SlideShare a Scribd company logo

open-banking-on-aws.pdf

S
ssuser36a70f

Aws open banking design

Engineering
1 of 3
Download to read offline
Reviewed for technical accuracy September 7, 2021 © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Reference Architecture 2 Open Banking on AWS Use Amazon Web Services to open APIs for third parties and help you implement Open Banking regulations. 1 Overview A consumer accesses the licensed or accredited third party application - and provides consent to the third party to access consumer data or make a payment submission request. Third parties in Open Banking can be defined as authorized institutions that provide value-added services on top of the consumer’s regular banking needs, such as accounts information (balance check, recent transactions, statements) and payments (payment to merchants, people and registered payees). This approach enables use cases such as spend analysis, credit decisioning, payments for ecommerce transactions, and more. A Trust Service Provider (TSP) is a trusted entity authorized by a supervisory government body to verify the authenticity of banks and third parties, and issue digital certificates to third parties. A bank's IT environment, comprised of its AWS environment and data centers. 4 3 1 2 4 3
Reviewed for technical accuracy September 7, 2021 © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Reference Architecture Open Banking on AWS Use Amazon Web Services to open APIs for third parties and help you implement Open Banking regulations. 2 1 Streaming technologies such as Apache Kafka and queueing mechanisms like message queue (MQ) send and receive all new and updated transactions between the core banking systems and AWS. The bank’s data center is connected to AWS using a combination of AWS Direct Connect and AWS Site-to- Site VPN. Two diverse AWS Direct Connect connections are recommended for maximum resiliency. AWS Transit Gateway serves as the central hub on AWS to manage interconnectivity between workloads running in different AWS accounts. It shares the AWS Direct Connect and VPN connection with other workloads in the bank. An outbound VPC provides secure outbound access via a proxy, such as Squid. Mutual TLS (mTLS) provides transport layer security; banks authenticate accredited third parties and provide access tokens to them for calling Open Banking APIs. Amazon API Gateway provides the API management layer that exposes open banking APIs and Authorization APIs. AWS WAF (Web Application Firewall) integrates with the API Gateway for web protection. Amazon Simple Storage Service (Amazon S3) serves as a trust store, where public certificates of clients are stored for validating requests by API Gateway. Additionally, banks perform checks against a TSP to validate the authenticity and status of third parties. API Gateway uses a private integration VPC and AWS PrivateLink to connect to the private subnets hosting microservices in other AWS accounts. Amazon Route 53 provides traffic management and domain name resolution. Amazon CloudFront provides a content delivery network (CDN) that banks can use for exposing static data. AWS Shield (automatically available with CloudFront) protects against L3/L4 DDoS. AWS Shield Advanced (requires sign up) gives additional protection. 4 3 5 6 7 8 Description (Part 1 of 2) 1 2 3 4 8 5 6 7
Reviewed for technical accuracy September 7, 2021 © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Reference Architecture Open Banking on AWS Use Amazon Web Services to open APIs for Third-parties and help you implement Open Banking regulations. 9 AWS PrivateLink provides secure private connectivity on the Amazon network between VPCs and services hosted on AWS or on-premises. Open Banking API specifications for Account Information and Payments services are implemented using multiple container-based microservices hosted using Amazon Elastic Container Service (Amazon ECS) with AWS Fargate. Caching of customer account information is done using Amazon ElastiCache. Webhooks for payment status are hosted in this layer. Amazon DynamoDB stores consumer consents, aggregated data, and API performance metrics. Amazon Relational Database Service (Amazon RDS) holds a copy of the system of record which is synchronized in near real-time from the bank’s core system. Identity provider (IdP) for OAuth 2.0 implementation resides in separate AWS account so that other workloads in the bank can consume it securely. Customers can choose from AWS partners that provide IdP functionality or build a custom IdP. A separate developer sandbox is required for the third party to integrate with the bank’s AWS environment and build their products. AWS security services help enhance security posture. For example, Amazon GuardDuty monitors for malicious activity and unauthorized behavior; AWS Security Hub provides a comprehensive view of security alerts and security posture across AWS accounts. For more guidance, see Best Practices for Security, Identity & Compliance. Logs from all services are collected in Amazon S3 then analyzed and monitored by Amazon Elasticsearch Service. Management tools like AWS Systems Manager provide configuration management; AWS CloudFormation deploys environment; AWS code services enable CI/CD. Amazon EventBridge, Amazon Simple Queue Service (Amazon SQS), and Amazon Simple Notification Service (Amazon SNS) provide notification capability between services. 12 11 13 14 15 16 Description (Part 2 of 2) 17 18 9 10 13 14 11 12 15 16 17 18 10

Recommended

The Path to Open Banking
The Path to Open BankingThe Path to Open Banking
The Path to Open Banking
MuleSoft
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
Amazon Web Services
 
Global Open Banking Landscape
Global Open Banking LandscapeGlobal Open Banking Landscape
Global Open Banking Landscape
Biao Hao
 
Banking is Now More Open: Open Banking Update
Banking is Now More Open: Open Banking UpdateBanking is Now More Open: Open Banking Update
Banking is Now More Open: Open Banking Update
MikeLeszcz
 
DBX Open Banking
DBX Open BankingDBX Open Banking
DBX Open Banking
Base Camp
 
Open banking-Future of Banking
Open banking-Future of BankingOpen banking-Future of Banking
Open banking-Future of Banking
farhan ali
 
Global Payment System- Reference Architecture
Global Payment System- Reference ArchitectureGlobal Payment System- Reference Architecture
Global Payment System- Reference Architecture
Ramadas MV
 
Open banking [Evolution, Risks & Opportunities]
Open banking [Evolution, Risks & Opportunities]Open banking [Evolution, Risks & Opportunities]
Open banking [Evolution, Risks & Opportunities]
Kannan Srinivasan
 

Recommended

The Path to Open Banking
The Path to Open BankingThe Path to Open Banking
The Path to Open Banking
MuleSoft
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
Amazon Web Services
 
Global Open Banking Landscape
Global Open Banking LandscapeGlobal Open Banking Landscape
Global Open Banking Landscape
Biao Hao
 
Banking is Now More Open: Open Banking Update
Banking is Now More Open: Open Banking UpdateBanking is Now More Open: Open Banking Update
Banking is Now More Open: Open Banking Update
MikeLeszcz
 
DBX Open Banking
DBX Open BankingDBX Open Banking
DBX Open Banking
Base Camp
 
Open banking-Future of Banking
Open banking-Future of BankingOpen banking-Future of Banking
Open banking-Future of Banking
farhan ali
 
Global Payment System- Reference Architecture
Global Payment System- Reference ArchitectureGlobal Payment System- Reference Architecture
Global Payment System- Reference Architecture
Ramadas MV
 
Open banking [Evolution, Risks & Opportunities]
Open banking [Evolution, Risks & Opportunities]Open banking [Evolution, Risks & Opportunities]
Open banking [Evolution, Risks & Opportunities]
Kannan Srinivasan
 
Demystifying Open Banking
Demystifying Open BankingDemystifying Open Banking
Demystifying Open Banking
accenture
 
How Banking as a Service Will Keep Banks Digitally Relevant and Growing
How Banking as a Service Will Keep Banks Digitally Relevant and GrowingHow Banking as a Service Will Keep Banks Digitally Relevant and Growing
How Banking as a Service Will Keep Banks Digitally Relevant and Growing
Cognizant
 
Open Banking - Opening the door to Digital Transformation
Open Banking - Opening the door to Digital Transformation Open Banking - Opening the door to Digital Transformation
Open Banking - Opening the door to Digital Transformation
WSO2
 
Global Payment Reference Architecture
Global Payment Reference ArchitectureGlobal Payment Reference Architecture
Global Payment Reference Architecture
Ramadas MV
 
Open Banking Report Executive Summary
Open Banking Report Executive SummaryOpen Banking Report Executive Summary
Open Banking Report Executive Summary
MEDICI Inner Circle
 
An Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking ArchitectureAn Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking Architecture
WSO2
 
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...
apidays
 
Banking as a Service (download)
Banking as a Service (download)Banking as a Service (download)
Banking as a Service (download)
Chris Skinner
 
SAP grc
SAP grc SAP grc
SAP grc
smadhu29
 
Banking as a Service - An Overview
Banking as a Service - An OverviewBanking as a Service - An Overview
Banking as a Service - An Overview
Srini Peyyalamitta
 
Open Banking APIs on AWS
Open Banking APIs on AWSOpen Banking APIs on AWS
Open Banking APIs on AWS
Amazon Web Services
 
Open Banking APIs with case studies for senior stakeholders
Open Banking APIs with case studies for senior stakeholdersOpen Banking APIs with case studies for senior stakeholders
Open Banking APIs with case studies for senior stakeholders
Mimi Ajayi, PMC
 
Open Banking - The Digital Transformation Opportunity in Disguise
Open Banking - The Digital Transformation Opportunity in Disguise Open Banking - The Digital Transformation Opportunity in Disguise
Open Banking - The Digital Transformation Opportunity in Disguise
WSO2
 
Deploying Open Banking APIs on AWS
Deploying Open Banking APIs on AWSDeploying Open Banking APIs on AWS
Deploying Open Banking APIs on AWS
Amazon Web Services
 
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
apidays
 
The Power Of Open Banking Coupled With Artificial Intelligence
The Power Of Open Banking Coupled With Artificial IntelligenceThe Power Of Open Banking Coupled With Artificial Intelligence
The Power Of Open Banking Coupled With Artificial Intelligence
IndusNetMarketing
 
Webinar: Practical use-cases to monetize Open Banking APIs
Webinar: Practical use-cases to monetize Open Banking APIsWebinar: Practical use-cases to monetize Open Banking APIs
Webinar: Practical use-cases to monetize Open Banking APIs
ShubaS4
 
BIAN Applied to Open Banking - Thoughts on Architecture and Implementation
BIAN Applied to Open Banking - Thoughts on Architecture and ImplementationBIAN Applied to Open Banking - Thoughts on Architecture and Implementation
BIAN Applied to Open Banking - Thoughts on Architecture and Implementation
Biao Hao
 
System architecture for central banks
System architecture for central banksSystem architecture for central banks
System architecture for central banks
Jean-Marc Lepain
 
API Management - Why it matters!
API Management - Why it matters!API Management - Why it matters!
API Management - Why it matters!
Sven Bernhardt
 
Aws auditing security_checklist
Aws auditing security_checklistAws auditing security_checklist
Aws auditing security_checklist
saifam
 
Aws principle services: IAM,VPC, EC2, Cloudwatch
Aws principle services: IAM,VPC, EC2, CloudwatchAws principle services: IAM,VPC, EC2, Cloudwatch
Aws principle services: IAM,VPC, EC2, Cloudwatch
sawsan slii
 

More Related Content

What's hot

An Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking ArchitectureAn Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking Architecture
WSO2
 
System architecture for central banks
System architecture for central banksSystem architecture for central banks
System architecture for central banks
Jean-Marc Lepain
 
API Management - Why it matters!
API Management - Why it matters!API Management - Why it matters!
API Management - Why it matters!
Sven Bernhardt
 

What's hot (20)

Demystifying Open Banking
Demystifying Open BankingDemystifying Open Banking
Demystifying Open Banking
 
How Banking as a Service Will Keep Banks Digitally Relevant and Growing
How Banking as a Service Will Keep Banks Digitally Relevant and GrowingHow Banking as a Service Will Keep Banks Digitally Relevant and Growing
How Banking as a Service Will Keep Banks Digitally Relevant and Growing
 
Open Banking - Opening the door to Digital Transformation
Open Banking - Opening the door to Digital Transformation Open Banking - Opening the door to Digital Transformation
Open Banking - Opening the door to Digital Transformation
 
Global Payment Reference Architecture
Global Payment Reference ArchitectureGlobal Payment Reference Architecture
Global Payment Reference Architecture
 
Open Banking Report Executive Summary
Open Banking Report Executive SummaryOpen Banking Report Executive Summary
Open Banking Report Executive Summary
 
An Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking ArchitectureAn Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking Architecture
 
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...
apidays LIVE LONDON - How APIs are changing the fintech world by Chirine Ben...
 
Banking as a Service (download)
Banking as a Service (download)Banking as a Service (download)
Banking as a Service (download)
 
SAP grc
SAP grc SAP grc
SAP grc
 
Banking as a Service - An Overview
Banking as a Service - An OverviewBanking as a Service - An Overview
Banking as a Service - An Overview
 
Open Banking APIs on AWS
Open Banking APIs on AWSOpen Banking APIs on AWS
Open Banking APIs on AWS
 
Open Banking APIs with case studies for senior stakeholders
Open Banking APIs with case studies for senior stakeholdersOpen Banking APIs with case studies for senior stakeholders
Open Banking APIs with case studies for senior stakeholders
 
Open Banking - The Digital Transformation Opportunity in Disguise
Open Banking - The Digital Transformation Opportunity in Disguise Open Banking - The Digital Transformation Opportunity in Disguise
Open Banking - The Digital Transformation Opportunity in Disguise
 
Deploying Open Banking APIs on AWS
Deploying Open Banking APIs on AWSDeploying Open Banking APIs on AWS
Deploying Open Banking APIs on AWS
 
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
 
The Power Of Open Banking Coupled With Artificial Intelligence
The Power Of Open Banking Coupled With Artificial IntelligenceThe Power Of Open Banking Coupled With Artificial Intelligence
The Power Of Open Banking Coupled With Artificial Intelligence
 
Webinar: Practical use-cases to monetize Open Banking APIs
Webinar: Practical use-cases to monetize Open Banking APIsWebinar: Practical use-cases to monetize Open Banking APIs
Webinar: Practical use-cases to monetize Open Banking APIs
 
BIAN Applied to Open Banking - Thoughts on Architecture and Implementation
BIAN Applied to Open Banking - Thoughts on Architecture and ImplementationBIAN Applied to Open Banking - Thoughts on Architecture and Implementation
BIAN Applied to Open Banking - Thoughts on Architecture and Implementation
 
System architecture for central banks
System architecture for central banksSystem architecture for central banks
System architecture for central banks
 
API Management - Why it matters!
API Management - Why it matters!API Management - Why it matters!
API Management - Why it matters!
 

Similar to open-banking-on-aws.pdf

Aws auditing security_checklist
Aws auditing security_checklistAws auditing security_checklist
Aws auditing security_checklist
saifam
 
50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf
50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf
50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf
Datacademy.ai
 
Secured Hosting of PCI DSS Compliant Web Applications on AWS
Secured Hosting of PCI DSS Compliant Web Applications on AWSSecured Hosting of PCI DSS Compliant Web Applications on AWS
Secured Hosting of PCI DSS Compliant Web Applications on AWS
Gaurav "GP" Pal
 
50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf
50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf
50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf
Datacademy.ai
 
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
Amazon Web Services
 

Similar to open-banking-on-aws.pdf (20)

Aws auditing security_checklist
Aws auditing security_checklistAws auditing security_checklist
Aws auditing security_checklist
 
Aws principle services: IAM,VPC, EC2, Cloudwatch
Aws principle services: IAM,VPC, EC2, CloudwatchAws principle services: IAM,VPC, EC2, Cloudwatch
Aws principle services: IAM,VPC, EC2, Cloudwatch
 
Tcp security white paper
Tcp security white paperTcp security white paper
Tcp security white paper
 
Architecture blockchain-azure
Architecture blockchain-azureArchitecture blockchain-azure
Architecture blockchain-azure
 
Nurturing a large GST ecosystem on AWS - Anil Sharma, Chicago
Nurturing a large GST ecosystem on AWS - Anil Sharma, ChicagoNurturing a large GST ecosystem on AWS - Anil Sharma, Chicago
Nurturing a large GST ecosystem on AWS - Anil Sharma, Chicago
 
Buy Amazon AWS Accounts .pdf
Buy Amazon AWS Accounts .pdfBuy Amazon AWS Accounts .pdf
Buy Amazon AWS Accounts .pdf
 
Api gateway-security
Api gateway-securityApi gateway-security
Api gateway-security
 
50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf
50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf
50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf
 
CLOUD COMPUTING.pptx
CLOUD COMPUTING.pptxCLOUD COMPUTING.pptx
CLOUD COMPUTING.pptx
 
What’s New with AWS Mobile Services
What’s New with AWS Mobile ServicesWhat’s New with AWS Mobile Services
What’s New with AWS Mobile Services
 
How To Build Credit Card Payment Processing Platform on AWS?
How To Build Credit Card Payment Processing Platform on AWS?How To Build Credit Card Payment Processing Platform on AWS?
How To Build Credit Card Payment Processing Platform on AWS?
 
Secured Hosting of PCI DSS Compliant Web Applications on AWS
Secured Hosting of PCI DSS Compliant Web Applications on AWSSecured Hosting of PCI DSS Compliant Web Applications on AWS
Secured Hosting of PCI DSS Compliant Web Applications on AWS
 
building-a-scalable-and-secure-multi-vpc-aws-network-infrastructure.pdf
building-a-scalable-and-secure-multi-vpc-aws-network-infrastructure.pdfbuilding-a-scalable-and-secure-multi-vpc-aws-network-infrastructure.pdf
building-a-scalable-and-secure-multi-vpc-aws-network-infrastructure.pdf
 
Amazon web services aws
Amazon web services awsAmazon web services aws
Amazon web services aws
 
AWSome Day Helsinki Training
AWSome Day Helsinki TrainingAWSome Day Helsinki Training
AWSome Day Helsinki Training
 
Case study on Cloud Platforms
Case study on Cloud PlatformsCase study on Cloud Platforms
Case study on Cloud Platforms
 
50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf
50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf
50 Extraordinary AWS CloudWatch Interview Questions & Answers.pdf
 
Microservice architecture-api-gateway-considerations
Microservice architecture-api-gateway-considerationsMicroservice architecture-api-gateway-considerations
Microservice architecture-api-gateway-considerations
 
Cloud computing - Compute,Storage,Networking & Security
Cloud computing - Compute,Storage,Networking & SecurityCloud computing - Compute,Storage,Networking & Security
Cloud computing - Compute,Storage,Networking & Security
 
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
 

Recently uploaded

result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
Tonystark477637
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
ranjana rawat
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Call Girls in Nagpur High Profile
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Dr.Costas Sachpazis
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
ranjana rawat
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
ankushspencer015
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Call Girls in Nagpur High Profile
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls in Nagpur High Profile
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur High Profile
 

Recently uploaded (20)

result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTINGMANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 

open-banking-on-aws.pdf

  • 1. Reviewed for technical accuracy September 7, 2021 © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Reference Architecture 2 Open Banking on AWS Use Amazon Web Services to open APIs for third parties and help you implement Open Banking regulations. 1 Overview A consumer accesses the licensed or accredited third party application - and provides consent to the third party to access consumer data or make a payment submission request. Third parties in Open Banking can be defined as authorized institutions that provide value-added services on top of the consumer’s regular banking needs, such as accounts information (balance check, recent transactions, statements) and payments (payment to merchants, people and registered payees). This approach enables use cases such as spend analysis, credit decisioning, payments for ecommerce transactions, and more. A Trust Service Provider (TSP) is a trusted entity authorized by a supervisory government body to verify the authenticity of banks and third parties, and issue digital certificates to third parties. A bank's IT environment, comprised of its AWS environment and data centers. 4 3 1 2 4 3
  • 2. Reviewed for technical accuracy September 7, 2021 © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Reference Architecture Open Banking on AWS Use Amazon Web Services to open APIs for third parties and help you implement Open Banking regulations. 2 1 Streaming technologies such as Apache Kafka and queueing mechanisms like message queue (MQ) send and receive all new and updated transactions between the core banking systems and AWS. The bank’s data center is connected to AWS using a combination of AWS Direct Connect and AWS Site-to- Site VPN. Two diverse AWS Direct Connect connections are recommended for maximum resiliency. AWS Transit Gateway serves as the central hub on AWS to manage interconnectivity between workloads running in different AWS accounts. It shares the AWS Direct Connect and VPN connection with other workloads in the bank. An outbound VPC provides secure outbound access via a proxy, such as Squid. Mutual TLS (mTLS) provides transport layer security; banks authenticate accredited third parties and provide access tokens to them for calling Open Banking APIs. Amazon API Gateway provides the API management layer that exposes open banking APIs and Authorization APIs. AWS WAF (Web Application Firewall) integrates with the API Gateway for web protection. Amazon Simple Storage Service (Amazon S3) serves as a trust store, where public certificates of clients are stored for validating requests by API Gateway. Additionally, banks perform checks against a TSP to validate the authenticity and status of third parties. API Gateway uses a private integration VPC and AWS PrivateLink to connect to the private subnets hosting microservices in other AWS accounts. Amazon Route 53 provides traffic management and domain name resolution. Amazon CloudFront provides a content delivery network (CDN) that banks can use for exposing static data. AWS Shield (automatically available with CloudFront) protects against L3/L4 DDoS. AWS Shield Advanced (requires sign up) gives additional protection. 4 3 5 6 7 8 Description (Part 1 of 2) 1 2 3 4 8 5 6 7
  • 3. Reviewed for technical accuracy September 7, 2021 © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Reference Architecture Open Banking on AWS Use Amazon Web Services to open APIs for Third-parties and help you implement Open Banking regulations. 9 AWS PrivateLink provides secure private connectivity on the Amazon network between VPCs and services hosted on AWS or on-premises. Open Banking API specifications for Account Information and Payments services are implemented using multiple container-based microservices hosted using Amazon Elastic Container Service (Amazon ECS) with AWS Fargate. Caching of customer account information is done using Amazon ElastiCache. Webhooks for payment status are hosted in this layer. Amazon DynamoDB stores consumer consents, aggregated data, and API performance metrics. Amazon Relational Database Service (Amazon RDS) holds a copy of the system of record which is synchronized in near real-time from the bank’s core system. Identity provider (IdP) for OAuth 2.0 implementation resides in separate AWS account so that other workloads in the bank can consume it securely. Customers can choose from AWS partners that provide IdP functionality or build a custom IdP. A separate developer sandbox is required for the third party to integrate with the bank’s AWS environment and build their products. AWS security services help enhance security posture. For example, Amazon GuardDuty monitors for malicious activity and unauthorized behavior; AWS Security Hub provides a comprehensive view of security alerts and security posture across AWS accounts. For more guidance, see Best Practices for Security, Identity & Compliance. Logs from all services are collected in Amazon S3 then analyzed and monitored by Amazon Elasticsearch Service. Management tools like AWS Systems Manager provide configuration management; AWS CloudFormation deploys environment; AWS code services enable CI/CD. Amazon EventBridge, Amazon Simple Queue Service (Amazon SQS), and Amazon Simple Notification Service (Amazon SNS) provide notification capability between services. 12 11 13 14 15 16 Description (Part 2 of 2) 17 18 9 10 13 14 11 12 15 16 17 18 10