C4 Architecture
Last Updated: 2026-03-06 Sources: All 14 repositories, .state/discovered-accounts.json, .state/org-ous.json, .state/discovered-scps.json
Executive Summary
This document presents the NDX:Try AWS architecture using the C4 model (Context, Containers, Components). It provides hierarchical views from the system boundary down to internal component structure, covering both the Innovation Sandbox (ISB) platform and the NDX website ecosystem. The architecture follows an event-driven satellite pattern with a serverless-first approach across 117 AWS accounts.
Level 1: System Context Diagram
NDX + ISB Ecosystem
Level 2: Container Diagram - ISB Platform
ISB Core + Satellites
Level 2: Container Diagram - NDX Website
Content Platform
Level 3: Component Diagram - ISB Core
Internal Structure
Key Architectural Patterns
1. Event-Driven Satellite Architecture
Pattern: ISB Core publishes lifecycle events to EventBridge. Satellites subscribe to relevant event patterns and operate independently.
Benefits:
- Satellites can be added/removed without ISB Core changes
- Fault isolation (satellite failure does not break core)
- Independent deployment and scaling
Drawbacks:
- Eventual consistency between components
- Distributed tracing complexity
- No event schema versioning currently in place
2. Multi-Account Isolation (110 Pool + 7 Special)
Pattern:
- Hub Account (568672915267): Control plane with all orchestration
- Pool Accounts (110): Isolated workload environments
- Management Account (955063685555): Organization root, billing
- Supporting Accounts: Network, Perimeter, SharedServices, Audit, LogArchive
3. Serverless-First
Pattern: Lambda for all compute (21+ functions), DynamoDB for persistence, S3 for objects, Step Functions for orchestration, CodeBuild only for AWS Nuke execution.
No EC2 instances are used in the ISB platform.
4. API Gateway + Lambda + Cognito
Pattern: REST API Gateway fronts all HTTP endpoints, Cognito provides JWT authorization, Lambda functions handle per-resource-type logic.
Technology Stack Summary
ISB Core
| Layer | Technology | Version |
|---|---|---|
| Frontend | React + Vite | React 18 |
| API | API Gateway REST | v1 |
| Compute | Lambda (Node.js) | Node 20.x |
| Orchestration | Step Functions | Standard |
| Data | DynamoDB | On-demand |
| Events | EventBridge | Custom bus |
| Auth | Cognito + Identity Center | SAML 2.0 |
| IaC | AWS CDK | v2.170.0 |
ISB Satellites
| Component | Runtime | CDK Version | Key Dependencies |
|---|---|---|---|
| Approver | Node 20.x | v2.170.0 | Bedrock, Lambda Powertools, zod v3 |
| Deployer | Node 22.x | N/A | Secrets Manager, js-yaml |
| Costs | TypeScript | v2.240.0 | Cost Explorer, EventBridge Scheduler, zod v4 |
| Billing Separator | TypeScript | v2.240.0 | Organizations, SQS, luxon, zod v4 |
NDX Website
| Component | Technology | Version |
|---|---|---|
| Static Site Generator | Eleventy | v3.1.2 |
| Design System | GOV.UK Eleventy Plugin | v8.3.1 |
| Hosting | S3 + CloudFront | - |
| Package Manager | Yarn | v4.5.0 |
| E2E Testing | Playwright | v1.58.2 |
Security Boundaries
Trust Zones
Critical Path: Lease Request to Active Sandbox
- User submits request via Frontend (React)
- Frontend calls API Gateway (POST /leases)
- API Gateway validates JWT, invokes Leases Lambda
- Leases Lambda creates lease in DynamoDB, publishes LeaseRequested
- EventBridge routes to Approver
- Approver executes 19 rules + Bedrock AI, publishes LeaseApproved
- EventBridge routes to Lifecycle Manager and Deployer
- Lifecycle Manager moves account OU (Available to Active), grants IDC permissions
- Deployer fetches template from GitHub, deploys CloudFormation to pool account
- User receives access URL and logs into AWS Console
Total Time: ~30-90 seconds (auto-approve) or 1-24 hours (manual review)
References
- 70-data-flows.md - Detailed data flow diagrams
- 81-aws-architecture.md - AWS infrastructure view
- 10-isb-core-architecture.md - ISB internals
- C4 Model - Architecture visualization framework
Generated from source analysis. See 00-repo-inventory.md for full inventory.