Architecture overview - AWS Perspective

Architecture overview

Deploying this solution with the default parameters builds the following environment in the AWS Cloud.

      AWS Perspective architecture on AWS

Figure 3: AWS Perspective architecture on AWS

The AWS CloudFormation template deploys AWS Perspective to your account. The following overview describes the six components and their associated AWS services deployed with the solution. For additional details about each component, refer to the Solution components section.

  1. CloudFront Functions add HTTP Strict-Transport-Security (HSTS) security headers for each response from the Amazon CloudFront distribution.

  2. An Amazon Simple Storage Service (Amazon S3) bucket hosts the web user interface (web UI), which is distributed via Amazon CloudFront. Amazon Cognito authenticates user access to the web UI.

  3. AWS Amplify and an Amazon S3 bucket are deployed for the storage management component to store user preferences and saved architecture diagrams. 

  4. Amazon API Gateway endpoints allow the web UI component to request resource relationship data from the data component. AWS AppSync endpoints allow the web UI component to request resource relationship data, import new AWS Regions, and update preferences.

  5. API Gateway and AWS AppSync use JSON Web Tokens (JWTs) provisioned by Amazon Cognito to authenticate each request.

  6. The Settings AWS Lambda  function persists imported Regions and other configurations to Amazon DynamoDB.

  7. The data component uses the Gremlin Lambda function to query and return data from an Amazon Neptune database.

  8. The data component uses the Search Lambda function to query and persist resource data into an Amazon OpenSearch Service domain.

  9. The Cost Lambda function uses Amazon Athena to query AWS Cost and Usage Reports (AWS CUR) to provide estimated cost data to the web UI.

  10. Amazon Athena runs queries on AWS CUR.

  11. AWS CUR delivers the reports to the CostAndUsageReportBucket Amazon S3 bucket. 

  12. The Cost Lambda function stores the Amazon Athena results in the AthenaResultsBucket Amazon S3 bucket.

  13. AWS CodePipeline and AWS CodeBuild build the discovery component container image in the image deployment component.

  14. Amazon Elastic Container Registry (Amazon ECR) contains a Docker image provided by the image deployment component. 

  15. Amazon Elastic Container Service (Amazon ECS) manages the AWS Fargate task and provides the configuration required to run the task. AWS Fargate runs a container task every 15 minutes to refresh inventory and resource data.

  16. AWS Config and AWS SDK calls help the discovery component maintain an inventory of resource data from imported Regions, then store its results in the data component.

  17. The AWS Fargate task persists the results of the AWS Config and AWS SDK calls into an Amazon Neptune database and an Amazon OpenSearch Service domain via API calls to the ServiceGremlinAPI API Gateway resource. The API is invoked by the Search Lambda function.