Ambient Intelligence · Cloud Engineering

AWS Backend

Step-by-step AWS deployment runbook for the fall-detection platform. Architecture → Infrastructure → Services → Production.

ambientintel/ambientcloud

Architect

Infra

Deploy

Validate

Goal

Region

us-east-1

AWS · single-region pilot

Runtime

Python 3.12

Lambda + FastAPI + boto3

IaC

AWS CDK v2

Python · unified infra/app.py

AI Model

Sonnet 4.6

Bedrock us.anthropic.* inference profile · HIPAA-eligible

Standard

HIPAA §164.514(c)

Coded data · IRB protocol

STEP 01

Architect⏱ ~1 day

Complete

Architecture Review

AWS architecture v4 reviewed and approved. Five data paths: fall-alert hot path, device-side Parquet cold path, legacy Firehose cold path (retiring), 12h narrative, and nurse/admin API. Account-per-tenant isolation model confirmed.

Path	Transport	Latency budget	Status
Fall alerts (hot)	MQTT QoS 1 → IoT Rule → Lambda → DDB + SNS	< 2 s end-to-end	Active
Telemetry — new (cold)	Device Parquet → presigned PUT → S3	5-min batch	Active / dual-write
Telemetry — legacy (cold)	MQTT QoS 0 → IoT Rule → Firehose → S3	5-min buffer	Retiring
Narrative (12h)	EventBridge → SQS → Ella Lambda → Bedrock	Best-effort, ~30 s	Active
Nurse / Admin API	API GW → JWT → FastAPI Lambda → DDB/Athena	Web request	Active

Service / Stack	Path	CDK Stack	Tests
admin-cli	services/admin-cli/	—	66 pass
api	services/api/	Ambient-{env}-Api	41 pass
athena	services/athena/	Ambient-{env}-Athena	n/a
cloudtrail	services/cloudtrail/	Ambient-{env}-CloudTrail	n/a
ella	services/ella/	Ambient-{env}-Ella	11 pass
golden	services/golden/	Ambient-{env}-Golden	n/a
reconciler	services/reconciler/	embedded in Telemetry	2 pass
simulation-runner	services/simulation-runner/	Ambient-{env}-SimRunner	n/a
telemetry	services/telemetry/	Ambient-{env}-Telemetry	15 pass
url-minter	services/url-minter/	Ambient-{env}-UrlMinter	28 pass
KMS (CDK)	infra/stacks/kms_stack.py	Ambient-{env}-Kms	n/a
Storage (CDK)	infra/stacks/storage_stack.py	Ambient-{env}-Storage	n/a
Data (CDK)	infra/stacks/data_stack.py	Ambient-{env}-Data	n/a

Artifacts

▸

docs/architecture-v4.md

Authoritative architecture v4 — five paths, account-per-tenant, dual-write state, KMS, Sonnet 4.

▸

docs/architecture-v4.mmd

Canonical Mermaid diagram. Render at https://mermaid.live.

▸

docs/tenancy.md

Multi-tenant account-per-tenant isolation model. One AWS account per organization.

▸

docs/device-cloud-contract.md

Authoritative device ↔ cloud wire format, v0.2. IRB framing, research data handling.

⚠

The legacy Firehose cold path remains active during dual-write migration. Do not decommission it until all facilities promote to parquet_only and the reconciler shows zero divergence for 7 consecutive days.

⚠

Central observability receives CloudWatch scalar metrics only — no logs, no traces, no string-valued metric dimensions that could carry subject identifiers. Verify this before enabling any new metric stream.

Production Checklist

Complete83%

Open Decisions

1Multi-region per tenant — currently single-region us-east-1; tenants with residency requirements force this decision

2Cross-tenant de-identified research aggregation — separate research account with Glue Data Catalog sharing is the likely pattern

3Firehose retirement timeline — 90 days post-migration from parquet_only promotion is tentative, not contractually nailed down

4WAL fsync cadence on OSD62x-PM — 5s default; may need 1s depending on flash wear budget