About This Architecture

Duolingo English Test leverages an isolated AWS account architecture with CloudFront, AWS WAF, and multi-AZ deployment across us-east-1a and us-east-1b to deliver secure, scalable test delivery. Test takers connect through CloudFront and AWS WAF bot/cheat detection rules, routing to ECS/EKS test delivery engines in public subnets, while Fargate proctoring streams, SageMaker anomaly detection, and DynamoDB session state operate in private subnets with cross-AZ replication. S3 secure test storage, KMS encryption, CloudWatch monitoring, and CloudTrail audit logs enforce defense-in-depth security and compliance. This architecture demonstrates how to isolate a high-stakes testing workload using AWS Organizations IAM, network segmentation, and managed services to prevent cheating while maintaining availability. Fork and customize this diagram on Diagrams.so to adapt the pattern for your own secure assessment or certification platform.

People also ask

How do you design a secure, multi-AZ AWS architecture for a high-stakes testing platform with bot detection and proctoring?

This diagram shows an isolated AWS account with CloudFront and AWS WAF filtering bot/cheat traffic, ECS/EKS test engines in public subnets, SageMaker anomaly detection in private subnets, and DynamoDB cross-AZ replication for session state. KMS encryption, CloudTrail audit logs, and CloudWatch monitoring enforce compliance and security.