Infrastructure

The Transactions Service is deployed entirely on AWS using Terraform. All infrastructure is defined in deploy/ and managed per-environment (test, prod). The application identifier is txn.

Lambda Functions

Function Trigger Timeout Memory Key IAM Permissions

Function	Trigger	Timeout	Memory	Key IAM Permissions
`prod-txn-api`	API Gateway (`prod-txn` IAM + `prod-floatme-api` JWT)	300s	1024 MB	DynamoDB read/write (transactions, plaid, institutions, legacy tables); SQS send (plaid-webhooks); EventBridge PutEvents; Plaid, GrowthBook, Iterable secrets
`prod-txn-webhook`	API Gateway (`prod-floatme-webhook-api`)	300s	default	SQS send (plaid-webhooks); Plaid secrets
`prod-txn-miner`	SQS (`prod-txn-plaid-webhooks`)	~810s (90% of SQS visibility timeout)	default	DynamoDB read/write (transactions, plaid, legacy tables); Kinesis PutRecords (plaid-transactions); SQS receive (plaid-webhooks), SQS send (throttle); User Service, LOC Service, Payments Service, Admin API calls; Plaid, GrowthBook, Segment secrets
`prod-txn-throttle-miner`	SQS (`prod-txn-throttle`)	~810s (90% of SQS visibility timeout)	256 MB	DynamoDB read/write (transactions, plaid tables); Kinesis PutRecords (plaid-transactions); SQS receive + send (throttle); User Service, LOC Service calls; Plaid, GrowthBook, Segment secrets
`prod-txn-refiner`	Kinesis (`prod-txn-plaid-transactions`)	840s	512 MB	DynamoDB read/write (transactions table); Kinesis DescribeStream + GetRecords; SQS send (insight-remove); EventBridge PutEvents
`prod-txn-feeder`	DynamoDB Streams (transactions + plaid tables)	840s	default	Kinesis PutRecords (floatme-transactions); DynamoDB Streams GetRecords; DynamoDB read (plaid table); EventBridge PutEvents; Plaid secrets
`prod-txn-listener`	SQS (`prod-txn-listener-eventbridge`)	840s	512 MB	DynamoDB read (plaid, transactions tables — Query only); SQS receive (listener-eventbridge), SQS send (plaid-webhooks)
`prod-txn-institution`	CloudWatch schedule (weekly, Sunday 00:00 UTC)	300s	256 MB	DynamoDB PutItem (institutions table); Plaid secrets

prod-txn-api

API Gateway (prod-txn IAM + prod-floatme-api JWT)

300s

1024 MB

DynamoDB read/write (transactions, plaid, institutions, legacy tables); SQS send (plaid-webhooks); EventBridge PutEvents; Plaid, GrowthBook, Iterable secrets

prod-txn-webhook

API Gateway (prod-floatme-webhook-api)

300s

default

SQS send (plaid-webhooks); Plaid secrets

prod-txn-miner

SQS (prod-txn-plaid-webhooks)

~810s (90% of SQS visibility timeout)

default

DynamoDB read/write (transactions, plaid, legacy tables); Kinesis PutRecords (plaid-transactions); SQS receive (plaid-webhooks), SQS send (throttle); User Service, LOC Service, Payments Service, Admin API calls; Plaid, GrowthBook, Segment secrets

prod-txn-throttle-miner

SQS (prod-txn-throttle)

~810s (90% of SQS visibility timeout)

256 MB

DynamoDB read/write (transactions, plaid tables); Kinesis PutRecords (plaid-transactions); SQS receive + send (throttle); User Service, LOC Service calls; Plaid, GrowthBook, Segment secrets

prod-txn-refiner

Kinesis (prod-txn-plaid-transactions)

840s

512 MB

DynamoDB read/write (transactions table); Kinesis DescribeStream + GetRecords; SQS send (insight-remove); EventBridge PutEvents

prod-txn-feeder

DynamoDB Streams (transactions + plaid tables)

840s

default

Kinesis PutRecords (floatme-transactions); DynamoDB Streams GetRecords; DynamoDB read (plaid table); EventBridge PutEvents; Plaid secrets

prod-txn-listener

SQS (prod-txn-listener-eventbridge)

840s

512 MB

DynamoDB read (plaid, transactions tables — Query only); SQS receive (listener-eventbridge), SQS send (plaid-webhooks)

prod-txn-institution

CloudWatch schedule (weekly, Sunday 00:00 UTC)

300s

256 MB

DynamoDB PutItem (institutions table); Plaid secrets

DynamoDB Tables

Table Region Entity Types Streams Notes

Table	Region	Entity Types	Streams	Notes
`prod-txn-transactions`	us-east-2	Transactions, Accounts, Webhooks, Balance History	Yes (feeder Lambda)	Primary table for user financial data. Stream filtered for ACCOUNT and TRANSACTION types by the feeder.
`prod-txn-plaid`	us-east-2	Items, Liabilities, Liability History, KYC / Identity Verification	Yes (feeder Lambda)	Plaid-specific state. Item TTL expiration is handled by the feeder for cleanup.
`prod-txn-plaid-institutions`	us-east-2	Institutions	No	Simple key-value store keyed by `institution_id`. Refreshed weekly.
`prod-txn-items` (legacy)	us-east-1	Legacy Plaid Items	No	Read by miner and API Lambda for backwards compatibility.
`prod-txn-history` (legacy)	us-east-1	Legacy Account Change History	No	Read by the API Lambda for the legacy history endpoint.

prod-txn-transactions

us-east-2

Transactions, Accounts, Webhooks, Balance History

Yes (feeder Lambda)

Primary table for user financial data. Stream filtered for ACCOUNT and TRANSACTION types by the feeder.

prod-txn-plaid

us-east-2

Items, Liabilities, Liability History, KYC / Identity Verification

Yes (feeder Lambda)

Plaid-specific state. Item TTL expiration is handled by the feeder for cleanup.

prod-txn-plaid-institutions

us-east-2

Institutions

Simple key-value store keyed by institution_id. Refreshed weekly.

prod-txn-items (legacy)

us-east-1

Legacy Plaid Items

Read by miner and API Lambda for backwards compatibility.

prod-txn-history (legacy)

us-east-1

Legacy Account Change History

Read by the API Lambda for the legacy history endpoint.

SQS Queues

Queue Visibility Timeout Delivery Delay Max Receive Count Purpose

Queue	Visibility Timeout	Delivery Delay	Max Receive Count	Purpose
`prod-txn-plaid-webhooks`	900s	0s	5	Receives Plaid webhook events from the webhook Lambda. Consumed by the miner.
`prod-txn-throttle`	900s	30s	5	Receives paginated mine requests from the miner. The 30s delay prevents Plaid rate limiting. Consumed by the throttle-miner.
`prod-txn-listener-eventbridge`	900s	0s	5	Receives Auth0 Log Stream events from EventBridge. Consumed by the listener Lambda.
`prod-txn-unroller-writes`	900s	0s	5	Receives write requests from the unroller process.
`prod-txn-insight-remove`	(configured by Insight Service)	0s	(configured by Insight Service)	Receives transaction removal notifications from the refiner Lambda. Owned and consumed by the Insight Service.

prod-txn-plaid-webhooks

900s

Receives Plaid webhook events from the webhook Lambda. Consumed by the miner.

prod-txn-throttle

900s

30s

Receives paginated mine requests from the miner. The 30s delay prevents Plaid rate limiting. Consumed by the throttle-miner.

prod-txn-listener-eventbridge

900s

Receives Auth0 Log Stream events from EventBridge. Consumed by the listener Lambda.

prod-txn-unroller-writes

900s

Receives write requests from the unroller process.

prod-txn-insight-remove

(configured by Insight Service)

Receives transaction removal notifications from the refiner Lambda. Owned and consumed by the Insight Service.

All queues have a corresponding Dead Letter Queue (DLQ). Messages that exhaust their maximum receive count are moved to the DLQ for manual inspection.

Kinesis Streams

Stream Direction Producers Consumers Purpose

Stream	Direction	Producers	Consumers	Purpose
`prod-txn-plaid-transactions`	Internal	`prod-txn-miner`, `prod-txn-throttle-miner`	`prod-txn-refiner`	Raw Plaid transaction and account data. Internal to the service.
`prod-txn-floatme-transactions`	Outbound	`prod-txn-feeder`	Downstream FloatMe services	Refined account and transaction change events in FloatMe format. Consumed externally.

prod-txn-plaid-transactions

Internal

prod-txn-miner, prod-txn-throttle-miner

prod-txn-refiner

Raw Plaid transaction and account data. Internal to the service.

prod-txn-floatme-transactions

Outbound

prod-txn-feeder

Downstream FloatMe services

Refined account and transaction change events in FloatMe format. Consumed externally.

Kinesis consumer configuration for the refiner:

Batch size: 10
Parallelization factor: 2
Starting position: AT_TIMESTAMP (offset -15 minutes from deploy)
Error handling: BisectBatchOnFunctionError enabled

EventBridge

Bus / Rule Purpose

Bus / Rule	Purpose
`prod-auth0` (external bus)	Receives Auth0 login events (`gd_auth_succeed`, `sepft`, `sertft`). Routes matching events to the `prod-txn-listener-eventbridge` SQS queue.
`floatme-events` (default bus)	Internal domain event bus. Receives `item-created` events from the API Lambda, `new_account` events from the feeder, and `user_new_txns_batch_completed` events from the refiner.

prod-auth0 (external bus)

Receives Auth0 login events (gd_auth_succeed, sepft, sertft). Routes matching events to the prod-txn-listener-eventbridge SQS queue.

floatme-events (default bus)

Internal domain event bus. Receives item-created events from the API Lambda, new_account events from the feeder, and user_new_txns_batch_completed events from the refiner.

Secrets Manager

All secrets are namespaced by environment (site/…).

Secret Path Purpose

Secret Path	Purpose
`site/plaid`	Plaid API credentials (client ID, secret, environment). Used by the API, miner, throttle-miner, feeder, webhook, and institution Lambdas.
`site/growthbook`	GrowthBook SDK key for feature flag evaluation. Used by API, miner, throttle-miner.
`site/iterable`	Iterable API key for marketing/notification events. Used by the API Lambda.
`site/segment`	Segment write key for analytics events. Used by miner and throttle-miner.
`site/datadog/terraform`	Datadog API key used by Terraform to configure the Datadog integration for metrics and tracing.

site/plaid

Plaid API credentials (client ID, secret, environment). Used by the API, miner, throttle-miner, feeder, webhook, and institution Lambdas.

site/growthbook

GrowthBook SDK key for feature flag evaluation. Used by API, miner, throttle-miner.

site/iterable

Iterable API key for marketing/notification events. Used by the API Lambda.

site/segment

Segment write key for analytics events. Used by miner and throttle-miner.

site/datadog/terraform

Datadog API key used by Terraform to configure the Datadog integration for metrics and tracing.

API Gateways

Gateway Auth Purpose

Gateway	Auth	Purpose
`prod-txn`	AWS IAM (SigV4)	Internal API. Used by FloatMe backend services (User Service, Float Service, Underwriting, etc.) and the main global FloatMe API gateway for routing authenticated mobile requests.
`prod-floatme-api`	JWT (Auth0)	Legacy mobile-facing gateway. Primarily used for user signup flows.
`prod-floatme-webhook-api`	None (IP allowlist)	Receives incoming webhooks from Plaid and other external providers. Routes to the webhook Lambda.

prod-txn

AWS IAM (SigV4)

Internal API. Used by FloatMe backend services (User Service, Float Service, Underwriting, etc.) and the main global FloatMe API gateway for routing authenticated mobile requests.

prod-floatme-api

JWT (Auth0)

Legacy mobile-facing gateway. Primarily used for user signup flows.

prod-floatme-webhook-api

None (IP allowlist)

Receives incoming webhooks from Plaid and other external providers. Routes to the webhook Lambda.

Scheduled Jobs

Lambda Schedule Purpose

Lambda	Schedule	Purpose
`prod-txn-institution`	`cron(0 0 ? * 7 *)` — every Sunday at 00:00 UTC	Fetches all institution metadata from Plaid and writes it to the `prod-txn-plaid-institutions` DynamoDB table. Keeps institution data (logos, routing numbers, OAuth support, connection health) up to date without requiring real-time lookups.

prod-txn-institution

cron(0 0 ? * 7 *) — every Sunday at 00:00 UTC

Fetches all institution metadata from Plaid and writes it to the prod-txn-plaid-institutions DynamoDB table. Keeps institution data (logos, routing numbers, OAuth support, connection health) up to date without requiring real-time lookups.

Terraform Structure

All infrastructure is defined in deploy/:

File Contents

File	Contents
`main.tf`	AWS provider aliases (9 total for cross-region resources), data sources for all external resources (Kinesis streams, SQS queues, API Gateways, DynamoDB tables, EventBridge bus).
`lambda.tf`	All Lambda function definitions, IAM roles and policies, event source mappings (SQS, Kinesis, DynamoDB Streams triggers).
`dynamo.tf`	DynamoDB table definitions and stream configurations for the three primary tables and two legacy tables.
`eventbridge.tf`	EventBridge rules for Auth0 login event routing. SQS policy allowing EventBridge to send messages to the listener queue.
`cloudwatch.tf`	CloudWatch Event Rule for the weekly institution sync schedule.
`secrets.tf`	Secrets Manager secret references for Plaid, GrowthBook, Iterable, Segment, and Datadog.
`variables.tf`	All configurable parameters: table names, stream names, queue names, Plaid configuration (webhook URL, link redirect URI, feature flag values), timeouts, and service endpoint overrides.
`outputs.tf`	`api_endpoint` — the main API Gateway URL; `plaid_webhooks_sqs_endpoint` — the webhook SQS URL registered with Plaid.

main.tf

AWS provider aliases (9 total for cross-region resources), data sources for all external resources (Kinesis streams, SQS queues, API Gateways, DynamoDB tables, EventBridge bus).

lambda.tf

All Lambda function definitions, IAM roles and policies, event source mappings (SQS, Kinesis, DynamoDB Streams triggers).

dynamo.tf

DynamoDB table definitions and stream configurations for the three primary tables and two legacy tables.

eventbridge.tf

EventBridge rules for Auth0 login event routing. SQS policy allowing EventBridge to send messages to the listener queue.

cloudwatch.tf

CloudWatch Event Rule for the weekly institution sync schedule.

secrets.tf

Secrets Manager secret references for Plaid, GrowthBook, Iterable, Segment, and Datadog.

variables.tf

All configurable parameters: table names, stream names, queue names, Plaid configuration (webhook URL, link redirect URI, feature flag values), timeouts, and service endpoint overrides.

outputs.tf

api_endpoint — the main API Gateway URL; plaid_webhooks_sqs_endpoint — the webhook SQS URL registered with Plaid.

Architecture — System context diagram and component overview
Event-Driven Flows — SQS, Kinesis, and EventBridge flow details
Plaid Mining Pipeline — SQS queue configurations in context

Infrastructure

Lambda Functions

DynamoDB Tables

SQS Queues

Kinesis Streams

EventBridge

Secrets Manager

API Gateways

Scheduled Jobs

Terraform Structure

Related Pages