Project Wrap-Up, Architecture Review, and Hardening Checklist
Review the full serverless upload dashboard architecture, understand operational risks, and follow a hardening checklist for production readiness.
This lesson is purely conceptual — no AWS usage required.
The Full Project in One Sentence
A browser frontend talks to API Gateway, API Gateway routes requests to Lambda, Lambda reads and writes DynamoDB and generates presigned S3 URLs, S3 stores the actual files, S3 events invoke Lambda after uploads, and CloudWatch is where you inspect logs and signals when something goes wrong.
Architecture Review
1) Frontend
Your frontend is a static site hosted on S3. It allows users to list files, view details, securely open objects, upload directly to S3, and delete resources. It does not talk directly to DynamoDB and should not hold AWS credentials.
2) API Layer
API Gateway HTTP API receives browser requests and routes them to Lambda. Built-in CORS support allows the browser to call your backend securely from its S3 origin.
3) Compute Layer
Lambda handles the logic: generating upload tickets, reading metadata, querying lists, and performing deletions. These functions are invoked synchronously for API requests and asynchronously for S3 events.
4) Storage & Events
S3 stores the file objects. It emits ObjectCreated events that trigger your metadata pipeline. We used an incoming/ prefix to prevent recursive execution loops.
5) Metadata Storage
DynamoDB stores structured file data. Our partition key (bucket) and sort key (object_key) design allows for efficient single-item lookups and prefix-based listing.
6) Monitoring
CloudWatch provides visibility. Lambda logs are the first place to look when a trigger fails or an API returns an error.
The Project Flow
Hardening Checklist
| Area | Good Project State |
|---|---|
| Security | Upload bucket is private; access is via temporary presigned URLs. |
| CORS | API Gateway and S3 only allow your specific frontend origin. |
| Safety | S3 triggers are prefix-scoped to avoid recursive loops. |
| API | HTTP methods (GET, POST, DELETE) correctly match actions. |
| State | Frontend reloads or refreshes after write operations to stay in sync. |
| Visibility | Lambda execution roles have permissions to write to CloudWatch Logs. |
Micro-activity 1: Explain your Project
Think about it
Write a 5-line explanation of your dashboard covering: (1) Frontend hosting, (2) API layer, (3) File storage, (4) Metadata storage, (5) Monitoring. Use the specific AWS services you chose for each layer.
Micro-activity 2: Failure Drill
Match the problem to where you'd look first
Match each failure symptom to the first place you should investigate.
Examples
Choose one, then match it on the right
Characteristics
Select an example first
0 of 4 matched so far.
Summary
Module 3.2 is now complete. You've built a full-stack system where every service has a specific role. The architecture works as a cohesive unit: routing, logic, storage, events, and metadata all synchronized to provide a seamless user experience.