Notes

Notes and explorations on various topics.

• React SPA + Keycloak on GovCloud — Serverless Variant

  May 3, 2026 · aws, govcloud, keycloak, oidc, react, spa, fedramp, serverless, lambda, architecture

  ALB + Lambda target groups variant of the GovCloud Keycloak SPA design — eliminates Fargate while keeping the OIDC enforcement layer on the ALB.

• Hierarchical Multi-Org API Patterns

  May 1, 2026 · multi-tenant, api-design, authorization, rbac

  How established platforms model hierarchical org trees, scope APIs, place resources at create time, and move them between orgs.

• React SPA + Keycloak Auth on AWS GovCloud

  Apr 28, 2026 · aws, govcloud, keycloak, oidc, react, spa, fedramp, architecture

  High-level architecture and sequence diagrams for a Keycloak-protected React SPA hosted on AWS GovCloud, with auth required before any frontend asset is served.

• GovCloud SPA Hosting: ECS/nginx vs Internal ALB + S3

  Apr 25, 2026 · govcloud, spa, s3, alb, keycloak, oidc, cdk

  Whether to keep building a Docker image per frontend release or migrate React SPA assets to S3 behind the existing OIDC-gated ALB in GovCloud.

• Detecting Flaky Playwright Tests in CI with an Allowlist

  Apr 24, 2026 · playwright, ci, github-actions, flaky-tests

  GitHub Actions workflow that repeat-runs tests to catch new flakes, with a tag-based allowlist for incremental adoption.

• SPA + BFF Architectures on AWS

  Apr 19, 2026 · aws, bff, spa, cloudfront, lambda, fargate, api-gateway, app-runner, appsync, amplify

  Comparison of AWS-native topologies for a single-page app fronted by a Backend-for-Frontend service.

• SPA + BFF with Keycloak AuthN and AVP AuthZ

  Apr 19, 2026 · aws, bff, spa, keycloak, oidc, avp, cedar, fedramp, govcloud

  Frontend architecture options when a separate team owns Keycloak for identity and authorization uses Amazon Verified Permissions driven by JWT claims.

• GovCloud-Compatible React SPA on ECS Fargate

  Apr 18, 2026 · aws, govcloud, cdk, ecs-fargate, alb, spa

  Serve a Vite SPA from nginx on Fargate behind an internal ALB, with no CloudFront, no NAT, no public endpoints. GovCloud-ready.

• Keycloakify Pipeline: Build, Test, Deploy

  Apr 17, 2026 · keycloak, keycloakify, ci-cd, auth, aws

  Owning a Keycloakify project end-to-end — dev loop, testing, CI/CD, and deploying themes to a running Keycloak.

• AWS-Native Frontend Operational Excellence

  Apr 14, 2026 · aws, cloudfront, observability, opex, orr, lambda-edge, rum, synthetics, waf, x-ray

  Complete observability, release, on-call, and ORR strategy for a CloudFront + Lambda@Edge + S3 frontend application.

• Upstream Fork Strategy

  Apr 14, 2026 · git, workflow, ci

  How to maintain a customized fork of another team's codebase with automated upstream syncing.