This Guidance uses Lambda, API Gateway, and Amazon SQS to implement a serverless approach that provides scalability, flexibility, and ease of maintenance. For example, Lambda right-sizes its functions based on the minimum amount of memory and CPU required to complete their tasks. If one function encounters an error or exception, Lambda sends the failed event to an Amazon SQS dead-letter queue for further investigation and troubleshooting. Additionally, Amazon CloudWatch provides critical monitoring for proactive issue detection and resolution, supporting operational excellence.

This Guidance enhances security by implementing strong access control and data protection mechanisms. AWS WAF protects the API Gateway endpoint by applying managed rules to block malicious traffic. A custom Lambda function acts as an authorizer to validate JWTs before allowing requests to proceed. This authorizer decodes the JWT (which uses Okta’s public key to validate the signature) and checks the expiration time to confirm token validity. IAM manages access permissions, using the principle of least privilege to make sure that only authorized users and services can access resources. Additionally, AWS Key Management Service (AWS KMS) encrypts sensitive data, such as OTPs, and it encrypts CloudWatch logs to protect the confidentiality of recorded information.

This Guidance supports reliability through distributed workloads, error handling mechanisms, durable data storage, and a highly available messaging service. It distributes Lambda functions across multiple Availability Zones (AZs), helping you avoid the risk of a single point of failure caused by an AZ outage. The Amazon SQS dead-letter queue provides reliable message delivery by handling errors and retries, and it enables you to investigate any failed message processing. Additionally, DynamoDB offers a highly available and durable data store for user preferences and message templates. Finally, AWS End User Messaging enhances reliability by providing a highly available and scalable messaging service for SMS and voice communication.

This Guidance uses serverless services so that you can quickly retrieve and process data without the need to manually manage infrastructure. Lambda scales automatically with your workloads and right-sizes its functions to achieve efficient resource use, and DynamoDB facilitates quick and efficient data retrieval. AWS End User Messaging converts text to speech on-demand for voice calls.

This Guidance minimizes costs by using on-demand, pay-as-you-go services. DynamoDB provides a flexible pricing model, and its on-demand capacity mode adjusts to workload volume, helping you reduce costs. For Lambda, you only pay for the compute time you consume, and its scalability helps you optimize costs.

This Guidance uses scalable, on-demand services to reduce the environmental impact of your cloud workloads and minimize waste. Lambda automatically scales on demand, helping you avoid the use of idle resources. Additionally, DynamoDB provides an on-demand mode that scales with the workload, delivering efficient resource use. Both services align with best practices for minimizing hardware usage and energy consumption.