Plug n play · reference demo
Serverless, secure, multi-tenant.
A single AWS stack that a restaurant's staff can sign into, ask questions of their own data in plain English, and see only their numbers — scoped all the way down to the database row.
What this demonstrates
1
One command.
Nine CloudFormation stacks, one cdk deploy. A fresh AWS account goes from empty to production-ready in under twenty minutes.
4
Four security layers.
WAF perimeter, JWT at the API boundary, row-level security in Postgres, and an origin-verify secret that prevents WAF bypass.
∞
Per-tenant isolation.
Every query carries the user's tenant ID. Postgres rejects cross-tenant reads at the database — not in the application.
Run cost
Under $75/month, steady state.
Aurora idle is the only always-on compute. Every other component bills per-request and costs effectively zero between sessions. WAF is a flat fee we pay on purpose — security posture should not depend on whether a demo is running.
- Aurora Serverless v2 (0.5 ACU idle)~$45
- RDS Proxy~$14
- AWS WAF + CloudFront~$11
- Lambda · API GW · Amplify · DynamoDB · misc<$5
Next
See it run. Then see how it's built.
Log in with the demo credentials to see the app from a restaurant operator's perspective. Or walk through the architecture — every AWS service, why it's there, and what happens when a request arrives.