AWS Architecture Blog
Category: Security, Identity, & Compliance
Migrate your Applications to Containers at Scale
AWS App2Container is a command line tool that you can install on a server to automate the containerization of applications. This simplifies the process of migrating a single server to containers. But if you have a fleet of servers, the process of migrating all of them could be quite time-consuming. In this situation, you can […]
Field Notes: Analyze Cross-Account AWS KMS Call Usage with AWS CloudTrail and Amazon Athena
Businesses are expanding their footprint on Amazon Web Services (AWS) and are adopting a multi-account strategy to help isolate and manage business applications and data. In the multi-account strategy, it is common to have business applications deployed in one account accessing an Amazon Simple Storage Service (Amazon S3) encrypted bucket from another AWS account. When […]
How Parametric Built Audit Surveillance using AWS Data Lake Architecture
Parametric Portfolio Associates (Parametric), a wholly owned subsidiary of Morgan Stanley, is a registered investment adviser. Parametric provides investment advisory services to individual and institutional investors around the world. Parametric manages over 100,000 client portfolios with assets under management exceeding $400B (as of 9/30/21). As a registered investment adviser, Parametric is subject to numerous regulatory […]
Field Notes: Building Multi-Region and Multi-Account Tools with AWS Organizations
This blog post was updated November 19, 2021. It’s common to start with a single AWS account when you are beginning your cloud journey with AWS. Running operations such as creating, reading, updating, and deleting resources in a single AWS account can be straightforward with AWS application program interfaces (APIs). Because an organization grows, so […]
Journey to Adopt Cloud-Native Architecture Series: #4 – Governing Security at Scale and IAM Baselining
In Part 3 of this series, Improved Resiliency and Standardized Observability, we talked about design patterns that you can adopt to improve resiliency, achieve minimum business continuity, and scale applications with lengthy transactions (more than 3 minutes). As a refresher from previous blogs in this series, our example ecommerce company’s “Shoppers” application runs in the cloud. […]
Field Notes: Integrating Active Directory Federation Service with AWS Single Sign-On
Enterprises use Active Directory Federation Services (AD FS) with single sign-on, to solve operational and security challenges by allowing the usage of a single set of credentials for multiple applications. This improves the user experience and helps manage access to the applications in a centralized way. AWS offers a native cloud-based single sign-on solution called […]
Using AWS Serverless to Power Event Management Applications
Most large events have common activities such as event registration, check-in upon arrival, and requesting of amenities. When designing applications, factors such as high availability, low latency, reliability, and security must be considered. In this blog post, we’d like to show how Amazon Web Services (AWS) can assist you in event planning activities. We’ll share […]
Visualize AWS Security Hub Findings using Analytics and Business Intelligence Tools
September 8, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. To improve the security posture in your organization, you first must have a comprehensive view of your security, operations, and compliance data. AWS Security Hub gives you a thorough view of your security alerts and security posture across all your […]
Convert and Watermark Documents Automatically with Amazon S3 Object Lambda
When you provide access to a sensitive document to someone outside of your organization, you likely need to ensure that the document is read-only. In this case, your document should be associated with a specific user in case it is shared. For example, authors often embed user-specific watermarks into their ebooks. This way, if their […]
Choosing Your VPC Endpoint Strategy for Amazon S3
This post was co-written with Anusha Dharmalingam, former AWS Solutions Architect. Must your Amazon Web Services (AWS) application connect to Amazon Simple Storage Service (Amazon S3) buckets? Must the connection scale to accommodate bandwidth demands? AWS offers a mechanism called VPC endpoint to meet these requirements. This blog post provides guidance for selecting the right […]