Current AWS + MongoDB Atlas state
AI-generated content
This document was generated by an AI assistant. Verify accuracy before relying on the details.
Source of truth: infra/CURRENT_AWS_STATE.md on GitHub.
A read-only audit of AWS account 182790345476 (LIFE CONNECT, region eu-west-3) and MongoDB Atlas project adb-prod, captured 2026-05-03. This is the ground-truth baseline against which the new infra/ Pulumi project is built.
TL;DR
- AWS Organization: single-account today (
182790345476). The 7-account multi-account design in the newinfra/project is greenfield. - AWS compute: zero ECS, EKS, ALB, RDS, DocumentDB, Lambda. All workload compute runs on Azure AKS (per the legacy
adb-chartsrepo). Keycloak runs as fourt3.microElestio-managed EC2 instances per env (dev/int/stage/prod). - DNS / TLS / CDN are off-AWS: 0 Route 53 hosted zones, 0 ACM certs, 0 CloudFront.
life-connect.fris hosted at the registrar or Cloudflare. - No container registry on AWS: 0 ECR repos. Images are on Docker Hub (
lifeconnect/*). - Messaging: 31 MongoDB Atlas partner EventBridge buses, ~80 rules, 96 SQS queues (48 logical × 2 envs with DLQs), 8 SNS DLQ-alert topics. Naming:
<env>-<consumer>-<event>. - MongoDB Atlas: 1 project, 1 cluster (
adb-prod, MongoDB 8.0.21, M20 on Azure FRANCE_CENTRAL, 3-node replica set, backup ON, encryption-at-rest NONE, termination protection OFF). 4 DB users, 1 custom role, 32 IP allowlist entries. - Atlas Triggers: 18 total — 16 publish to AWS EventBridge in
eu-west-3, 2 are internal Realm-function only. Each maps cleanly to(database, collection, ops).
Why it matters
The audit revealed several things the codebase didn't show:
- The original messaging catalog under-counted queues (~18 vs reality's 48 logical). The new
infra/src/catalog/services.jsnow mirrors production exactly. - The
adb-ticketsMongoDB database is real and triggers fire on it, even though there's noadb-tickets/directory in the monorepo today. - There's a likely orphaned-stage hypothesis: AWS has
stage-*rules + queues, but the Atlas project produces only one set of events to one AWS account. Stage may have had its own Atlas project that was deleted, leaving AWS resources behind.
Read the full report for the per-section breakdown (compute, network, EventBridge, SQS, S3, IAM, Terraform-managed envs, Atlas project/cluster/triggers).
Reproducing the audit
The audit was generated using:
- AWS read-only audit IAM user
infra.claude-audit(policiesReadOnlyAccess+SecurityAudit). - Atlas Org Read-Only API key.
The setup steps for the Atlas side are documented separately in MongoDB Atlas — Realm CLI setup. Cleanup snippets for both credentials are at the bottom of the source document.