The architecture describes a pattern to build a headless e-commerce web application, using the native services offered by AWS to implement core capabilities – including search, personalization, marketing, fraud detection, customer authentication, location services, and chatbots. It is designed to enrich the customer experience and provide a solution that is both scalable and cost effective.

Architecture Diagram

  • Part 1
  • Disclaimer: Not for production use

    Download PDF 


    1. Customers access the web application through different channels. Amazon Route 53, the Domain Name System (DNS) enables front-end clients to resolve the website hostname to the AWS content delivery network (Amazon CloudFront). Amazon CloudFront takes care to route the web requests to origin servers, caches the static content & assets served from Amazon S3 and Origin servers. It also secures the application traffic using AWS WAF (a web application firewall), which helps protect the application against common exploits and bots.
    2. The web application uses Amazon Cognito to perform authentication (user sign-up, sign-in) and authorization of backend APIs.
    3. Amazon Simple Storage Service (Amazon S3) is a highly available and durable object storage service that stores and serves the static assets (images and videos).
    4. Application Load Balancer (ALB) serves the front-end web requests by automatically distributing the incoming traffic across multiple web tier targets, deployed in multiple Availability Zones.
    5. Amazon API Gateway is a fully managed service that interfaces the backend micro-services to access data and execute the business logic. These micro-services are exposed as Restful APIs for consumption by Web Tier and the Mobile App.
    6. eCommerce frontend/Web Tier is a headless and responsive web UI, built on your choice of frontend technologies (like ReactJS, VueJS, AngularJS, NodeJS, etc.) and deployed on AWS Fargate (serverless compute service). This Web Tier uses Amazon Elastic Cache to cache static content and orchestrated backend API responses; and Amazon DynamoDB table to persist the user sessions and frontend application configurations (e.g. Feature flags).
    7. eCommerce Backend Services (App Tier) is a set of stateless Restful micro-services built to access the data and also execute specific business logic (such as OrderMx for cart and checkout as well as PaymentMx for handling payments). These micro-services are deployed on the serverless compute services (AWS Fargate and AWS Lambda). Amazon DynamoDB in the App Tier provide the ecommerce application data store. It holds products, customer and customer transaction data (such as orders and shopping carts). DynamoDB DAX caches the database query results, while Amazon ElastiCache caches the transformed response of individual microservices.
  • Part 2
  • Disclaimer: Not for production use

    Download PDF 


    8. Amazon EventBridge is a serverless event bus used by both Web and App Tiers to emit events that will be consumed asynchronously by the micro-services in the App Tier and/or other supported sources to perform specific actions. As an example, a Customer Consent sign-up action on the front-end triggers an event to Amazon EventBridge, which in response invokes multiple backend micro-services to execute independent business logic and update isolated applications/datastores such as DynamoDB, Amazon Pinpoint as well as third-party CMS and marketing systems.

    9. Both the Web and App Tiers use Amazon Elastic File System (EFS) to share common code and files such as properties/configurations, JavaScript, CSS and JSON templates.

    10. A set of AWS services delivering core ecommerce business capabilities. Amazon Open Search for intelligent search and filtering or products, Amazon Personalize for AI/ML powered product and offer recommendations, Amazon Pinpoint for marketing campaigns and push notifications, Amazon Location Service for Maps, store locator, delivery tracking, etc. Amazon Fraud Detector to detect fraudulent transactions (such as malicious attempts of customer login and payment), Amazon Lex for AI/ML powered chatbot.

    11. Amazon Simple Queue Service (Amazon SQS) first in, first out (FIFO) is used to publish the order messages for the orders placed by customers using the eCommerce application, to the Order Management System (OMS) for processing and fulfillment.

    12. Amazon Managed Streaming for Apache Kafka (MSK) is used to perform the ETL (Extract, Transform and Load) activities at scale (such as importing data feeds into eCommerce data stores. These include data feeds such as product/catalog data from the PIM, near real-time inventory and order status updates from Supply Chain Systems.

    13. Some of the key third party services and applications, which integrate with the ecommerce application to deliver business capabilities.

Well-Architected Pillars

  • The majority of the services in the architecture are either AWS managed or serverless, reducing operational overhead for customers. It allows the undifferentiated "heavy lifting" of maintaining infrastructure and servers/services to be offloaded to AWS.

  • The front door of the architecture is Amazon CloudFront, which allows customers to enable TLS to secure data in transit - and also makes use of AWS WAF and AWS Shield to protect from any malicious attacks. Data at Rest in AWS is encrypted in a way that allows customers to choose an encryption key.

    All the services in the architecture can be protected with fine-grained resource level permissions, with services intercommunicating with the help of service roles. The architecture and services used offer security best practices which the customer can use to make the end solution secure (providing shared security responsibility).

  • The services used are either AWS managed or serverless, which makes the architecture reliable to handle the application traffic effectively. The core compute services can be deployed in multiple Availability Zones (AZs) for high availability and the storage service (Amazon S3) by default provides 11 9s of durability and high availability.

    All other services used in the architecture offer customers an ability to design for resiliency per their Recovery Time Objective (RTO) and Recovery Point Objective (RPO) requirements.

  • Being serverless, the architecture efficiently handles varying request volumes. It also makes use of Amazon CloudFront, Amazon ElastiCache and Amazon DynamoDB Accelerator (DAX) to cache data at various tiers improving the application performance.

    Customers have complete control to choose the most appropriate configurations for each of the services to meet the performance efficiency (such as allocating the right vCPUs and storage for the Amazon Elastic Container Service (Amazon ECS) tasks, choosing the Read capacity units (RCUs) and web ACL capacity units (WCU) for Amazon DynamoDB.

  • The services used for the architecture are serverless and they are AWS managed services, allowing customers to only pay for what they use. And cache layering at different tiers eliminates the frequency of data or service access - thus reducing costs. Another benefit of being AWS managed is that there are no costs for maintaining servers.

  • The compute services are serverless, making the architecture sustainable. For more efficient sustainability, customer can choose latest AWS Graviton processors for the compute services.


The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.