AWS Well-Architected design considerations

The solution pushes metrics to Amazon CloudWatch to provide observability into its components (such as its infrastructure and Lambda functions).

AWS X-Ray traces Lambda functions.

Uses Amazon SNS for error reporting.

All inter-service communications use IAM roles.

All multi-account communications use IAM roles.

All roles used by the solution follow least-privilege access. In other words, they only contain minimum permissions required so that the service can function properly.

All data storage including DynamoDB tables have encryption at rest.

The solution uses serverless AWS services wherever possible (such as Lambda and DynamoDB) to ensure high availability and recovery from service failure.

Data processing uses Lambda functions. The solution stores data in DynamoDB, so it persists in multiple Availability Zones by default.

The solution uses serverless architecture.

You can launch the solution in any AWS Region that supports the AWS services used in this solution (such as Lambda and DynamoDB). For details, refer to Supported AWS Regions.

The solution is automatically tested and deployed every day. Our solution architects and subject matter experts review the solution for areas to experiment and improve.

The solution uses serverless architecture, and customers pay only for what they use.

The compute layer defaults to Lambda, which uses a pay-per-use model.

The solution uses managed and serverless services to minimize the environmental impact of the backend services.

The solution's serverless design is aimed at reducing carbon footprint compared to the footprint of continually operating on-premises servers.