This Guidance allows brands to upload audience outputs without having to build custom workflows. AWS Glue and AWS Lambda automatically prepare, transform, and upload audience outputs from AWS Clean Rooms into TikTok Ads.
Architecture Diagram
Step 1
The TikTok access token and advertiser_id are securely updated in AWS Secrets Manager.
Step 2
After an AWS Clean Rooms collaboration, custom audience data such as emails, phone numbers, or mobile advertiser IDs are hashed, encrypted, and stored in designated prefixes in an Amazon Simple Storage Service (Amazon S3) bucket.
The Amazon S3 bucket is encrypted using AWS Key Management Service (AWS KMS).
Step 3
Amazon EventBridge routes the Amazon S3 object event to Amazon Simple Queue Service (Amazon SQS), enabling support for API retry, replay, and throttling.
Step 4
Amazon SQS queue events initiate the AWS Lambda audience upload function.
Step 5
The Lambda audience upload function retrieves the access token and advertiser_id from Secrets Manager and uploads the target custom audience data to TikTok Ads™ using TikTok API for Business.
Step 6
TikTok Ads direct advertisers and agencies or companies leverage this custom audience data for audience targeting.
Well-Architected Pillars
The AWS Well-Architected Framework helps you understand the pros and cons of the decisions you make when building systems in the cloud. The six pillars of the Framework allow you to learn architectural best practices for designing and operating reliable, secure, efficient, cost-effective, and sustainable systems. Using the AWS Well-Architected Tool, available at no charge in the AWS Management Console, you can review your workloads against these best practices by answering a set of questions for each pillar.
The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.
-
Operational Excellence
Amazon CloudWatch collects logs, metrics, and events to understand the internal state and health of workload. Users can extend this guidance by using CloudWatch alarms to watch metrics and receive notifications when metrics fall outside of the set thresholds, and then act to respond to the events.
Use CloudWatch Events to deliver a near real-time stream of system events that describe changes in resources. CloudWatch Logs enables users to monitor, store, and access log files from various resources and monitor information in the log files to notify when certain thresholds are met.
-
Security
AWS Identity and Access Management (IAM) is used to set and manage fine-grained access control. Least-privilege policies are used to grant only the permissions required to perform the task. With serverless architecture, there is no infrastructure to maintain.
Data in transit is encrypted using TLS to create a secure HTTPS connection. Data at rest is encrypted using AWS KMS.
Amazon SQS uses AWS KMS to encrypt the data inside. AWS KMS ensures data persists in an encrypted format to protect it from any unauthorized access.
Secrets Manager enables users to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.
-
Reliability
Serverless technologies used in this solution have built-in fault tolerance and automatically scale based on the demand.
Serverless applications use the AWS global infrastructure that is built around AWS Regions and Availability Zones. AWS Regions provide multiple physically separated and isolated Availability Zones, which are connected with low-latency, high-throughput, and highly redundant networking. Availability Zones are highly available, fault tolerant, and scalable; services automatically fail over between Availability Zones without interruption.
Lambda, Amazon SQS, and EventBridge are subject to region-specific service quotas. Users can contact AWS Support to request a quota increase based on needs. Amazon SQS and Lambda can be used to set up retries, back-off rates, max attempts, intervals, and timeouts for any failed AWS Glue jobs.
CloudWatch is used to collect and track metrics, collect and monitor log files, and set alarms.
-
Performance Efficiency
This solution uses a serverless approach that minimizes undifferentiated work around managing servers and infrastructure management tasks, like capacity provisioning and patching, so that users can focus more on business needs. This Guidance inherits the tenets of serverless – no server management, built-in fault tolerance, continuous scaling, and pay-for-value services. In addition, the use of serverless services allows comparative testing against varying load levels and configurations.
Amazon SQS is a messaging service that stores messages in a queue, thus enabling users to decouple and scale the application.
-
Cost Optimization
This guidance uses AWS serverless services (AWS SQS, Amazon S3, Lambda, EventBridge) with no upfront cost. With Amazon S3, the user pays for storing objects in buckets. There are per-request ingest charges when using PUT, COPY, or lifecycle rules to move data into any Amazon S3 storage class. Serverless architecture optimizes resource use based on demand and the user pays only for the resources they consume. Users can also automate cost usage alerts and measure costs specific to each tenant, application module, and service.
With the EventBridge Free Tier, the user can schedule rules to initiate data processing using Lambda. Lambda users are charged based on the number of state transitions.
Users might incur costs for moving data from AWS to the TikTok for Business API.
-
Sustainability
Serverless services used in this guidance (Amazon SQS, Lambda, Amazon S3) automatically optimize the resources utilization in response to demand. By using serverless services, applications can maximize overall resource use because compute is only used as needed. The efficient use of serverless resources reduces the overall energy required to operate the workload.
Users can extend this guidance by using Amazon S3 lifecycle configurations to define policies to move objects to different storage classes based on access patterns.
Implementation Resources
A detailed guide is provided to experiment and use within your AWS account. Each stage of building the Guidance, including deployment, usage, and cleanup, is examined to prepare it for deployment.
The sample code is a starting point. It is industry validated, prescriptive but not definitive, and a peek under the hood to help you begin.
Related Content
[Title]
Disclaimer
The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.
Any customer list output from your Amazon environment that you are seeking to activate through TikTok’s Custom Audiences will still need to adhere to TikTok’s Custom Audience terms, including verifying that data you share with TikTok does not include information about children, sensitive health or financial information, other categories of sensitive information. For full details, please review TikTok's Custom Audience Terms.