CDIG.drawio.png

Customer Data Import Gateway Service

This architecture diagram, titled Customer Data Import Gateway, represents a robust, event-driven, secure, and scalable pipeline for ingesting files from external customer systems into a cloud-native data processing backend. It integrates the AWS Transfer Family solution, malware scanning, routing, error handling, and customer-specific processingβ€”all within AWS server-less infrastructure .

πŸ” End-to-End Flow Breakdown:

πŸ§β€β™€οΈ Customer Interaction

  • Customers initiate file transfers via:

    • AWS Transfer Family using SFTP or AS2

    • Direct S3 uploads to the Customer B2B S3 bucket

    • Planned integration with public REST APIs

πŸ“₯ Data Ingestion Layer

  • Files enter the Data Ingest Endpoints and are deposited into the S3 Landing Bucket

  • An event is triggered (via S3 or EventBridge)

πŸ›‘οΈ Security Scanning

  • Files from the Landing Bucket are picked up by a Cloud Security Scanner:

    • If malware is detected, the file is moved to the S3 Quarantine Bucket

      • This triggers:

        • An Error Handler Lambda

        • Alerts/paging via an integrated Alert System and Ticketing System

        • Human triage/escalation

βœ… Clean File Routing

  • If the file is clean, it's moved to an S3 Clean Customer Bucket

  • A Routing Lambda:

    • Retrieves customer-specific configurations from DynamoDB

    • Directs the file to the appropriate Application or Data Processing Pipeline

πŸ”„ Downstream & Monitoring

  • Event-driven processes ensure:

    • Ingested files are routed to the correct business workflow

    • CloudWatch provides logging/metrics

    • EventBridge handles orchestration and decoupled event distribution

βœ… What This Architecture Accomplishes:

  • Secure, multi-protocol ingestion Supports SFTP, AS2, and direct S3 uploads

  • Malware detection Inline scanning via Sophos; infected files are quarantined

  • Automated routing Dynamic routing using Lambda + DynamoDB stored customer configs

  • Auditing and alerts Full observability via CloudWatch, alerts via a paging system, and ticket generation

  • Error handling with escalation Quarantine triggers Lambda β†’ alert β†’ ticket β†’ human triage

  • Modular and scalable Event-driven, serverless architecture with clear decoupling of components

  • Customer-specific workflows Per-customer configurations drive downstream processing logic

🧩 Key AWS Services Involved:

  • AWS Transfer Family (SFTP/AS2) – External ingestion

  • Amazon S3 – Storage: Landing, Quarantine, Clean

  • Lambda – Custom logic: Error handling, routing, downstream ingest

  • EventBridge – Event-based orchestration

  • Amazon CloudWatch – Monitoring & logs

  • DynamoDB – Stores customer-specific routing/configuration

  • Ticket System & Alerting System – Operational visibility & response β€” You may want to use something like ServiceNow and/or PagerDuty

πŸ’‘ Common Use Cases:

  • Pharmaceutical, healthcare, or B2B SaaS companies needing secure, automated ingestion of sensitive partner data

  • Enterprises handling many customer-specific workflows and needing observability and fail-safes

Previous

AWS Transfer Family Custom IDP
Next

SaaS App Control Plane