AWS
Microservices
advanced
Secure Microservices Platform — AWS Architecture Template
Cognito-authenticated API Gateway fronting ECS services with Aurora, KMS encryption, and centralised secrets.
Why this architecture works
- All external traffic enters through one authenticated API Gateway — services are never internet-facing
- Cognito JWT authorizers validate identity at the edge, so services trust claims, not raw tokens
- Every datastore is KMS-encrypted with customer-managed keys for auditable key rotation
- Secrets Manager plus task-role IAM scoping means no service can read another service's credentials
- Per-service CloudWatch dashboards make latency regressions attributable to a single team
What's inside (11 resources)
DNS
aws-route53
Identity Pool
aws-cognito
API Gateway
aws-api-gateway
Internal ALB
aws-alb
Users Service
aws-ecs
Payments Service
aws-ecs
Secrets
aws-secrets-manager
Aurora Cluster
aws-aurora
Redis
aws-elasticache
CMK
aws-kms
Service Dashboards
aws-cloudwatch
From template to running infrastructure
- Open this template in the CloudForge visual designer (free account, no credit card).
- Customize resources, names, and connections on the drag-and-drop canvas — or ask Vani, the AI architect, to adapt it.
- Generate production-ready Terraform or CloudFormation in one click.
- Review the plan diff and security scan, then deploy with human approval.