AWS Services Used - Spatial Data Management on AWS
Core ServicesContent Delivery and SecurityProcessing and IntegrationMonitoring and OperationsNetworking and Security

AWS Services Used

Core Services

Amazon S3 – Primary storage for spatial asset files with versioning, encryption, and lifecycle policies. Includes asset storage buckets, CloudFront origin buckets, and logging buckets.

Amazon DynamoDB – NoSQL database for application state with 11 tables managing libraries, projects, assets, files, connectors, members, resource associations, locks, and processing state. Point-in-time recovery enabled with 35-day retention.

Amazon OpenSearch Serverless – Search engine for full-text and geospatial queries with VPC endpoint integration and security policies.

AWS Lambda – Serverless compute for API handlers, event processing, and workflow orchestration. Includes deployment UUID generation, CloudFront key generation, asset management, and event processing functions.

Amazon API Gateway – REST API management with Cognito and IAM authorization, throttling, usage plans, and monitoring.

Content Delivery and Security

Amazon CloudFront – Global content delivery network for web portal and asset previews with HTTPS enforcement, custom domain support, and edge optimization.

Amazon Cognito – User authentication and authorization with user pools, identity pools, MFA enforcement, and API Gateway integration.

AWS KMS – Encryption key management for S3, DynamoDB, Lambda environment variables, and CloudWatch logs with automatic yearly rotation.

AWS IAM – Identity and access management with service roles, resource policies, and least privilege access control.

AWS Secrets Manager – Secure storage for service credentials with 30-day rotation policy.

Amazon Verified Permissions – Cedar-based authorization service for fine-grained access control with policy store management, batch authorization requests, and schema validation.

Processing and Integration

AWS Deadline Cloud – Managed service for rendering, transcoding, and batch processing with render farm configuration and job management.

Amazon EventBridge – Event bus for workflow orchestration, asset processing events, and system notifications.

Amazon SQS – Message queuing for asset processing and notification delivery with FIFO queues, encryption, dead letter queues, and retry policies.

Amazon SNS – Notification service for system alerts, error notifications, and status updates with topic encryption and delivery tracking.

Monitoring and Operations

Amazon CloudWatch – Metrics collection, log aggregation, and alarms for Lambda invocations, API Gateway requests, and custom application metrics.

AWS CloudTrail – Multi-region API activity logging for security and compliance with S3 storage and management event tracking.

AWS X-Ray – Distributed tracing for Lambda and API Gateway with service maps, trace analysis, and performance monitoring.

AWS Glue Data Catalog – Metadata repository for analytics tables with database and table definitions for audit events and telemetry data.

Amazon Athena – SQL query service for analyzing CloudTrail logs, access logs, and usage patterns with AWS Glue Data Catalog integration.

Networking and Security

Amazon VPC – Private network for API Gateway, Lambda, and Deadline Cloud with VPC endpoints for S3, DynamoDB, and OpenSearch Serverless.

Amazon VPC Endpoints – Private network access to AWS services for Lambda, S3, DynamoDB, and OpenSearch Serverless.

Amazon Security Groups – Network access control for VPC resources with inbound and outbound rules.

Amazon Route 53 – DNS service for API Gateway custom domain and CloudFront custom domain.

Amazon Certificate Manager – SSL/TLS certificate management for CloudFront custom domain and API Gateway custom domain.

Next: Core Concepts