TradePulse.AI AWS Architecture
Professional AI Trading Platform
Real-time cryptocurrency trading with advanced ML models
EU-WEST-2 (London)
Traders & Users
Portfolio managers, day traders accessing TradePulse.AI platform
Route 53
DNS management
• Custom domain
• Health checks
• CNAME/ALIAS records
• Custom domain
• Health checks
• CNAME/ALIAS records
CloudFront CDN
Global CDN
• Edge caching
• /api → App Runner
• Static → S3
• Edge caching
• /api → App Runner
• Static → S3
ACM Certificate
Certificate provider
• Attached to CloudFront
• Auto-renewal
• DNS validation
• Attached to CloudFront
• Auto-renewal
• DNS validation
S3 Static Site
Frontend hosting
• React/Astro build
• Private bucket
• OAC security
• React/Astro build
• Private bucket
• OAC security
Binance API
Live market data
• WebSocket streams
• Real-time prices
• Order execution
• WebSocket streams
• Real-time prices
• Order execution
GitHub Actions
CI/CD Pipeline
• Docker builds
• Terraform deploy
• OIDC authentication
• Docker builds
• Terraform deploy
• OIDC authentication
IAM Role
GitHub OIDC
• Assume role
• No API keys
• Least privilege
• Assume role
• No API keys
• Least privilege
AWS App Runner
Trading backend
• /health /ready endpoints
• Auto-scaling (1-3)
• Singleton lease
• /health /ready endpoints
• Auto-scaling (1-3)
• Singleton lease
Secrets Manager
API key rotation
• Binance credentials
• Auto-rotation
• KMS encryption
• Binance credentials
• Auto-rotation
• KMS encryption
Elastic Container Registry
Docker images
• Backend containers
• ML models
• Vulnerability scanning
• Backend containers
• ML models
• Vulnerability scanning
SSM Parameter Store
Configuration
• SecureString (KMS)
• Environment vars
• Runtime settings
• SecureString (KMS)
• Environment vars
• Runtime settings
DynamoDB
7 Tables:
• tp_signals, tp_portfolio
• tp_runtime (lease)
• Point-in-time recovery
• tp_signals, tp_portfolio
• tp_runtime (lease)
• Point-in-time recovery
CloudWatch
Monitoring & logs
• Custom dashboards
• Brain heartbeat
• Performance metrics
• Custom dashboards
• Brain heartbeat
• Performance metrics
SNS Alerts
Email notifications
• Brain controller down
• 5xx errors
• DDB throttling
• Brain controller down
• 5xx errors
• DDB throttling
🚀 Production Environment
Trading Backend
https://tradepulse-backend-xxx***.eu-west-2.aws.com
✅ LIVE TRADING
Real-time WebSocket
wss://stream.binance.com:9443/ws/xxx***@ticker
✅ STREAMING
CloudWatch Dashboard
https://eu-west-2.console.aws.amazon.com/cloudwatch/xxx***
✅ MONITORING
⚡ Complete Architecture Flow
1
Frontend Access: Users → Route53 → CloudFront → S3 (static) + App Runner (/api)
2
CI/CD Pipeline: GitHub Actions → IAM Role (OIDC) → ECR + Terraform → Infrastructure
3
Trading Engine: App Runner ↔ Binance API → AI Models → DynamoDB (tp_runtime lease)
4
Security & Secrets: Secrets Manager (API rotation) + SSM (config) → App Runner
5
Monitoring & Alerts: CloudWatch (brain heartbeat) → SNS → Email notifications
Frontend & CDN
- S3 static site hosting (React/Astro)
- CloudFront global CDN with edge caching
- Route 53 DNS with health checks
- ACM SSL certificates with auto-renewal
- CloudFront routing: /api → App Runner
Trading Engine & APIs
- Real-time BTCUSDT day trading
- Binance WebSocket bidirectional streams
- Multi-layer AI confidence models
- Singleton lease (tp_runtime table)
- /health & /ready endpoints
Security & Secrets
- GitHub OIDC (no API keys in CI/CD)
- Secrets Manager with auto-rotation
- SSM Parameter Store (KMS encrypted)
- IAM least privilege roles
- DynamoDB point-in-time recovery
Monitoring & Alerting
- CloudWatch custom dashboards
- Brain controller heartbeat monitoring
- SNS email alerts (5xx, throttling)
- Container vulnerability scanning
- Infrastructure as Code (Terraform)