CloudOpsConsole

architecture

The same diagram you'd actually whiteboard.

Five flows, one full picture, and the pipelines that ship it. Hover any node for tech, cost, and ownership.

flows · five lanes

Five flows, drawn the way the console shows them.

Hover a row to focus; the others fade. Packets travel each chain in real time. Click a chip to jump.

FLOW · 01

Mesh fan-out

one synthetic place-order across 6 languages · loadgen → api-gateway

api-gateway
Node · BFF + HMAC
pricing
Go · quote
inventory
Python · reserve
fraud
Java · score
payment
Node · charge
ledger
Go · post entry

FLOW · 02

Async events

Kinesis → enrichment λ → EventBridge → analytics λ · post-commit fan-out

order-api
POST /order
Kinesis
tenant-partitioned
enrichment λ
mesh-events
EventBridge
event bus
analytics λ
EMF metrics

FLOW · 04

Checkout saga

storefront creates the order, then Step Functions enqueues the email

/api/checkout
storefront BFF
order-api /order
Idempotency-Key · RLS write
Step Functions
Standard · EnqueueEmail
SQS · email
durable buffer
email λ
SES (sesv2)

FLOW · 05

Observability

app spans via OTel + AWS metrics via yace → Prometheus → Grafana

services + AWS
OTLP · CloudWatch
OTel · yace
collector + CW export
Mimir / Loki / Tempo
metrics · logs · traces
Grafana
dashboards · alerts
aws categories:computedatabasenetworkingsecurityintegrationanalytics
not a runtime flow:client libraries (logs · metrics · traces · 6 languages) ship to AWS CodeArtifact for downstream consumers — they are published artifacts, not a live hop in any path above.

the full picture

One diagram. Every layer.

Hover any node to inspect tech, cost, and ownership. The whole stack — from browser request to observability backend.

EDGEEKS · KUBERNETESDATAOBSERVABILITYEKS · order-api + storefront + polyglot mesh (6 svc)BrowserNext.js · TSMobileiOS · AndroidALB + WAF5 managed rules · TLS 1.3storefront podNext.js · operator consoleorder-api podNode22 · Express · RLSapi-gatewayNode · BFF + HMACpricingGoinventoryPythonfraudJavapaymentNodeledgerGoCognitoPKCE · JWTRDS · PostgresRLS FORCEKinesisevent streammesh-eventsenrich → EB → λprojection-workerPython · read modelCloudWatchAWS metricsOTel Collectormetrics·logs·spansyaceCW → PromMimirmetricsLokilogsTempotraces · svc graphGrafanadashboards · alertsclient libraries6 langs → CodeArtifact

ci/cd · two pipelines

Signed, scanned, gated to ship.

The same flow you'd trace in Actions. Hover a row to focus. Cosign-signed images, Trivy-scanned, deployed behind an approval gate.

PIPELINE · 01

App deploy

.github/workflows/app.yml · OIDC → AWS · digest-pinned

test
lint · unit · openapi
manifest-validation
kubeconform
build-and-push
buildx + Cosign sign → ECR
image-scan
Trivy HIGH+
budget-check
FinOps cap
deploy
Cosign verify · kubectl
EKS rollout
zero-downtime
integration-test
smoke + traces

PIPELINE · 02

Infra apply

.github/workflows/infra.yml · layered stacks · prod gate

quality
fmt · validate · tflint
plan
terraform plan
security-scan
tfsec · trivy · checkov
approve
prod environment gate
apply
terraform apply
compliance-scan
post-apply audit
stage kinds:cibuildscangatedeploytarget