Skip to content

Loading

← All projects

Cloud Migration · 2025

Swiftcart

Monolith to event-driven AWS migration. Zero-trust dual-VPC + CQRS over SNS → SQS fan-out, Lambda (arm64) replacing EC2 polling, hardened with IAM instance profiles + CloudTrail.

  • Lambda
  • SNS
  • SQS
  • Transit Gateway
  • Private Link
  • EFS
  • EBS
  • CloudWatch
  • CloudTrail
  • Docker Compose
  • Lab

The problem

A toy e-commerce stack is the easy part. A toy e-commerce stack that survives an AZ failure, runs under least-privilege IAM end-to-end, and keeps reads fast while writes are still being durably acknowledged is where the AWS depth shows up. Swiftcart is that exercise.

What's there

  • CQRS: writes hit a command service that publishes to SNS. Multiple SQS-subscribed consumers update materialised read views in DynamoDB.
  • Zero-trust: each consumer has its own IAM role with permissions scoped to a single SQS queue and a single DynamoDB table. No shared roles, no Action: "*".
  • Three-AZ Fargate: services scheduled across three AZs with health checks behind an ALB.
  • Terraform-first: everything is in code, including the IAM policies. No console clicks.

What's coming

Full write-up will cover the IAM policy templating pattern, the read-model lag budget, and the failure modes I deliberately injected during chaos testing.