Below presented are the architecture and the web portal of Service Workbench.
About the architecture diagram:
- Management Account: It includes an Amazon Organizations organization or a virtual organization and necessary Amazon Identity and Access Management (Amazon IAM) functional roles.
- Infrastructure Account: It centrally manages Amazon Systems Manager parameter store, Amazon Simple Notification Service (Amazon SNS) topics, Amazon CodePipeline pipelines, Amazon CodeBuild projects and Amazon CodeCommit repositories. It includes Amazon Step Functions deploy and destroy state machines, the Amazon Service Catalog Account Factory, Pipeline Factory and Repository Factory products, to implement infrastructure-as-code automation.
- Security Account: It centrally manages Amazon Key Management Service (Amazon KMS) customer keys. It includes alternative solutions to Service Control Policies and Tag Policies for Amazon Web Service China Regions. It provides the security enhancements based on Amazon GuardDuty and Amazon Security Hub. It integrates the latest KeyCloak to provide user federation based on Amazon Fargate. It provides user interface backend based on Amazon AppSync.
- Logs Account: It centrally manages Amazon Simple Storage Service (Amazon S3) buckets for logs from Amazon CloudTrail, Amazon Config, Amazon GuardDuty, Amazon Virtual Private Cloud (Amazon VPC) flow and elastic load balancing logs. It includes an Amazon OpenSearch Services domain to search and show logs. It includes an Amazon CloudFront distribution for user interface frontend.
- Network Account: It centrally manages Amazon VPCs and their related resources, such as subnets, security groups, route tables, interface endpoints, Internet gateways, NAT gateways, Amazon Transit Gateways and Amazon Route 53 private hosted zones. It securely provides private connections based on Amazon PrivateLink. It provides holistical planning and one-click deployment of networking connectivity based on transit gateway.
- Member Accounts: They are bootstrapped and configured based on the best practices recommended by Amazon Web Services.
- Other Regions: It deploys and governs other Amazon Web Services Regions. It provides cross-regional networking connectivity based on transit gateway peering connection.
Browse our portfolio of Amazon Web Services -built solutions to common architectural problems.
Find Amazon Web Services certified consulting and technology partners to help you get started.
Sign-up and start exploring our services.