⌘K
v2026.1 Open Portal ↗
On this page

Architecture Overview

Infrastructure Components

StackFlow is deployed as a serverless application on AWS in the us-east-1 region under account 373544523367. The architecture is designed for high availability across two Availability Zones with automatic failover for all stateful components.

⚙️ Minimum Requirements
  • VPC: vpc-0c4e3c18734dee8f7 with private subnets subnet-05eae5f255dec054f (us-east-1a) and subnet-03ab773ce82d704d1 (us-east-1b)
  • Security Group: sg-0ada825cda6a75ed6 allowing Lambda ↔ Aurora/Neptune/Redis intra-VPC traffic
  • Aurora PostgreSQL 16: stackflow-main-prod cluster in Multi-AZ configuration
  • Neptune: stackflow-knowledge-graph cluster accessible on port 8182 within VPC
  • ElastiCache Redis: stackflow-redis-prod cluster with TLS and auth token
ComponentAWS ServiceDetails
API BackendLambda + API GatewayStackFlowAPI, nodejs22.x, arm64, 1792MB, 300s timeout
Primary DatabaseAurora PostgreSQL 16stackflow-main-prod.cluster-c6pq0smgmlri.us-east-1.rds.amazonaws.com
Requirements DBAurora PostgreSQL 17stackflow-req-prod.cluster-c6pq0smgmlri.us-east-1.rds.amazonaws.com
Knowledge GraphAmazon Neptunestackflow-knowledge-graph.cluster-c6pq0smgmlri.us-east-1.neptune.amazonaws.com:8182
CacheElastiCache Redismaster.stackflow-redis-prod.mnzfvx.use1.cache.amazonaws.com:6379 (TLS)
CDNCloudFrontE1UTZ9SVSR2WGV → docs.stackflow-tech.com
QueueSQS FIFOStackFlow-Events-Ingestion.fifo, Remediation P1/Standard queues

Networking & Security

All StackFlow Lambda functions and data services run within VPC vpc-0c4e3c18734dee8f7 across two private subnets: subnet-05eae5f255dec054f (us-east-1a) and subnet-03ab773ce82d704d1 (us-east-1b). The security group sg-0ada825cda6a75ed6 controls all inbound and outbound traffic.

All three CloudFront distributions are protected by WAF (stackflow-cloudfront-waf) with managed rule groups for OWASP Top 10, known bad inputs, and rate limiting. API Gateway has resource-level throttling configured at 10,000 RPS burst and 5,000 RPS steady state.

KMS Encryption: All data at rest is encrypted using the primary multi-region CMK mrk-bd842691514c4d74a02992b8dc11fe16. This key is used for Aurora, Neptune, ElastiCache, S3, and SQS encryption. Never disable or schedule deletion of this key without a documented rotation plan.

Data Layer

The Aurora PostgreSQL 16 cluster hosts the primary stackflow database containing all ITSM records, user data, configuration items, and workflow definitions. Connection pooling is handled by the Lambda runtime using pg connection pooling with a maximum of 10 connections per Lambda instance.

# Connect to Aurora main cluster (from within VPC)
psql -h stackflow-main-prod.cluster-c6pq0smgmlri.us-east-1.rds.amazonaws.com      -U stackflow_admin -d stackflow

# Check active connections
SELECT count(*), state FROM pg_stat_activity GROUP BY state;

AI & ML Layer

The AI layer is built on Amazon Bedrock with the StackFlow Knowledge Base (BXJGG7PIPS) providing RAG capabilities. Documents are embedded using Amazon Titan Embeddings v2 at 1024 dimensions and stored in OpenSearch Serverless. At query time, the model router selects the optimal Claude model based on task complexity, latency requirements, and cost budget.

import boto3

bedrock = boto3.client('bedrock-agent-runtime', region_name='us-east-1')

response = bedrock.retrieve_and_generate(
    input={'text': 'How do I reset a Cognito user password?'},
    retrieveAndGenerateConfiguration={
        'type': 'KNOWLEDGE_BASE',
        'knowledgeBaseConfiguration': {
            'knowledgeBaseId': 'BXJGG7PIPS',
            'modelArn': 'arn:aws:bedrock:us-east-1::foundation-model/anthropic.claude-3-sonnet-20240229-v1:0'
        }
    }
)

Observability

StackFlow emits structured logs to CloudWatch Logs and metrics to CloudWatch Metrics. All Lambda invocations include a correlation ID in the x-stackflow-request-id header, which is propagated through all downstream service calls for end-to-end tracing. X-Ray tracing is enabled on the API Gateway and Lambda functions.

The AI Observability module (see AI Observability) provides a unified view of Bedrock API costs, token usage, model performance, and semantic cache hit rates. Alerts are configured in CloudWatch Alarms with SNS notifications to the stackflow-security-findings topic for anomalous spending patterns.

← Previous
Navigation Guide
Finding your way around the portal
Authentication Overview
Identity and access options