Learn how companies like FocusCura and Clouden have on-boarded hierarchical data at scale using Amazon Cloud Directory, a highly available, fully managed, serverless, hierarchical datastore. It’s well-suited for such use cases as human resources applications, course catalogs, device registry, network topology, and any application that needs fine-grained permissions (authorization). We do a deep dive into the internals of Cloud Directory and discuss best practices.

2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon Cloud Directory Deep Dive
Mahendra Chheda
Principal Product Manager – Technical
AWS Identity, Directory and Access Services
D A T 3 6 4

3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
Cloud Directory overview
Technical deep dive
Demo
Q & A

4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Relational vs. NoSQL vs. Graph to store hierarchical data
Graph
• Network-based
• Connections
• Think: LinkedIn
Relational
• Rows and columns
• Relationships
• Think: Online
banking
NoSQL
• Key-value store
• Quick lookups
• Think: Web applications

6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Real world example – Human resources
Dir.
Root
John
Jane Zoe
JimGregTim
Global
SFOLHR
Reporting
R&D
Data
scientist
Software
engineer
Operations
Sys
admin
Locations
Europe US

7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Challenges you might face
Traditional solutions
have inefficient queries
for multiple hierarchies
Inefficient
workarounds to
search for parent and
child objects
Inflexible schemas that
can’t be easily shared
across applications
Complex
infrastructure that is
expensive to scale

8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon Cloud Directory
Serverless cloud-scale hierarchical datastore
Organize
hierarchies of data
across multiple
dimensions
Scale
automatically on
managed
infrastructure
Adapt to
changing data
requirements
Search your
directory for
objects and
relationships
Name John
Doe

9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Customer use cases
• Large electronics chain is implementing IoT Device Registry
• Startup is implementing complex permissions across patients, organizations,
and applications
• Enterprise implementing Network Topography
Amazon Cognito Your User Pools built user management on Cloud Directory
AWS Organizations and AWS Single Sign-On (AWS SSO) built account
management and access control on Cloud Directory

10. Company: FocusCura
Industry: Healthcare
Use case: Collaborates with health care professionals to improve health care and make
care available to everyone, anytime and anywhere.
“With Amazon Cloud Directory, FocusCura has experienced significant positive impact
on business metrics such as faster time-to-market, optimized query for hierarchical data
and lower cost of operation.”
Customer Reference
Joris Janssen
CTO, FocusCura

11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
• Is my data hierarchical? Does it resemble a tree when drawn?
• Does my application heavily favor reads over writes?
• Do I have small attribute size (few KB)?
• Would I benefit from the lower management overhead and cost efficiency of a
serverless datastore?
• If yes: Cloud Directory is likely a good fit.
• In no: Amazon Neptune, Amazon Relational Database Service (Amazon RDS),
Amazon DynamoDB might be better options for your use case.
When should you consider Amazon Cloud Directory?

12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cloud Directory features
• Get started quickly with Managed Schema
• Express rich relationships across objects
• Parent-Child
• Typed Links
• Ability to add metadata in hierarchy with inheritance support - Policy
• Flexible indexing and search
• Search by Object Values
• Search by Object Type
Encryption in-transit and at-rest, Integration with Cloud Trail, In 10 regions today
Compliance: PCI, SOC 1/2/3, ISO 27001, ISO 27017, ISO 27018, and ISO 9001, HIPAA, FedRAMP

14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Dir.
Root
John
Jane Zoe
JimGregTim
Global
SFOLHR
Reporting
R&D
Data
scientist
Software
engineer
Operations
Sys
admin
Locations
Europe U.S.
Example – Parent-child relationship

15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Example – Typed links
Dir.
root
John
Jane
JimGregTim
Computers
Desktop
Reporting
R&D
Data
scientist
Software
engineer
Operations
Sys
admin
Devices
Laptop
Zoe
Typed links

16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Example – Policy
Dir.
Root
John
Jane Zoe
JimGregTim
Global
SFOLHR
Reporting
R&D
Data
scientist
Software
engineer
Operations
Sys
admin
Locations
Europe US
B
A
C
Policy

17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Basic definitions
OrganizationFacet {
OrganizationName
OrganizationAddress
OrganizationId
}
EmployeeFacet {
EmployeeName
EmployeeId
EmployeeEmail
}
Schema {
}
Node
Leaf
node
Leaf
node
Directory
Link
OrganizationFacet
EmployeeFacetEmployeeFacet

18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How do I get started?
Create
Schema
Publish
Schema
Create
Directory
Read/Write
Data
Create
Schema
Publish
Schema
Create
Directory
Read/Write
Data
Using Managed Schema – ability to develop faster with hierarchical data
Using Custom Schema – Strongly Typed Directory with data constraints

19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Create student directory
• Student directory to track students belonging to sports teams
• Use Managed Schema for rapid development
• Blog with code sample posted at
https://aws.amazon.com/blogs/database/rapidly-develop-applications-
on-amazon-cloud-directory-with-managed-schema/

21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Student directory
Directory
Root
Student
pool
Sport
Teams
LionsCougars
JimJane
Student Dimension Team DimensionSports Team
Directory
Captain
Football
Badminton
Id-123 Id-456
Typed Link Parent Child Link
Legend
Badminton

22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Call to action
Try out Cloud Directory sample code on GitHub
https://github.com/aws-samples/amazon-cloud-directory-sample
Read about Cloud Directory, such as blog posts, webinars, pricing, limits, and more
https://docs.aws.amazon.com/clouddirectory/latest/developerguide/resources.html

24. Thank you!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Mahendra Chheda
chheda@amazon.com

25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.