Life ConnectLife Connect
Wiki index
Architecture
Services
Concepts
Runbooks
Infra
Swagger Docs
GitHub
Wiki index
Architecture
Services
Concepts
Runbooks
Infra
Swagger Docs
GitHub
  • Infrastructure

    • Infrastructure
    • Pulumi project — infra/
    • Current AWS + MongoDB Atlas state
    • MongoDB Atlas — Realm CLI setup
Last updated 2026-05-03

Current AWS + MongoDB Atlas state

AI-generated content

This document was generated by an AI assistant. Verify accuracy before relying on the details.

Source of truth: infra/CURRENT_AWS_STATE.md on GitHub.

A read-only audit of AWS account 182790345476 (LIFE CONNECT, region eu-west-3) and MongoDB Atlas project adb-prod, captured 2026-05-03. This is the ground-truth baseline against which the new infra/ Pulumi project is built.

TL;DR

  • AWS Organization: single-account today (182790345476). The 7-account multi-account design in the new infra/ project is greenfield.
  • AWS compute: zero ECS, EKS, ALB, RDS, DocumentDB, Lambda. All workload compute runs on Azure AKS (per the legacy adb-charts repo). Keycloak runs as four t3.micro Elestio-managed EC2 instances per env (dev/int/stage/prod).
  • DNS / TLS / CDN are off-AWS: 0 Route 53 hosted zones, 0 ACM certs, 0 CloudFront. life-connect.fr is hosted at the registrar or Cloudflare.
  • No container registry on AWS: 0 ECR repos. Images are on Docker Hub (lifeconnect/*).
  • Messaging: 31 MongoDB Atlas partner EventBridge buses, ~80 rules, 96 SQS queues (48 logical × 2 envs with DLQs), 8 SNS DLQ-alert topics. Naming: <env>-<consumer>-<event>.
  • MongoDB Atlas: 1 project, 1 cluster (adb-prod, MongoDB 8.0.21, M20 on Azure FRANCE_CENTRAL, 3-node replica set, backup ON, encryption-at-rest NONE, termination protection OFF). 4 DB users, 1 custom role, 32 IP allowlist entries.
  • Atlas Triggers: 18 total — 16 publish to AWS EventBridge in eu-west-3, 2 are internal Realm-function only. Each maps cleanly to (database, collection, ops).

Why it matters

The audit revealed several things the codebase didn't show:

  1. The original messaging catalog under-counted queues (~18 vs reality's 48 logical). The new infra/src/catalog/services.js now mirrors production exactly.
  2. The adb-tickets MongoDB database is real and triggers fire on it, even though there's no adb-tickets/ directory in the monorepo today.
  3. There's a likely orphaned-stage hypothesis: AWS has stage-* rules + queues, but the Atlas project produces only one set of events to one AWS account. Stage may have had its own Atlas project that was deleted, leaving AWS resources behind.

Read the full report for the per-section breakdown (compute, network, EventBridge, SQS, S3, IAM, Terraform-managed envs, Atlas project/cluster/triggers).

Reproducing the audit

The audit was generated using:

  • AWS read-only audit IAM user infra.claude-audit (policies ReadOnlyAccess + SecurityAudit).
  • Atlas Org Read-Only API key.

The setup steps for the Atlas side are documented separately in MongoDB Atlas — Realm CLI setup. Cleanup snippets for both credentials are at the bottom of the source document.

Edit this page
Last Updated:
Contributors: Yevhenii Khudolii
Prev
Pulumi project — infra/
Next
MongoDB Atlas — Realm CLI setup