Architecture details

This section describes the components and AWS services that make up this solution and the architecture details on how these components work together.

AWS services in this solution

AWS service	Description
AWS CloudFormation	Core. Used to deploy the solution and develop MCS internal and Third-Party Modules.
Amazon CloudFront	Core. Used to cache and deliver the MCS web console hosted in Amazon S3.
Amazon Cognito	Core. Provides authentication to the MCS web console and API.
Amazon DynamoDB	Core. Used to store information about MCS modules and the state of the modules.
Amazon EC2	Core. Used to run the workstations managed by the MCS Workstation Management module. MCS uses Amazon EC2 Image Builder to build Windows and Linux Amazon Machine Images (AMIs) used in the solution.
AWS Global Accelerator	Core. Used to manage connections between MCS Workstation Management module and Amazon EC2 workstations.
IAM	Core. Used to authorize access to MCS using roles to manage resources effectively. MCS resources are limited by roles and policies defined in IAM and in Cognito user pools.
AWS Lambda	Core. Handles the processing logic for adding, updating, editing, or deleting MCS modules and storing sensitive information in Secrets Manager.
Amazon RDS for PostgreSQL	Core. Used as a database for the Leostream Broker EC2 instances.
Amazon Route 53	Core. Used to manage domain resolution to load balancer addresses.
AWS Secrets Manager	Core. Used to store module parameters that contain sensitive information.
AWS Service Catalog	Core. Used to manage the portfolio of MCS modules and to provision the CloudFormation stack when modules are enabled.
Amazon VPC	Core. Used to deploy an isolated virtual networking environment to build the MCS studio. Users can create a new VPC or import an existing one.
Amazon CloudWatch	Supporting. Used for monitoring the solution and logs.
Amazon EventBridge	Supporting. Listens to CloudFront changes and invokes Lambda to update the state of MCS modules in DynamoDB.
Amazon Simple Storage Service	Supporting. Provides object storage for content used in the MCS web console.
AWS Systems Manager Parameter Store	Supporting. Provides application-level resource monitoring, visualization of resource operations, and secrets management.
Amazon DCV	Supporting. Used to connect users securely to the workstations.
AWS Directory Service	Optional. Used to deploy an instance of AWS Managed Microsoft AD.
Amazon FSx for Windows File Server	Optional. Used to deploy a fully managed shared file system built on Windows Server.
AWS Step Functions	Optional. Used to register and deregister MCS Third-Party Modules.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS Well-Architected design considerations

Module categories