Modern Data Architecture Accelerator (MDAA)
The Modern Data Architecture Accelerator (MDAA) helps organizations deploy secure, compliant data analytics and AI environments on Amazon Web Services (AWS) through simple YAML configuration files. Whether you need a basic data lake, a full data science platform, Sagemaker unified studio or a generative AI solution, MDAA provides prepackaged starter kits and reusable infrastructure components that handle security compliance out of the box. It supports teams of all sizes, from small organizations looking for code-free deployment to large enterprises building complex Lake House or Data Mesh architectures.
Table of Contents
- Who Is This For?
- Key Features
- Quick Start
- Implementation Guide
- Workshops and Learning Resources
- Starter Kits
- Sample Configurations
- Available Modules
- Using and Extending MDAA
- For Developers
- Contributing
- Security
- License
Who Is This For?
- Data Engineers: Build and manage data pipelines, lakes, and warehouses with pre-configured, compliant infrastructure.
- Platform Engineers: Deploy and operate secure analytics platforms across multiple AWS accounts using configuration-driven automation.
- Data Scientists: Get a ready-to-use SageMaker Unified Studio environment with governed data access so you can focus on models, not infrastructure.
- Business Analysts: Access governed data through Athena, QuickSight, and other analytics tools deployed by your platform team.
- Compliance Officers: Gain confidence that deployed infrastructure aligns with NIST 800-53, HIPAA, and PCI-DSS security control requirements.
Key Features
- Security compliance built in: Modules are designed for compliance with AWS Solutions, NIST 800-53 Rev5, HIPAA, PCI-DSS, and ITSG-33 CDK Nag rulesets.
- Configuration-driven deployment: Define your entire modern data and analytics environment in YAML files and deploy with a single CLI command. No custom code required.
- Multi-language support: Reusable CDK L2 constructs available in TypeScript, Python, Java, and .NET via JSII (JavaScript Interop Interface). L3 constructs are currently TypeScript-only.
- Starter kits for common use cases: Prepackaged configurations for data lakes, data science platforms, generative AI, governed lakehouses, and healthcare data.
- Multi-account and multi-region: Deploy across multiple AWS accounts and regions with built-in cross-account trust and governance.
Quick Start
Deploy your first data lake in minutes using the Basic DataLake starter kit. Alternatively, quickly deploy one of these other starter kits
Prerequisites
- Node.js 22.x and npm 10.x
- AWS credentials configured with appropriate permissions (AWS CLI setup)
- AWS CDK (Cloud Development Kit) bootstrapped in your target account (CDK bootstrap guide)
Steps
- Clone the repo and navigate to the Basic DataLake starter kit:
git clone https://github.com/aws/modern-data-architecture-accelerator.git
cd modern-data-architecture-accelerator/starter_kits/basic_datalake
-
Edit
mdaa.yamlto specify an organization name. This must be globally unique, as it is used in the naming of all deployed resources (including globally named resources such as S3 buckets). -
If required, edit
mdaa.yamlto specifycontext:values specific to your environment. -
Ensure you are authenticated to your target AWS account.
-
Bootstrap your AWS account for CDK (if not already done):
- Deploy using npx (no installation required):
Or install the CLI globally and then deploy:
Estimated deployment time: ~15–20 minutes
For full deployment details, see the Basic DataLake starter kit README.
What You Just Deployed
The Basic DataLake starter kit creates a secure, encrypted Amazon S3 data lake with AWS Glue databases and crawlers, AWS Identity and Access Management (IAM) roles with least-privilege policies, and AWS Key Management Service (KMS) encryption keys, all configured for compliance with standard security rulesets.
Looking for a different starting point? See Starter Kits for other prepackaged options including data science platforms, generative AI, and more.
Implementation Guide
MDAA follows a five-phase deployment lifecycle: Architecture (define your target platform design), Configuration (author YAML config files for each module), Customization (optionally extend via code-based escape hatches), Predeployment (bootstrap AWS accounts), and Deployment (deploy via the MDAA CLI). Each phase builds on the previous one, and starter kits can accelerate the first two phases significantly.
| Phase | Description | Time Estimate |
|---|---|---|
| Architecture | Define your target platform design and select modules | 1–2 days |
| Configuration | Author YAML config files for each module | 1–3 days |
| Customization | Optionally extend via code-based escape hatches | 0–2 days |
| Predeployment | Bootstrap AWS accounts with CDK | 2 - 10 mins |
| Deployment | Deploy via the MDAA CLI | 15 min – 1 hour |
For the full step-by-step guide, see the MDAA Implementation Guide. Starter kits and sample configurations provide ready-made configurations that can accelerate the early phases significantly.
Workshops and Learning Resources
Self-Paced Workshops
- MDAA Hands-On Workshop: A guided, hands-on workshop that walks you through deploying and configuring MDAA from scratch.
Sample Configurations and Starter Kits
- External Sample Configurations: A community-maintained repository of additional MDAA configurations for various use cases and architectures.
- Starter Kits: Prepackaged, secure MDAA configurations for common use cases, included in this repository.
Documentation
Browse the full documentation, module references, and configuration schemas at aws.github.io/modern-data-architecture-accelerator.
- Architecture and Design Guide: Reference architectures and design patterns for MDAA deployments.
- Configuration Guide: How to author MDAA YAML configuration files.
- Customization Guide: How to extend MDAA modules with code-based escape hatches.
- Predeployment Guide: How to prepare your AWS accounts for MDAA deployment.
- Deployment Guide: Step-by-step deployment instructions using the MDAA CLI.
Starter Kits
Starter kits provide secure, prepackaged foundations for common use cases:
| Starter Kit | Description | Est. Deploy Time |
|---|---|---|
| Basic DataLake | A secure S3 data lake with Glue databases and crawlers | ~15–20 min |
| Basic DataScience Platform | A standalone SageMaker AI Studio data science environment | ~20–30 min |
| GenAI Accelerator | Enterprise-ready generative AI platform with Amazon Bedrock | ~10–15 min |
| Governed Lakehouse | DataZone-governed lakehouse with fine-grained access control | ~20–25 min |
| Health Data Accelerator | Healthcare data lake with DMS (Database Migration Service) integration | ~30–45 min |
| SMUS Research Environment | A SageMaker Unified Studio-enabled architecture suitable for facilitating team-based research activities | ~20–25 min |
Sample Configurations
Additional sample configurations are available in a dedicated repository for easier community contribution and faster updates.
Available Modules
MDAA is implemented as a set of compliant modules deployed via a unified orchestration layer. For detailed module documentation, configuration schemas, and API references, see the MDAA Documentation Site.
- MDAA CDK Modules: Configuration-driven CDK Apps that deploy compliant data analytics components as CloudFormation stacks. Can be run independently via CDK CLI or composed via the MDAA CLI.
- MDAA CDK L2 and L3 Constructs: Reusable CDK constructs designed for compliance with AWS Solutions, HIPAA, PCI-DSS, and NIST 800-53 R5 rulesets. L2 constructs are available in TypeScript, Python, Java, and .NET via JSII. L3 constructs are currently TypeScript-only.
- MDAA CLI: A configuration-driven CLI that composes and orchestrates multiple MDAA modules to deploy compliant end-to-end analytics environments.
Governance Modules
- SageMaker Unified Studio - Deploy SageMaker Unified Studio domains and associated resources.
- DataZone - Deploy DataZone domains and environment blueprints.
- Macie Session - Deploy Macie sessions at the account level.
- LakeFormation Data Lake Settings - Administer LakeFormation settings using IaC.
- LakeFormation Access Controls - Administer LakeFormation access controls using IaC.
- Glue Catalog - Configure Glue Catalog encryption and cross-account access.
- IAM Roles and Policies - Generate IAM roles for the data environment.
- Audit - Generate audit resources for data capture and Athena querying.
- Audit Trail - Generate CloudTrail for S3 data events.
- Service Catalog - Deploy Service Catalog portfolios and grant access.
- SageMaker Projects - Deploy SageMaker Unified Studio projects and associated resources.
Data Lake Modules
- Datalake KMS and Buckets - Generate encrypted data lake buckets with compliant policies.
- Athena Workgroup - Generate Athena workgroups for data lake querying.
Data Ops Modules
- Data Ops Project - Shared secure resources for data ops pipelines.
- Data Ops Crawlers - Glue crawlers for data ops pipelines.
- Data Ops Jobs - Glue jobs for data ops pipelines.
- Data Ops Workflows - Glue workflows for orchestrating pipelines.
- Data Ops Step Functions - Step Functions for pipeline orchestration.
- Data Ops Lambda - Lambda functions for data event processing.
- Data Ops DataBrew - Glue DataBrew for data profiling and cleansing.
- Data Ops Nifi - Apache Nifi clusters for event-driven data flows.
- Data Ops DMS - DMS replication instances, endpoints, and tasks.
- Data Ops Dashboard - CloudWatch dashboards for MDAA observability.
- Data Ops Data Quality - Glue Data Quality rulesets for automated data validation.
- Data Ops DynamoDB - DynamoDB tables for data operations.
Data Analytics Modules
- Redshift Data Warehouse - Secure Redshift data warehouse clusters.
- Opensearch Domain - Secure Opensearch domains and dashboards.
- QuickSight Account - Deploy QuickSight account resources.
- QuickSight Namespace - QuickSight namespaces for multi-tenancy.
- QuickSight Project - QuickSight shared folders and permissions.
AI / Data Science Modules
- SageMaker Unified Studio - Secured SageMaker Unified Studio.
- SageMaker Notebooks - Secured SageMaker notebooks.
- Data Science Team/Project - Resources for team data science activities.
- Generative AI Accelerator - Authenticated GenAI-powered chatbot.
- Bedrock AgentCore Runtime - Deploy Amazon Bedrock AgentCore Runtimes with custom Docker containers.
- Bedrock Builder - Deploy secure Bedrock Agents, Knowledge Bases, and associated resources.
- Bedrock Settings - Configure Bedrock model invocation audit logging to S3 and CloudWatch.
Core / Utility Modules
- EC2 - Secure EC2 instances and security groups.
- SFTP Transfer Family Server - SFTP Transfer Family for data lake ingestion.
- SFTP Transfer Family User Admin - Administer SFTP Transfer Family users.
- DataSync - DataSync for on-premises to cloud data movement.
- EventBridge - EventBridge resources such as event buses.
- Machine to Machine API - REST API for programmatic data lake interaction.
Reusable CDK L2 Constructs
Compliant with AWS Solutions, HIPAA, PCI-DSS, and NIST 800-53 R5 CDK Nag rulesets:
- Athena Workgroup · CloudWatch · Custom Resource · DataBrew · DataSync · DataZone · DMS · DynamoDB · EC2 · ECS · EKS · EventBridge · Glue · IAM Role · KMS · Lambda · OpenSearch · QuickSight · RDS Aurora · Redshift · S3 · SageMaker · SFTP Transfer Family · SNS · SQS
Using and Extending MDAA
MDAA can be used and extended in three ways:
Configuration-Driven Deployment
Deploy compliant, end-to-end analytics environments using YAML config files and the MDAA CLI. No code required - accessible to all roles, from simple to complex deployments with high compliance assurance.
Code-Driven Custom Environments
Build custom analytics environments using MDAA's reusable CDK constructs. Multi-language support (TypeScript, Python, Java, .NET) for L2 constructs; L3 constructs are currently TypeScript-only.
Workload Integration
Independently developed workloads (CDK or CloudFormation) can leverage MDAA-deployed resources via the standard set of SSM (Systems Manager) parameters published by all MDAA modules.
Logical Architecture
MDAA is designed as a set of logical architectural layers, each constituted by a set of functional modules. Each module configures and deploys a set of resources which constitute the data analytics environment. Modules may have logical dependencies on each other, and may also leverage non-MDAA resources deployed within the environment.
While MDAA can be used to implement a comprehensive, end-to-end data analytics platform, it does not result in a closed system. MDAA may be freely integrated with non-MDAA deployed platform elements and analytics capabilities. Any individual layer or module of MDAA can be replaced by a non-MDAA component, and the remaining layers and modules will continue to function (assuming basic functional parity with the replaced MDAA module or layer).
Code Architecture
Metrics Collection
This solution collects anonymous operational metrics to help AWS improve quality and features. For more information, including how to disable this capability, see the CDK version reporting documentation.
For Developers
MDAA includes comprehensive testing for both TypeScript/CDK code and Python Lambda/Glue functions:
# Run all tests
./scripts/test.sh
# TypeScript tests only
lerna run test --stream
# Python tests only
npm run test:python:all
For detailed guides, see:
- DEVELOPMENT.md - Development setup, build process, and testing guide.
- PYTHON_TESTING.md - Comprehensive Python testing documentation.
- CONTRIBUTING.md - Contribution guidelines and pull request process.
Full documentation and module reference is available at aws.github.io/modern-data-architecture-accelerator. To generate the docs locally, run mkdocs serve from the project root (requires MkDocs).
Contributing
We welcome contributions from the community. See CONTRIBUTING.md for guidelines on how to get started, set up your development environment, and submit pull requests.
Security
See CONTRIBUTING.md for information on reporting security issues.
See SECURITY.md for details on MDAA's security design principles and compliance approach.
License
This project is licensed under the Apache-2.0 License.