Architecture details
This section describes the components and AWS services that make up this solution and the architecture details on how these components work together.
AWS services in this solution
| AWS service | Description |
|---|---|
|
AWS Transit Gateway |
Core. Deploys a transit gateway that connects VPCs through a central hub. |
|
AWS Lambda |
Core. Deploys multiple Lambda functions to support core microservices and create transit gateway attachments. |
|
AWS Step Functions |
Core. Deploys a state machine to orchestrate the subnet and VPC tagging events and create transit gateway attachments. |
|
Amazon DynamoDB |
Core. Deploys a DynamoDB table for VPC and transit gateway attachments, and for transit gateway peering attachments. |
|
Amazon EventBridge |
Core. Deploys an event bus and event rules to connect components of the solution. |
|
AWS X-Ray |
Supporting. Deploys traces for API Gateway and Step Functions, allowing you to investigate root causes of failures. |
|
Amazon SNS |
Optional. Deploys a topic that sends an email notification with the optional web UI URL. |
|
Amazon Cognito |
Optional. Deploys a user pool that supports identity authentication for the optional web UI. |
|
AWS AppSync |
Optional. Deploys AWS AppSync schema and resolvers for the DynamoDB table and Lambda functions. Using resolvers, AWS AppSync translates GraphQL requests and fetches information from DynamoDB. |
|
Amazon S3 |
Optional. Deploys Amazon S3 buckets to host the web UI assets. |
|
AWS WAF |
Optional. Deploys AWS WAF web access control list (ACL) to protect AWS AppSync from common security events, such as SQL injection and cross-site scripting (XSS). |
|
Amazon CloudFront |
Optional. Deploys CloudFront with an Amazon S3 bucket as the origin. This restricts access to the Amazon S3 bucket so that it’s not publicly accessible and prevents direct access from the bucket. |
