Notes

May 22, 2026 · aws, govcloud, cognito, ecs, alb, architecture

Single-partition GovCloud design for an SPA + ECS backend gated by a Cognito user pool owned by another team.

May 16, 2026 · aws, architecture, frontend, api-gateway, bff

Compares AWS-native frontend, BFF, and router integration patterns for protected SPA and partner API access.

May 15, 2026 · aws, govcloud, fedramp, architecture, authentication, spa, api

Reference architecture for a FedRAMP High GovCloud React SPA, authenticated asset delivery, API router, partner SDKs, and machine-to-machine access.

May 12, 2026 · aws, govcloud, architecture, cognito, avp, alb, smithy, rbac

AWS-native architecture for a GovCloud-deployable SaaS with React SPA, pluggable OIDC IdP, AVP-based RBAC, unified ALB front door, and Smithy-generated SDK.

May 12, 2026 · aws, api-gateway, alb, avp, smithy, architecture

Why and how to put API Gateway behind the ALB to centralize auth, AVP, error shaping, and cross-cutting API concerns instead of duplicating them in every service.

May 12, 2026 · react, vite, nginx, fargate, frontend, spa, accessibility, otel

React SPA design: stack, build, deploy as nginx on Fargate, SDK consumption, telemetry, security headers, dev workflow, accessibility for gov.

May 12, 2026 · aws, api-gateway, oauth, sdk, avp, partner, architecture

Public partner-facing API surface: dedicated domain, REST API Gateway, OAuth client-credentials, scopes, versioning, SDK distribution, and operational surface.

May 12, 2026 · auth, session, cognito, alb, oidc, fedramp, frontend

How session lifetime, silent refresh, idle timeout, and expiry handling work in the SPA — the standard pattern for gov/regulated SaaS.

May 9, 2026 · aws, govcloud, cognito, alb, spa, architecture

ALB-fronted architecture for a Cognito-authenticated React SPA with companion APIs in AWS GovCloud.

May 3, 2026 · aws, govcloud, keycloak, oidc, react, spa, fedramp, serverless, lambda, architecture

ALB + Lambda target groups variant of the GovCloud Keycloak SPA design — eliminates Fargate while keeping the OIDC enforcement layer on the ALB.

May 1, 2026 · multi-tenant, api-design, authorization, rbac

How established platforms model hierarchical org trees, scope APIs, place resources at create time, and move them between orgs.

Apr 28, 2026 · aws, govcloud, keycloak, oidc, react, spa, fedramp, architecture

High-level architecture and sequence diagrams for a Keycloak-protected React SPA hosted on AWS GovCloud, with auth required before any frontend asset is served.

Apr 25, 2026 · govcloud, spa, s3, alb, keycloak, oidc, cdk

Whether to keep building a Docker image per frontend release or migrate React SPA assets to S3 behind the existing OIDC-gated ALB in GovCloud.

Apr 24, 2026 · playwright, ci, github-actions, flaky-tests

GitHub Actions workflow that repeat-runs tests to catch new flakes, with a tag-based allowlist for incremental adoption.

Apr 19, 2026 · aws, bff, spa, cloudfront, lambda, fargate, api-gateway, app-runner, appsync, amplify

Comparison of AWS-native topologies for a single-page app fronted by a Backend-for-Frontend service.

Apr 19, 2026 · aws, bff, spa, keycloak, oidc, avp, cedar, fedramp, govcloud

Frontend architecture options when a separate team owns Keycloak for identity and authorization uses Amazon Verified Permissions driven by JWT claims.

Apr 18, 2026 · aws, govcloud, cdk, ecs-fargate, alb, spa

Serve a Vite SPA from nginx on Fargate behind an internal ALB, with no CloudFront, no NAT, no public endpoints. GovCloud-ready.

Apr 17, 2026 · keycloak, keycloakify, ci-cd, auth, aws

Owning a Keycloakify project end-to-end — dev loop, testing, CI/CD, and deploying themes to a running Keycloak.

Apr 14, 2026 · aws, cloudfront, observability, opex, orr, lambda-edge, rum, synthetics, waf, x-ray

Complete observability, release, on-call, and ORR strategy for a CloudFront + Lambda@Edge + S3 frontend application.

Apr 14, 2026 · git, workflow, ci

How to maintain a customized fork of another team's codebase with automated upstream syncing.