Authentication mechanism Supported resources Workload Discovery on AWS architecture diagram management

Architecture details

This section describes the components and AWS services that make up this solution and the architecture details on how these components work together.

Authentication mechanism

Workload Discovery on AWS uses an Amazon Cognito user pool for both the UI and AWS AppSync authentication. Once authenticated, Amazon Cognito provides a JSON Web Token (JWT) to the web UI that will be provided with all subsequent API requests. If a valid JWT is not provided, the API request will fail and return an HTTP 403 Forbidden response.

Supported resources

For a list of AWS resource types that Workload Discovery on AWS can discover within your accounts and Regions, refer to Supported resources.

Workload Discovery on AWS architecture diagram management

You can save Workload Discovery on AWS architecture diagrams using the web UI where create, read, update, and delete (CRUD) operations can be performed. The AWS Amplify storage API allows Workload Discovery on AWS to store architecture diagrams in an Amazon S3 bucket. There are two levels of permissions available:

All users - Allows Workload Discovery on AWS architecture diagrams to be visible to Workload Discovery on AWS users in your deployment. Users can download and edit these diagrams.
You - Allows Workload Discovery on AWS architecture diagrams to be visible only to the creator. Other users will not be able to view them.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS Well-Architected design considerations

Web UI and storage management