# Architecture overview
This document describes the technical architecture of Spatial Data Management on AWS, including the AWS services used and how they interact.
## High-Level Architecture
![\[High-level architecture diagram showing the three main layers of Spatial Data Management on AWS\]](http://docs.aws.amazon.com/solutions/latest/spatial-data-management-on-aws/images/high_level_architecture_interfaces.svg)
The Spatial Data Management on AWS solution is deployed entirely within your AWS account. The architecture consists of three main layers:
### Client Layer
Users and external applications access the solution through multiple interfaces:
+ **Spatial Data Portal** – Web application (Amazon CloudFront and React) and desktop application (Tauri and Rust)
+ **REST APIs** – Programmatic access via Amazon API Gateway
+ **CLI Tools** – Python-based command-line interface
+ **Direct S3 Access** – Temporary credentials for large file uploads and downloads
### SDMA Deployment (Your AWS Account)
The core solution includes:
+ **Control Plane** – Amazon API Gateway and AWS Lambda functions for business logic and orchestration
+ **Data Plane** – Amazon S3 for spatial asset storage with content-addressable architecture
+ **Metadata Layer** – Amazon DynamoDB for resource metadata and Amazon OpenSearch Serverless for full-text search
+ **Integration Layer** – Amazon EventBridge, Amazon SQS, and connectors for external system integration
+ **Security Layer** – Amazon Cognito for authentication and Amazon Verified Permissions for authorization
### External Applications
Third-party systems integrate through:
+ **REST APIs** – Standard HTTP/HTTPS endpoints
+ **S3 APIs** – Direct access to spatial assets with temporary credentials
+ **Webhooks** – Event notifications for asset changes
+ **Connectors** – Pre-built integrations for common platforms (Digital Twin, Geographic Information Systems (GIS), and Computer-Aided Design (CAD) tools)