A complete infrastructure-as-code deployment for a mid-sized retail e-commerce platform based on the Business Example architecture. All 7 templates were validated against the AWS CloudFormation API before publishing. Deploy in order 1 through 7 — each stack exports outputs that downstream stacks import via !ImportValue. All stacks require --capabilities CAPABILITY_NAMED_IAM.
Foundation stack. Provisions the VPC, 6 subnets across 2 AZs (public, private-app, private-data), NAT Gateways with Elastic IPs, route tables, S3 and DynamoDB Gateway VPC endpoints, and VPC Flow Logs. Every other stack imports outputs from here.
VPC
Subnets
NAT Gateway
VPC Endpoints
CloudWatch Logs
Shared security primitives. Provisions a KMS CMK with auto-rotation covering all data tiers, six inter-tier security groups with group-to-group rules, and a Secrets Manager secret with an auto-generated Aurora password.
KMS
Secrets Manager
Security Groups
IAM
Two-phase cross-region deployment. Phase 1 deploys WAF WebACL (5 managed rules) and ACM certificate to us-east-1. Phase 2 deploys CloudFront with 4 cache behaviors, ALB with X-Origin-Verify enforcement, and Route 53 alias records.
CloudFront
WAF
ALB
ACM
Route 53
ECS Fargate application tier. Provisions ECR with scan-on-push, ECS cluster with Container Insights, task definition with Secrets Manager injection, rolling deployment with circuit-breaker auto-rollback, dual Auto Scaling policies, and Cloud Map service discovery.
ECS Fargate
ECR
Auto Scaling
Cloud Map
CloudWatch
Data tier. Provisions Aurora Serverless v2 PostgreSQL (writer + reader across 2 AZs, 0.5-16 ACU auto-scaling), ElastiCache Serverless Redis for session and catalog caching, S3 data lake with Intelligent-Tiering, and AWS Backup with optional cross-region copy.
Aurora Serverless v2
ElastiCache
S3
AWS Backup
Event-driven tier. Provisions EventBridge custom bus with 90-day archive, three SQS queues with dead-letter queues, three Lambda handlers with partial-batch failure reporting, and an SNS topic for customer order notifications.
EventBridge
SQS
Lambda
SNS
Analytics tier. Provisions Glue crawlers and ETL job (raw JSON to curated Parquet), Redshift Serverless for BI queries, an EventBridge rule that triggers crawlers on new S3 data lake objects, and a CloudWatch operational dashboard covering all 7 stack tiers.
Glue
Redshift Serverless
S3
CloudWatch
