Lambda + EKS hybrid search
Cognito-authorised API Gateway in front of a Lambda that LRU-caches per tenant and HMAC-signs into Express on EKS, where the Postgres FTS index lives.
Multi-tenant SaaS on Kubernetes. Built for scale, designed for interviews — every layer instrumented, every line open source.
A polyglot service mesh fanning out one synthetic order across six languages, with a live service map, span waterfalls, and a gated load generator. Built to show what prod-grade observability looks like — at portfolio cost.
Built on
What ships
Each card is a path you can actually click through once a demo environment is up. The infrastructure is in modules/ — the references below tell you exactly where to look.
Cognito-authorised API Gateway in front of a Lambda that LRU-caches per tenant and HMAC-signs into Express on EKS, where the Postgres FTS index lives.
Order events publish to Kinesis post-commit; a fanout Lambda pushes owner-scoped updates to active WS connections. Stale connections prune on 410 Gone.
The authenticated API creates the order first; Step Functions keeps durable confirmation-email delivery, while the execution name remains the Idempotency-Key.
One JWT verified the same way in middleware, Express, the search Lambda, and the WS connect handler. custom:tenant_id drives RLS in Postgres.
Force-RLS on every customer-facing table. withTenant() opens a transaction, sets app.tenant_id, and commits — so a forgotten WHERE clause cannot leak.
Traceparent stitched from browser → Next.js RSC → API GW → Lambda → Express → RDS → Kinesis → fanout Lambda → WS push. One Grafana board.
Every node is a real module under modules/. Colours follow AWS service categories.
The platform is wired top to bottom. Open the live service map or walk the architecture flows end to end.