Skip to main content

AWS Solutions Library

Overview

This Guidance helps to provide transparency and traceability of the supply chain network for a product. The architecture allows vendors and stakeholders to easily upload the supply chain certificates as well as ingest relevant data from systems such as enterprise resource planning (ERP), product lifecycle management (PLM), SharePoint. It then extracts, processes, cross-checks, and validates these documents in an automated, serverless AWS workflow. This Guidance includes both an overview architecture and a detailed architecture with sample code.

How it works

Overview

This overview architecture shows a process flow for adding traceability and transparency to a product supply chain.

Download the architecture diagram
Flowchart illustrating data ingestion, processing, storage, validation, and consumption within an AWS Cloud system, involving ERP, SharePoint, third-party data, and supplier certificates.

Detailed Architecture

This detailed architecture shows a process flow for adding traceability and transparency to a product supply chain.

Download the architecture diagram
A detailed flowchart illustrating an AWS cloud architecture for data ingestion, processing, storage, and consumption, integrating services like Amazon S3, AWS Glue, Amazon Redshift, and Amazon SNS, with connections to third-party data, supplier certificates, and end users.

Well-Architected Pillars

The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.

This Guidance is deployed using AWS Cloud Development Kit (AWS CDK). Changes to the main branch of your repository of choice are propagated to the Guidance infrastructure through AWS CodePipeline.

Read the Operational Excellence whitepaper 

This Guidance uses AWS WAF, Amazon Cognito, and AWS Certificate Manager (ACM) to secure access to its hosted upload portal, restricting access to services and protecting them from attacks. All data is encrypted at rest using AWS KMS keys.

Read the Security whitepaper 

The load balancer will ensure the health of the hosted upload portal alongside built-in autoscaling for services. It is critical that the extraction be done within a Step Function that includes a retry mechanism. Otherwise, you may encounter a bottleneck in Amazon Textract due to account-level concurrency limits that can only be increased by contacting AWS support. It is possible for the extraction Lambda function to fail if too many certificates are uploaded at once. As such, the Step Function should include a fail-retry check to address failures that occur as result of Textract throttling.

Read the Reliability whitepaper 

We selected the services in this Guidance to create a serverless architecture. The Guidance uses automation to minimize infrastructure management and user intervention. The architecture is also decoupled so that different functions can run independently from one another. 

Read the Performance Efficiency whitepaper 

All data is stored in Amazon S3, with lifecycle policies that automatically archive old certificates. This allows for cost optimization while still adhering to data retention regulations. 

Read the Cost Optimization whitepaper 

All components of this Guidance are serverless and scale automatically. This approach ensures minimal energy consumption while maintaining high availability.

Read the Sustainability whitepaper 

Implementation resources

The sample code is a starting point. It is industry validated, prescriptive but not definitive, and a peek under the hood to help you begin.
Open sample code on GitHub

Disclaimer

The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.