AWS inventory
What lives in the AWS account, grouped by service category, with the role each resource plays in the platform.
- Account:
644882346898 - Region:
eu-north-1(Stockholm) for almost everything;us-east-1only for ACM certs that front CloudFront. - CLI profile:
swishing-admin.
Counts in this page reflect a snapshot — for the live list, hit the AWS CLI or the console.
Lambda
24 functions total. Every backend service has a prod Lambda; most also
have a -dev sibling. No per-tenant Lambdas — the v3 model is one shared
Lambda for all tenants.
Application Lambdas
| Function | Service | Purpose |
|---|---|---|
swishing-game-backend{,-dev} | Tenant API | Shared per-tenant backend. |
swishing-api-router | API Router | v3 entry-point fanout by X-Tenant-Id. |
swishing-auth-api{,-dev} | Auth API | Login / MFA / password-reset / Microsoft SSO. |
swishing-internal-api{,-dev} | Internal API | Operator tooling. |
swishing-demo-api | Demo API | Demo tenant backend. |
swishing-marketing-api | Marketing API | Marketing-site backend. |
Worker Lambdas
| Function | Trigger | Purpose |
|---|---|---|
swishing-provision-worker{,-dev} | SQS | Tenant provisioning. |
swishing-tenant-teardown{,-dev} | EventBridge Scheduler | Tenant lifecycle teardown. |
swishing-user-import-worker{,-dev} | SQS | Async user import. |
swishing-internal-incidents | SQS | Forwards incidents to Slack. |
Cognito trigger Lambdas
Wired into individual Cognito user pools.
| Function (dev + prod) | Trigger type |
|---|---|
swishing-cognito-define-auth{,-dev} | DefineAuthChallenge |
swishing-cognito-create-auth{,-dev} | CreateAuthChallenge |
swishing-cognito-verify-auth{,-dev} | VerifyAuthChallengeResponse |
swishing-cognito-post-auth{,-dev} | PostAuthentication (stamps custom:last_login_at). |
API Gateway (HTTP APIs)
One HTTP API per backend service. Custom domains terminate TLS via ACM in
eu-north-1.
| API | Custom domain(s) | Backed by |
|---|---|---|
swishing-game-backend{,-dev} | api.swishing.cards, api.dev.swishing.cards | Tenant API. |
swishing-api-router-httpapi | gateway.swishing.cards, api-app.swishing.cards | API Router. |
swishing-auth-api{,-dev} | api.auth.swishing.cards, api.auth.dev.swishing.cards | Auth API. |
swishing-internal-api{,-dev} | api.internal.swishing.cards, api.internal.dev.swishing.cards | Internal API. |
swishing-demo-api | api.demo.swishing.cards | Demo API. |
swishing-marketing-api | marketing.swishing.cards | Marketing API. |
CORS is set at the API Gateway level — not in Express. See Architecture › CORS.
RDS
| Resource | Engine | Role |
|---|---|---|
Cluster swishing-database-cluster-prod | Aurora PostgreSQL (provisioned) | Single shared cluster for the whole platform. |
Instance swishing-database-instance-prod | db.serverless | Writer instance. |
Inside the cluster: one Postgres database per tenant, plus the
operator-facing internal database. Per-tenant DB credentials live in
Secrets Manager and are referenced from TenantDirectory[SK=DB].
DynamoDB
| Table | Purpose |
|---|---|
TenantDirectory / TenantDirectoryDev | Single source of truth for tenant → DB / Cognito / routing. PK TENANT#<uuid>, SK in {DB, COGNITO, ROUTING, …}. |
AuthDirectory / AuthDirectoryDev | Auth-broker lookup (email → tenant id) used by auth-api to route users to the right tenant on login. |
ImportJobs / ImportJobsDev | State for async user-import jobs (status, counts, errors). |
ProvisionLocks | Mutex for tenant provisioning — prevents two concurrent runs creating the same tenant. |
swishing_demo_last_challenges | Demo-tenant state. |
swishing_demo_scores | Demo-tenant state. |
Cognito
~24 user pools today, broken down as:
- One per tenant for every active customer (
Swishing - <tenant>/Klant - <tenant>names). Each issues its own JWTs; the backend validates against the right pool by id (looked up fromTenantDirectory). - A small set of smoke-testing pools (
Swishing - smoke-testing-do-not-delete) used by CI / smoke tests against the foreign-tenant fixture. swishing-internal-users-dev— internal-API admin pool.
Triggers (DefineAuth / CreateAuth / VerifyAuth / PostAuth) are wired on a
per-pool basis to the swishing-cognito-* Lambdas above.
S3
| Bucket | Purpose |
|---|---|
swishing-general | Shared assets (per-tenant logos, exports, miscellany). |
swishing-templates | Production phishing templates — source of the auto-sync into tenant DBs. |
swishing-templates-dev | Dev phishing templates. |
swishing-templates-qa | QA phishing templates. |
swishing-cicd-artifacts | SAM build artifacts + CloudFormation packages. Versioned, public access blocked. |
swishing-internal-docs-dev | Orphaned — legacy from the first docs-portal attempt (S3 + CloudFront, pre-CF-Pages). Scheduled for removal in TODO.md Phase 3.5. |
Per-tenant frontend buckets are not listed here — they're created and
managed by the frontend deploy scripts under scripts/deploy-*-web.ps1.
SQS
DLQs are sized for low traffic; alarms forward to the
swishing-internal-incidents queue when messages land in a DLQ.
| Queue | Purpose |
|---|---|
swishing-internal-provisioning{,-dev} | Tenant-provisioning work items. Consumed by swishing-provision-worker. |
swishing-internal-provisioning{,-dev}-dlq | Provision failures. |
swishing-user-import{,-dev} | User-import job items. Consumed by swishing-user-import-worker. |
swishing-user-import{,-dev}-dlq | Import failures. |
swishing-internal-incidents{,-dev} | Internal incident events; forwarded to Slack. |
swishing-internal-incidents-dev-dlq | Incident-forwarder failures. |
EventBridge Scheduler
Per-tenant rate(5 minutes) invocations on the shared tenant Lambda.
Schedules are grouped by environment + purpose. No EventBridge Rules —
all scheduling is via Scheduler.
| Group | Purpose | Target |
|---|---|---|
game-transitions | Per-tenant game-state transition tick. One schedule per active prod tenant. | swishing-game-backend |
game-transitions-dev | Same, for dev tenants. | swishing-game-backend-dev |
tenant-teardown | Per-tenant teardown schedule. | swishing-tenant-teardown |
tenant-teardown-dev | Same, dev. | swishing-tenant-teardown-dev |
History: pre-2026-05-12 the game scheduler used chained at()
invocations. It was moved to recurring rate(5 minutes) per tenant on
2026-05-12 — the daily reconcile cron was retired the same day. See
Runbooks for the full story.
Secrets Manager
Naming convention swishing/<scope>/<name>.
Per-tenant
One entry per tenant under swishing/<tenant>/<tenant> holding the DB
credential for that tenant's Postgres database. Plus the prod and dev
top-level entries (swishing/prod/internal, swishing/dev/internal) for
the operator-facing internal database.
Shared
| Secret | Used by |
|---|---|
swishing/shared/cloudflare-api-token | Cloudflare DNS automation. |
swishing/shared/cloudflare-pages-deploy-token | Pages deploys (docs portal — being deprecated in Phase 3.4). |
swishing/shared/deepl-api-key | DeepL translation API (template-tool, internal-api). |
swishing/shared/openrouter-api-key | OpenRouter LLM API (template-tool AI features). |
swishing/shared/leads-ingest-token | Marketing API → CRM webhook auth. |
swishing/shared/docs-portal-entra-client-secret | Docs-portal CF Access SSO (legacy — being phased out). |
Auth / docs
| Secret | Used by |
|---|---|
swishing/auth-broker/hmac-key | Cookie / session signing for auth-api (prod). |
swishing/dev/auth-broker/hmac-key | Same for dev. |
swishing/internal/internal-api-key | Bearer-token for direct invokes of internal-api /internal/* routes (bypasses CF Access). |
swishing/dev/internal/internal-api-key | Same for dev. |
swishing/internal/slack-webhook | Slack webhook used by swishing-internal-incidents. |
swishing/docs/session-key | HMAC for /docs session cookies. Read by every service's oidcDocs.js. |
swishing/docs/entra-client-secret | Mirror of swishing/shared/docs-portal-entra-client-secret — required because tenant-app runtime roles deny swishing/shared/*. Rotation must update both copies. |
CloudFront
| Distribution | Backed by | Notes |
|---|---|---|
E1YOB4SWK9PB74 (swishing.cards) | S3 (game-web prod) | Main per-tenant SPA distribution. |
E2SS14JVD6RS8G (app.dev.swishing.cards) | S3 (game-web dev) | Dev SPA distribution. |
E1JBVNS5OCBT0U (docs.internal.dev.swishing.cards) | S3 swishing-internal-docs-dev | Orphaned. Legacy pre-Pages attempt. Schedule for removal in TODO.md Phase 3.5. |
Other distributions front the auth / demo / marketing / internal frontends — they live alongside the per-service S3 buckets and aren't enumerated here.
DNS + TLS
- DNS: Cloudflare. Apex
swishing.cards+dev.swishing.cards. Most API hostnames are gray-cloud (DNS-only, CNAME direct to AWS) — including everyapi.*host.docs.internal.*is orange-cloud (proxied). - ACM certs: issued in
us-east-1(for CloudFront) andeu-north-1(for API Gateway). The Maintenance Worker bypass uses an ACME-bypass hostname per env so cert renewals don't get caught by the maintenance block. The maintenance Worker exposes two bypass paths (IP allowlist +X-Maintenance-Bypassheader) so cert renewals and smoke tests survive the block.
Decommissioned (no longer present)
For posterity — these surfaces existed in v1/v2 and were removed by 2026-05-06:
- ECS — all per-tenant Fargate services, ECS clusters, the shared per-tenant ALB, and the ECS-Exec VPC endpoints.
- EC2 — all per-tenant EC2 instances from the v1 era.
tenant-health-checkerLambda — retired 2026-05-06.
The infra/ecs/ JSONs are kept as historical reference but reference no
live infrastructure. See Runbooks for the cutover stories.