Architecture Overview - Operations Conductor

Architecture Overview

Deploying this solution builds the following environment in the AWS Cloud.

        Operations Conductor architectural overview

Figure 1: Operations Conductor architecture on AWS

This solution includes an AWS CloudFormation template that you deploy in the primary account. This template launches an Amazon API Gateway to invoke the solution's microservices (AWS Lambda functions). The microservices provide the business logic to manage events and tasks. The microservices interact with Amazon Simple Queue Service (Amazon SQS), AWS Systems Manager, and Amazon DynamoDB to provide storage for task details and results.

The primary template also automatically generates additional AWS CloudFormation templates in an Amazon Simple Storage Service (Amazon S3) bucket. These templates enable you to create cross-account and region AWS Identity and Access Management (IAM) roles to perform actions in secondary accounts and regions, and forward events. You can modify and build upon these templates to create custom actions that extend the solution’s functionality.

When a user creates a task, the task service Lambda function creates an Amazon CloudWatch Events rule and generates an AWS CloudFormation template that is stored in the solution-created cloudformation template Amazon S3 bucket. This template must then be deployed by the user in all accounts and regions where the solution should execute that task. Deploying a secondary template creates an IAM role and policy to grant the solution the necessary permissions required to act on resources as the task is executed. When tasks are event-based, the secondary template also deploys an Amazon CloudWatch Events rule to intake resource events, and a Lambda function to forward the event to the Amazon Simple Notification Service (Amazon SNS) topic.