not replace the need for customer guidance when implementing SWIFT security controls in the cloud.

AWS is responsible for complying with certain SWIFT CSP requirements. A certificate of AWS compliance with SWIFT CSP controls is available through AWS Artifact. Certification is provided by DiXio.

AWS has also published a Terraform module that provides sample code for deploying a SWIFT Client Connectivity environment.

Deploying this solution does not guarantee an organization’s compliance with any laws, certifications, policies, or other regulations.

AWS logo

This solution was developed by AWS.

  •  What you'll build

  • This solution sets up the following:

    • An architecture that spans two Availability Zones.
    • A virtual private cloud (VPC) configured with private subnets, according to AWS best practices and following SWIFT Customer Security Programme CSP guidance, to provide you with your own virtual network on AWS.
    • In the private subnets:
      • An Amazon Elastic Compute Cloud (Amazon EC2) instance that runs Alliance Messaging Hub (AMH) and SWIFT Alliance Access (SAA) or Lite2.
      • An EC2 instance that runs SWIFT Alliance Gateway (SAG) and SWIFTNet Link (SNL).
      • (Optional) An Amazon Relational Database Service (Amazon RDS) Oracle instance running in active or standby mode to store configuration and message data for AMH.
      • An Amazon MQ instance to handle communication for AMH.
    • AWS Systems Manager, which removes the need for a jump server.
    • Amazon CloudWatch, which provides the mechanism to store, access, and monitor SWIFT activities.
    • AWS Secrets Manager, which encrypts, stores, and retrieves passwords.
    • A virtual private network (VPN) gateway with load balancing, which connects the VPC to AWS Direct Connect.*
    • AWS Direct Connect, which establishes private connectivity between AWS and data centers or colocation environments.*

    * The AWS CDK, which deploys this solution, does not include the components marked by asterisks because they require design decisions on how to connect to the SWIFT network.

  •  How to deploy

  • To deploy this solution, follow the instructions in the deployment guide, which includes these steps.

    1. Sign in to your AWS account. If you don’t have an AWS account, sign up at https://aws.amazon.com.
    2. If you are not already a SWIFT user, create a SWIFT account.
    3. Deploy this solution into a new VPC using AWS CDK and Python. The deployment process takes about 15 minutes to complete.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on this solution.  

    View deployment guide for details
  •  Costs and licenses

  • This deployment requires a SWIFT account and software license. To register for a SWIFT account, refer to How to become a swift.com user?

    You are responsible for the cost of the AWS services and any third-party licenses used while running this solution. There is no additional cost for using the solution.

    This solution includes configuration parameters that you can customize. Some of these settings, such as instance type, affect the cost of deployment. For cost estimates, refer to the pricing pages for each AWS service you use. Prices are subject to change.

    Tip: After you deploy a solution, create AWS Cost and Usage Reports to track associated costs. These reports deliver billing metrics to an Amazon Simple Storage Service (Amazon S3) bucket in your account. They provide cost estimates based on usage throughout each month and aggregate the data at the end of the month. For more information, refer to What are AWS Cost and Usage Reports?