reference deployment

Fintech Blueprint on AWS

Cloud-based infrastructure for financial-technology software

This Quick Start deploys Fintech Blueprint on the Amazon Web Services (AWS) Cloud. Fintech Blueprint is a reference architecture for financial-technology (fintech) applications. It's for companies that want to manage their business-to-business (B2B) or business-to-consumer (B2C) fintech software in the cloud.

The Quick Start is called a blueprint because its architecture is analogous to an empty house. After you deploy it, you furnish it with the resources you need for your product or service. The architecture has partitioned virtual private clouds (VPCs) that separate fintech production, management, and development processes. The Quick Start configures this architecture for identity management, virtual private network (VPN) access control, encryption, network isolation, logging, alarms, and compliance auditing.

You can develop or host your B2B or B2C fintech products in this environment. In addition, you can use the AWS Service Catalog to install prepackaged financial tools from leading fintech software vendors and open-source tools. You can also launch any applicable AWS Quick Start—such as SWIFT Client Connectivity—from the link provided on its webpage or in its deployment guide.

aws-logo-for-quick-start-150x90

This Quick Start was developed by AWS.

  •  What you'll build
  •  How to deploy
  •  Cost and licenses
  •  Add-on products
  •  What you'll build
  • This Quick Start sets up the following:

    • A highly available architecture with three VPCs, each spanning two Availability Zones. The VPCs contain public and private subnets according to AWS best practices, to provide you with your own virtual networks on AWS. The isolated subnets are for sensitive resources, such as databases that should be addressable only by your internal networks and need no outbound internet access.
      • A production VPC into which you can deploy public and internal applications.
      • A management VPC with AWS Client VPN endpoints in the public subnets. This VPC helps secure connectivity to your VPCs. Your company's employees use this VPC to access your private cloud resources.
      • A development VPC for your developers to build and test your products.
    • Peering connections so that you can connect using Secure Shell (SSH) and remote desktop access from the management VPC to private subnets in the production and development VPCs.
    • AWS Config to assess, audit, and evaluate the security compliance of your AWS resources and remediate deviations from the following conformance packs:
      • Operational Best Practices for Payment Card Industry Data Security Standard (PCI DSS) 3.2.1.
      • Operational Best Practices for AWS Identity and Access Management (IAM).
      • Operational Best Practices for Amazon Simple Storage Service (Amazon S3).
      • Operational Best Practices for National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF).
      • AWS Control Tower Detective Guardrails.
    • Amazon Route 53 for a private Domain Name System (DNS).
    • (Optional) An AWS Service Catalog portfolio with fintech tools that you can deploy into the production and development VPCs. For more information, see the Add-on products tab.
  •  How to deploy
  • To deploy Fintech Blueprint, follow the instructions in the deployment guide. The deployment process takes about 15 minutes and includes these steps:

    1. Sign in to your AWS account. If you don't have an AWS account, sign up at https://aws.amazon.com.

    2. Install the AWS Cloud Development Kit (CDK), and bootstrap the AWS CDK Toolkit stack.

    3. Deploy the Quick Start using AWS CDK. Choose the AWS Region from the top toolbar before creating the stack. You can enable a feature that restricts IAM actions to specific AWS Regions.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on the Quick Start.  

  •  Cost and licenses
  • You are responsible for the cost of the AWS services and any third-party licenses used while running this Quick Start reference deployment. There is no additional cost for using the Quick Start.

    The Fintech Blueprint Quick Start is released under Apache License 2.0.

    The AWS CloudFormation templates for this Quick Start include configuration parameters that you can customize. Some of these settings, such as instance type, affect the cost of deployment. For cost estimates, see the pricing pages for each AWS service you use. Prices are subject to change.

    Tip: After you deploy the Quick Start, create AWS Cost and Usage Reports to track costs associated with the Quick Start. These reports deliver billing metrics to an Amazon Simple Storage Service (Amazon S3) bucket in your account. They provide cost estimates based on usage throughout each month and aggregate the data at the end of the month. For more information about the report, see What are AWS Cost and Usage Reports?
  •  Add-on products
  • After deploying this Quick Start, you can launch any financial applications that are listed in the Fintech Blueprint Software Catalog portfolio in the AWS Service Catalog. Initially, this portfolio includes the SWIFT Client Connectivity Quick Start. This software requires a SWIFT account and software license. To register for a SWIFT account, see How to become a swift.com user?