SlideShare a Scribd company logo

open-banking-on-aws.pdf

S
ssuser36a70f

Aws open banking design

Engineering
1 of 3
Download to read offline
Reviewed for technical accuracy September 7, 2021 © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Reference Architecture 2 Open Banking on AWS Use Amazon Web Services to open APIs for third parties and help you implement Open Banking regulations. 1 Overview A consumer accesses the licensed or accredited third party application - and provides consent to the third party to access consumer data or make a payment submission request. Third parties in Open Banking can be defined as authorized institutions that provide value-added services on top of the consumer’s regular banking needs, such as accounts information (balance check, recent transactions, statements) and payments (payment to merchants, people and registered payees). This approach enables use cases such as spend analysis, credit decisioning, payments for ecommerce transactions, and more. A Trust Service Provider (TSP) is a trusted entity authorized by a supervisory government body to verify the authenticity of banks and third parties, and issue digital certificates to third parties. A bank's IT environment, comprised of its AWS environment and data centers. 4 3 1 2 4 3
Reviewed for technical accuracy September 7, 2021 © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Reference Architecture Open Banking on AWS Use Amazon Web Services to open APIs for third parties and help you implement Open Banking regulations. 2 1 Streaming technologies such as Apache Kafka and queueing mechanisms like message queue (MQ) send and receive all new and updated transactions between the core banking systems and AWS. The bank’s data center is connected to AWS using a combination of AWS Direct Connect and AWS Site-to- Site VPN. Two diverse AWS Direct Connect connections are recommended for maximum resiliency. AWS Transit Gateway serves as the central hub on AWS to manage interconnectivity between workloads running in different AWS accounts. It shares the AWS Direct Connect and VPN connection with other workloads in the bank. An outbound VPC provides secure outbound access via a proxy, such as Squid. Mutual TLS (mTLS) provides transport layer security; banks authenticate accredited third parties and provide access tokens to them for calling Open Banking APIs. Amazon API Gateway provides the API management layer that exposes open banking APIs and Authorization APIs. AWS WAF (Web Application Firewall) integrates with the API Gateway for web protection. Amazon Simple Storage Service (Amazon S3) serves as a trust store, where public certificates of clients are stored for validating requests by API Gateway. Additionally, banks perform checks against a TSP to validate the authenticity and status of third parties. API Gateway uses a private integration VPC and AWS PrivateLink to connect to the private subnets hosting microservices in other AWS accounts. Amazon Route 53 provides traffic management and domain name resolution. Amazon CloudFront provides a content delivery network (CDN) that banks can use for exposing static data. AWS Shield (automatically available with CloudFront) protects against L3/L4 DDoS. AWS Shield Advanced (requires sign up) gives additional protection. 4 3 5 6 7 8 Description (Part 1 of 2) 1 2 3 4 8 5 6 7
Reviewed for technical accuracy September 7, 2021 © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Reference Architecture Open Banking on AWS Use Amazon Web Services to open APIs for Third-parties and help you implement Open Banking regulations. 9 AWS PrivateLink provides secure private connectivity on the Amazon network between VPCs and services hosted on AWS or on-premises. Open Banking API specifications for Account Information and Payments services are implemented using multiple container-based microservices hosted using Amazon Elastic Container Service (Amazon ECS) with AWS Fargate. Caching of customer account information is done using Amazon ElastiCache. Webhooks for payment status are hosted in this layer. Amazon DynamoDB stores consumer consents, aggregated data, and API performance metrics. Amazon Relational Database Service (Amazon RDS) holds a copy of the system of record which is synchronized in near real-time from the bank’s core system. Identity provider (IdP) for OAuth 2.0 implementation resides in separate AWS account so that other workloads in the bank can consume it securely. Customers can choose from AWS partners that provide IdP functionality or build a custom IdP. A separate developer sandbox is required for the third party to integrate with the bank’s AWS environment and build their products. AWS security services help enhance security posture. For example, Amazon GuardDuty monitors for malicious activity and unauthorized behavior; AWS Security Hub provides a comprehensive view of security alerts and security posture across AWS accounts. For more guidance, see Best Practices for Security, Identity & Compliance. Logs from all services are collected in Amazon S3 then analyzed and monitored by Amazon Elasticsearch Service. Management tools like AWS Systems Manager provide configuration management; AWS CloudFormation deploys environment; AWS code services enable CI/CD. Amazon EventBridge, Amazon Simple Queue Service (Amazon SQS), and Amazon Simple Notification Service (Amazon SNS) provide notification capability between services. 12 11 13 14 15 16 Description (Part 2 of 2) 17 18 9 10 13 14 11 12 15 16 17 18 10

Recommended

Open Banking APIs on AWS
Open Banking APIs on AWSOpen Banking APIs on AWS
Open Banking APIs on AWSAmazon Web Services
 
DBX Open Banking
DBX Open BankingDBX Open Banking
DBX Open BankingBase Camp
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a serviceAmazon Web Services
 
Open Banking via API Connect & DataPower
Open Banking via API Connect & DataPowerOpen Banking via API Connect & DataPower
Open Banking via API Connect & DataPowerIBM DataPower Gateway
 
The Path to Open Banking
The Path to Open BankingThe Path to Open Banking
The Path to Open BankingMuleSoft
 
Online payment gateway provider
Online payment gateway providerOnline payment gateway provider
Online payment gateway providerPayment Gateways
 
Open Banking - The Digital Transformation Opportunity in Disguise
Open Banking - The Digital Transformation Opportunity in Disguise Open Banking - The Digital Transformation Opportunity in Disguise
Open Banking - The Digital Transformation Opportunity in Disguise WSO2
 
An Introduction to Open Banking (PSD2)
An Introduction to Open Banking (PSD2)An Introduction to Open Banking (PSD2)
An Introduction to Open Banking (PSD2)Paul Ark (Polapat Arkkrapridi)
 

Recommended

Open Banking APIs on AWS
Open Banking APIs on AWSOpen Banking APIs on AWS
Open Banking APIs on AWSAmazon Web Services
 
DBX Open Banking
DBX Open BankingDBX Open Banking
DBX Open BankingBase Camp
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a serviceAmazon Web Services
 
Open Banking via API Connect & DataPower
Open Banking via API Connect & DataPowerOpen Banking via API Connect & DataPower
Open Banking via API Connect & DataPowerIBM DataPower Gateway
 
The Path to Open Banking
The Path to Open BankingThe Path to Open Banking
The Path to Open BankingMuleSoft
 
Online payment gateway provider
Online payment gateway providerOnline payment gateway provider
Online payment gateway providerPayment Gateways
 
Open Banking - The Digital Transformation Opportunity in Disguise
Open Banking - The Digital Transformation Opportunity in Disguise Open Banking - The Digital Transformation Opportunity in Disguise
Open Banking - The Digital Transformation Opportunity in Disguise WSO2
 
An Introduction to Open Banking (PSD2)
An Introduction to Open Banking (PSD2)An Introduction to Open Banking (PSD2)
An Introduction to Open Banking (PSD2)Paul Ark (Polapat Arkkrapridi)
 
Open Banking - Opening the door to Digital Transformation
Open Banking - Opening the door to Digital Transformation Open Banking - Opening the door to Digital Transformation
Open Banking - Opening the door to Digital Transformation WSO2
 
APIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIs
APIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIsAPIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIs
APIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIsJeremy Brown
 
Deploying Open Banking APIs on AWS
Deploying Open Banking APIs on AWSDeploying Open Banking APIs on AWS
Deploying Open Banking APIs on AWSAmazon Web Services
 
Open banking [Evolution, Risks & Opportunities]
Open banking [Evolution, Risks & Opportunities]Open banking [Evolution, Risks & Opportunities]
Open banking [Evolution, Risks & Opportunities]Kannan Srinivasan
 
How Banking as a Service Will Keep Banks Digitally Relevant and Growing
How Banking as a Service Will Keep Banks Digitally Relevant and GrowingHow Banking as a Service Will Keep Banks Digitally Relevant and Growing
How Banking as a Service Will Keep Banks Digitally Relevant and GrowingCognizant
 
Open Banking on AWS
Open Banking on AWSOpen Banking on AWS
Open Banking on AWSAmazon Web Services
 
Demystifying Open Banking
Demystifying Open BankingDemystifying Open Banking
Demystifying Open Bankingaccenture
 
UKCCC: Open Banking Introduction
UKCCC: Open Banking IntroductionUKCCC: Open Banking Introduction
UKCCC: Open Banking IntroductionFreddy Kelly
 
BIAN Applied to Open Banking - Thoughts on Architecture and Implementation
BIAN Applied to Open Banking - Thoughts on Architecture and ImplementationBIAN Applied to Open Banking - Thoughts on Architecture and Implementation
BIAN Applied to Open Banking - Thoughts on Architecture and ImplementationBiao Hao
 
Open banking-Future of Banking
Open banking-Future of BankingOpen banking-Future of Banking
Open banking-Future of Bankingfarhan ali
 
apidays LIVE Singapore - Open Banking: A foundation for the new world by Bhar...
apidays LIVE Singapore - Open Banking: A foundation for the new world by Bhar...apidays LIVE Singapore - Open Banking: A foundation for the new world by Bhar...
apidays LIVE Singapore - Open Banking: A foundation for the new world by Bhar...apidays
 
APIs as a new Banking Channel
APIs as a new Banking ChannelAPIs as a new Banking Channel
APIs as a new Banking ChannelPaymentComponents
 
Banking is Now More Open: Open Banking Update
Banking is Now More Open: Open Banking UpdateBanking is Now More Open: Open Banking Update
Banking is Now More Open: Open Banking UpdateMikeLeszcz
 
Open Banking Report Executive Summary
Open Banking Report Executive SummaryOpen Banking Report Executive Summary
Open Banking Report Executive SummaryMEDICI Inner Circle
 
Global Payment System- Reference Architecture
Global Payment System- Reference ArchitectureGlobal Payment System- Reference Architecture
Global Payment System- Reference ArchitectureRamadas MV
 
Transforming Consumer Banking with a 100% Cloud-Based Bank (FSV204) - AWS re:...
Transforming Consumer Banking with a 100% Cloud-Based Bank (FSV204) - AWS re:...Transforming Consumer Banking with a 100% Cloud-Based Bank (FSV204) - AWS re:...
Transforming Consumer Banking with a 100% Cloud-Based Bank (FSV204) - AWS re:...Amazon Web Services
 
Global Payment Reference Architecture
Global Payment Reference ArchitectureGlobal Payment Reference Architecture
Global Payment Reference ArchitectureRamadas MV
 
Payment Gateway Integration: Growth Strategy for SAAS
Payment Gateway Integration: Growth Strategy for SAASPayment Gateway Integration: Growth Strategy for SAAS
Payment Gateway Integration: Growth Strategy for SAASWayne Akey
 
Loan Origination Reference Architecture Deep Dive
Loan Origination Reference Architecture Deep DiveLoan Origination Reference Architecture Deep Dive
Loan Origination Reference Architecture Deep DiveMike Walker
 
Chase Bank Digital Strategy
Chase Bank Digital Strategy Chase Bank Digital Strategy
Chase Bank Digital Strategy Sierra Resovsky
 
Aws auditing security_checklist
Aws auditing security_checklistAws auditing security_checklist
Aws auditing security_checklistsaifam
 
Aws principle services: IAM,VPC, EC2, Cloudwatch
Aws principle services: IAM,VPC, EC2, CloudwatchAws principle services: IAM,VPC, EC2, Cloudwatch
Aws principle services: IAM,VPC, EC2, Cloudwatchsawsan slii
 

More Related Content

What's hot

Open Banking - Opening the door to Digital Transformation
Open Banking - Opening the door to Digital Transformation Open Banking - Opening the door to Digital Transformation
Open Banking - Opening the door to Digital Transformation WSO2
 
APIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIs
APIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIsAPIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIs
APIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIsJeremy Brown
 
Deploying Open Banking APIs on AWS
Deploying Open Banking APIs on AWSDeploying Open Banking APIs on AWS
Deploying Open Banking APIs on AWSAmazon Web Services
 
Open banking [Evolution, Risks & Opportunities]
Open banking [Evolution, Risks & Opportunities]Open banking [Evolution, Risks & Opportunities]
Open banking [Evolution, Risks & Opportunities]Kannan Srinivasan
 
How Banking as a Service Will Keep Banks Digitally Relevant and Growing
How Banking as a Service Will Keep Banks Digitally Relevant and GrowingHow Banking as a Service Will Keep Banks Digitally Relevant and Growing
How Banking as a Service Will Keep Banks Digitally Relevant and GrowingCognizant
 
Demystifying Open Banking
Demystifying Open BankingDemystifying Open Banking
Demystifying Open Bankingaccenture
 
UKCCC: Open Banking Introduction
UKCCC: Open Banking IntroductionUKCCC: Open Banking Introduction
UKCCC: Open Banking IntroductionFreddy Kelly
 
BIAN Applied to Open Banking - Thoughts on Architecture and Implementation
BIAN Applied to Open Banking - Thoughts on Architecture and ImplementationBIAN Applied to Open Banking - Thoughts on Architecture and Implementation
BIAN Applied to Open Banking - Thoughts on Architecture and ImplementationBiao Hao
 
Open banking-Future of Banking
Open banking-Future of BankingOpen banking-Future of Banking
Open banking-Future of Bankingfarhan ali
 
apidays LIVE Singapore - Open Banking: A foundation for the new world by Bhar...
apidays LIVE Singapore - Open Banking: A foundation for the new world by Bhar...apidays LIVE Singapore - Open Banking: A foundation for the new world by Bhar...
apidays LIVE Singapore - Open Banking: A foundation for the new world by Bhar...apidays
 
APIs as a new Banking Channel
APIs as a new Banking ChannelAPIs as a new Banking Channel
APIs as a new Banking ChannelPaymentComponents
 
Banking is Now More Open: Open Banking Update
Banking is Now More Open: Open Banking UpdateBanking is Now More Open: Open Banking Update
Banking is Now More Open: Open Banking UpdateMikeLeszcz
 
Open Banking Report Executive Summary
Open Banking Report Executive SummaryOpen Banking Report Executive Summary
Open Banking Report Executive SummaryMEDICI Inner Circle
 
Global Payment System- Reference Architecture
Global Payment System- Reference ArchitectureGlobal Payment System- Reference Architecture
Global Payment System- Reference ArchitectureRamadas MV
 
Transforming Consumer Banking with a 100% Cloud-Based Bank (FSV204) - AWS re:...
Transforming Consumer Banking with a 100% Cloud-Based Bank (FSV204) - AWS re:...Transforming Consumer Banking with a 100% Cloud-Based Bank (FSV204) - AWS re:...
Transforming Consumer Banking with a 100% Cloud-Based Bank (FSV204) - AWS re:...Amazon Web Services
 
Global Payment Reference Architecture
Global Payment Reference ArchitectureGlobal Payment Reference Architecture
Global Payment Reference ArchitectureRamadas MV
 
Payment Gateway Integration: Growth Strategy for SAAS
Payment Gateway Integration: Growth Strategy for SAASPayment Gateway Integration: Growth Strategy for SAAS
Payment Gateway Integration: Growth Strategy for SAASWayne Akey
 
Loan Origination Reference Architecture Deep Dive
Loan Origination Reference Architecture Deep DiveLoan Origination Reference Architecture Deep Dive
Loan Origination Reference Architecture Deep DiveMike Walker
 
Chase Bank Digital Strategy
Chase Bank Digital Strategy Chase Bank Digital Strategy
Chase Bank Digital Strategy Sierra Resovsky
 

What's hot (20)

Open Banking - Opening the door to Digital Transformation
Open Banking - Opening the door to Digital Transformation Open Banking - Opening the door to Digital Transformation
Open Banking - Opening the door to Digital Transformation
 
APIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIs
APIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIsAPIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIs
APIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIs
 
Deploying Open Banking APIs on AWS
Deploying Open Banking APIs on AWSDeploying Open Banking APIs on AWS
Deploying Open Banking APIs on AWS
 
Open banking [Evolution, Risks & Opportunities]
Open banking [Evolution, Risks & Opportunities]Open banking [Evolution, Risks & Opportunities]
Open banking [Evolution, Risks & Opportunities]
 
How Banking as a Service Will Keep Banks Digitally Relevant and Growing
How Banking as a Service Will Keep Banks Digitally Relevant and GrowingHow Banking as a Service Will Keep Banks Digitally Relevant and Growing
How Banking as a Service Will Keep Banks Digitally Relevant and Growing
 
Open Banking on AWS
Open Banking on AWSOpen Banking on AWS
Open Banking on AWS
 
Demystifying Open Banking
Demystifying Open BankingDemystifying Open Banking
Demystifying Open Banking
 
UKCCC: Open Banking Introduction
UKCCC: Open Banking IntroductionUKCCC: Open Banking Introduction
UKCCC: Open Banking Introduction
 
BIAN Applied to Open Banking - Thoughts on Architecture and Implementation
BIAN Applied to Open Banking - Thoughts on Architecture and ImplementationBIAN Applied to Open Banking - Thoughts on Architecture and Implementation
BIAN Applied to Open Banking - Thoughts on Architecture and Implementation
 
Open banking-Future of Banking
Open banking-Future of BankingOpen banking-Future of Banking
Open banking-Future of Banking
 
apidays LIVE Singapore - Open Banking: A foundation for the new world by Bhar...
apidays LIVE Singapore - Open Banking: A foundation for the new world by Bhar...apidays LIVE Singapore - Open Banking: A foundation for the new world by Bhar...
apidays LIVE Singapore - Open Banking: A foundation for the new world by Bhar...
 
APIs as a new Banking Channel
APIs as a new Banking ChannelAPIs as a new Banking Channel
APIs as a new Banking Channel
 
Banking is Now More Open: Open Banking Update
Banking is Now More Open: Open Banking UpdateBanking is Now More Open: Open Banking Update
Banking is Now More Open: Open Banking Update
 
Open Banking Report Executive Summary
Open Banking Report Executive SummaryOpen Banking Report Executive Summary
Open Banking Report Executive Summary
 
Global Payment System- Reference Architecture
Global Payment System- Reference ArchitectureGlobal Payment System- Reference Architecture
Global Payment System- Reference Architecture
 
Transforming Consumer Banking with a 100% Cloud-Based Bank (FSV204) - AWS re:...
Transforming Consumer Banking with a 100% Cloud-Based Bank (FSV204) - AWS re:...Transforming Consumer Banking with a 100% Cloud-Based Bank (FSV204) - AWS re:...
Transforming Consumer Banking with a 100% Cloud-Based Bank (FSV204) - AWS re:...
 
Global Payment Reference Architecture
Global Payment Reference ArchitectureGlobal Payment Reference Architecture
Global Payment Reference Architecture
 
Payment Gateway Integration: Growth Strategy for SAAS
Payment Gateway Integration: Growth Strategy for SAASPayment Gateway Integration: Growth Strategy for SAAS
Payment Gateway Integration: Growth Strategy for SAAS
 
Loan Origination Reference Architecture Deep Dive
Loan Origination Reference Architecture Deep DiveLoan Origination Reference Architecture Deep Dive
Loan Origination Reference Architecture Deep Dive
 
Chase Bank Digital Strategy
Chase Bank Digital Strategy Chase Bank Digital Strategy
Chase Bank Digital Strategy
 

Similar to open-banking-on-aws.pdf

Aws auditing security_checklist
Aws auditing security_checklistAws auditing security_checklist
Aws auditing security_checklistsaifam
 
Aws principle services: IAM,VPC, EC2, Cloudwatch
Aws principle services: IAM,VPC, EC2, CloudwatchAws principle services: IAM,VPC, EC2, Cloudwatch
Aws principle services: IAM,VPC, EC2, Cloudwatchsawsan slii
 
Architecture blockchain-azure
Architecture blockchain-azureArchitecture blockchain-azure
Architecture blockchain-azureTonyEsposito19
 
Nurturing a large GST ecosystem on AWS - Anil Sharma, Chicago
Nurturing a large GST ecosystem on AWS - Anil Sharma, ChicagoNurturing a large GST ecosystem on AWS - Anil Sharma, Chicago
Nurturing a large GST ecosystem on AWS - Anil Sharma, ChicagoAWS Chicago
 
Buy Amazon AWS Accounts .pdf
Buy Amazon AWS Accounts .pdfBuy Amazon AWS Accounts .pdf
Buy Amazon AWS Accounts .pdfHarry Clark Clark
 
Api gateway-security
Api gateway-securityApi gateway-security
Api gateway-securityKali860857
 
50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf
50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf
50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdfDatacademy.ai
 
CLOUD COMPUTING.pptx
CLOUD COMPUTING.pptxCLOUD COMPUTING.pptx
CLOUD COMPUTING.pptxghadiv05
 
What’s New with AWS Mobile Services
What’s New with AWS Mobile ServicesWhat’s New with AWS Mobile Services
What’s New with AWS Mobile ServicesAmazon Web Services
 
How To Build Credit Card Payment Processing Platform on AWS?
How To Build Credit Card Payment Processing Platform on AWS?How To Build Credit Card Payment Processing Platform on AWS?
How To Build Credit Card Payment Processing Platform on AWS?itio Innovex Pvt Ltv
 
Secured Hosting of PCI DSS Compliant Web Applications on AWS
Secured Hosting of PCI DSS Compliant Web Applications on AWSSecured Hosting of PCI DSS Compliant Web Applications on AWS
Secured Hosting of PCI DSS Compliant Web Applications on AWSGaurav "GP" Pal
 
building-a-scalable-and-secure-multi-vpc-aws-network-infrastructure.pdf
building-a-scalable-and-secure-multi-vpc-aws-network-infrastructure.pdfbuilding-a-scalable-and-secure-multi-vpc-aws-network-infrastructure.pdf
building-a-scalable-and-secure-multi-vpc-aws-network-infrastructure.pdfVadimKadnikov1
 
Case study on Cloud Platforms
Case study on Cloud PlatformsCase study on Cloud Platforms
Case study on Cloud Platformsnik_053
 
50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf
50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf
50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdfDatacademy.ai
 
Cloud computing - Compute,Storage,Networking & Security
Cloud computing - Compute,Storage,Networking & SecurityCloud computing - Compute,Storage,Networking & Security
Cloud computing - Compute,Storage,Networking & SecurityNantha Kumar Rajasekaren
 
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...Amazon Web Services
 

Similar to open-banking-on-aws.pdf (20)

Aws auditing security_checklist
Aws auditing security_checklistAws auditing security_checklist
Aws auditing security_checklist
 
Aws principle services: IAM,VPC, EC2, Cloudwatch
Aws principle services: IAM,VPC, EC2, CloudwatchAws principle services: IAM,VPC, EC2, Cloudwatch
Aws principle services: IAM,VPC, EC2, Cloudwatch
 
Tcp security white paper
Tcp security white paperTcp security white paper
Tcp security white paper
 
Architecture blockchain-azure
Architecture blockchain-azureArchitecture blockchain-azure
Architecture blockchain-azure
 
Nurturing a large GST ecosystem on AWS - Anil Sharma, Chicago
Nurturing a large GST ecosystem on AWS - Anil Sharma, ChicagoNurturing a large GST ecosystem on AWS - Anil Sharma, Chicago
Nurturing a large GST ecosystem on AWS - Anil Sharma, Chicago
 
Buy Amazon AWS Accounts .pdf
Buy Amazon AWS Accounts .pdfBuy Amazon AWS Accounts .pdf
Buy Amazon AWS Accounts .pdf
 
Api gateway-security
Api gateway-securityApi gateway-security
Api gateway-security
 
50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf
50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf
50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf
 
CLOUD COMPUTING.pptx
CLOUD COMPUTING.pptxCLOUD COMPUTING.pptx
CLOUD COMPUTING.pptx
 
What’s New with AWS Mobile Services
What’s New with AWS Mobile ServicesWhat’s New with AWS Mobile Services
What’s New with AWS Mobile Services
 
How To Build Credit Card Payment Processing Platform on AWS?
How To Build Credit Card Payment Processing Platform on AWS?How To Build Credit Card Payment Processing Platform on AWS?
How To Build Credit Card Payment Processing Platform on AWS?
 
Secured Hosting of PCI DSS Compliant Web Applications on AWS
Secured Hosting of PCI DSS Compliant Web Applications on AWSSecured Hosting of PCI DSS Compliant Web Applications on AWS
Secured Hosting of PCI DSS Compliant Web Applications on AWS
 
building-a-scalable-and-secure-multi-vpc-aws-network-infrastructure.pdf
building-a-scalable-and-secure-multi-vpc-aws-network-infrastructure.pdfbuilding-a-scalable-and-secure-multi-vpc-aws-network-infrastructure.pdf
building-a-scalable-and-secure-multi-vpc-aws-network-infrastructure.pdf
 
Amazon web services aws
Amazon web services awsAmazon web services aws
Amazon web services aws
 
AWSome Day Helsinki Training
AWSome Day Helsinki TrainingAWSome Day Helsinki Training
AWSome Day Helsinki Training
 
Case study on Cloud Platforms
Case study on Cloud PlatformsCase study on Cloud Platforms
Case study on Cloud Platforms
 
50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf
50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf
50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf
 
Microservice architecture-api-gateway-considerations
Microservice architecture-api-gateway-considerationsMicroservice architecture-api-gateway-considerations
Microservice architecture-api-gateway-considerations
 
Cloud computing - Compute,Storage,Networking & Security
Cloud computing - Compute,Storage,Networking & SecurityCloud computing - Compute,Storage,Networking & Security
Cloud computing - Compute,Storage,Networking & Security
 
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
 

Recently uploaded

Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝soniya singh
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
Introduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptxIntroduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptxvipinkmenon1
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfAsst.prof M.Gokilavani
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2RajaP95
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionDr.Costas Sachpazis
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...srsj9000
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girlsssuser7cb4ff
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxDeepakSakkari2
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxbritheesh05
 

Recently uploaded (20)

Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
Introduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptxIntroduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptx
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girls
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptx
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptx
 

open-banking-on-aws.pdf

  • 1. Reviewed for technical accuracy September 7, 2021 © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Reference Architecture 2 Open Banking on AWS Use Amazon Web Services to open APIs for third parties and help you implement Open Banking regulations. 1 Overview A consumer accesses the licensed or accredited third party application - and provides consent to the third party to access consumer data or make a payment submission request. Third parties in Open Banking can be defined as authorized institutions that provide value-added services on top of the consumer’s regular banking needs, such as accounts information (balance check, recent transactions, statements) and payments (payment to merchants, people and registered payees). This approach enables use cases such as spend analysis, credit decisioning, payments for ecommerce transactions, and more. A Trust Service Provider (TSP) is a trusted entity authorized by a supervisory government body to verify the authenticity of banks and third parties, and issue digital certificates to third parties. A bank's IT environment, comprised of its AWS environment and data centers. 4 3 1 2 4 3
  • 2. Reviewed for technical accuracy September 7, 2021 © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Reference Architecture Open Banking on AWS Use Amazon Web Services to open APIs for third parties and help you implement Open Banking regulations. 2 1 Streaming technologies such as Apache Kafka and queueing mechanisms like message queue (MQ) send and receive all new and updated transactions between the core banking systems and AWS. The bank’s data center is connected to AWS using a combination of AWS Direct Connect and AWS Site-to- Site VPN. Two diverse AWS Direct Connect connections are recommended for maximum resiliency. AWS Transit Gateway serves as the central hub on AWS to manage interconnectivity between workloads running in different AWS accounts. It shares the AWS Direct Connect and VPN connection with other workloads in the bank. An outbound VPC provides secure outbound access via a proxy, such as Squid. Mutual TLS (mTLS) provides transport layer security; banks authenticate accredited third parties and provide access tokens to them for calling Open Banking APIs. Amazon API Gateway provides the API management layer that exposes open banking APIs and Authorization APIs. AWS WAF (Web Application Firewall) integrates with the API Gateway for web protection. Amazon Simple Storage Service (Amazon S3) serves as a trust store, where public certificates of clients are stored for validating requests by API Gateway. Additionally, banks perform checks against a TSP to validate the authenticity and status of third parties. API Gateway uses a private integration VPC and AWS PrivateLink to connect to the private subnets hosting microservices in other AWS accounts. Amazon Route 53 provides traffic management and domain name resolution. Amazon CloudFront provides a content delivery network (CDN) that banks can use for exposing static data. AWS Shield (automatically available with CloudFront) protects against L3/L4 DDoS. AWS Shield Advanced (requires sign up) gives additional protection. 4 3 5 6 7 8 Description (Part 1 of 2) 1 2 3 4 8 5 6 7
  • 3. Reviewed for technical accuracy September 7, 2021 © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Reference Architecture Open Banking on AWS Use Amazon Web Services to open APIs for Third-parties and help you implement Open Banking regulations. 9 AWS PrivateLink provides secure private connectivity on the Amazon network between VPCs and services hosted on AWS or on-premises. Open Banking API specifications for Account Information and Payments services are implemented using multiple container-based microservices hosted using Amazon Elastic Container Service (Amazon ECS) with AWS Fargate. Caching of customer account information is done using Amazon ElastiCache. Webhooks for payment status are hosted in this layer. Amazon DynamoDB stores consumer consents, aggregated data, and API performance metrics. Amazon Relational Database Service (Amazon RDS) holds a copy of the system of record which is synchronized in near real-time from the bank’s core system. Identity provider (IdP) for OAuth 2.0 implementation resides in separate AWS account so that other workloads in the bank can consume it securely. Customers can choose from AWS partners that provide IdP functionality or build a custom IdP. A separate developer sandbox is required for the third party to integrate with the bank’s AWS environment and build their products. AWS security services help enhance security posture. For example, Amazon GuardDuty monitors for malicious activity and unauthorized behavior; AWS Security Hub provides a comprehensive view of security alerts and security posture across AWS accounts. For more guidance, see Best Practices for Security, Identity & Compliance. Logs from all services are collected in Amazon S3 then analyzed and monitored by Amazon Elasticsearch Service. Management tools like AWS Systems Manager provide configuration management; AWS CloudFormation deploys environment; AWS code services enable CI/CD. Amazon EventBridge, Amazon Simple Queue Service (Amazon SQS), and Amazon Simple Notification Service (Amazon SNS) provide notification capability between services. 12 11 13 14 15 16 Description (Part 2 of 2) 17 18 9 10 13 14 11 12 15 16 17 18 10