About This Architecture

Grace Cares Production Serverless Architecture implements a multi-zone AWS serverless design for healthcare data processing with strict PHI protection and compliance controls. End users access the application through CloudFront distributions (App and Admin) backed by S3 website buckets, while API requests flow through API Gateway v2, Lambda Authorizer for JWT validation, and Lambda backend-api to DynamoDB and S3 data stores with encryption at rest. Lambda agents orchestrate AI/ML workloads using Bedrock Runtime, AgentCore, Textract, and Comprehend Medical for document processing and medical text analysis. The architecture separates concerns into Edge/CDN, API Ingress, Compute, Data (PHI-encrypted), AI/ML, and Identity/Security zones, with CloudTrail audit logging, GuardDuty threat detection, and Vanta compliance monitoring integrated throughout. Infrastructure as Code via AWS CDK and GitHub Actions enables safe promotion from Development to Production accounts with clear audit scope boundaries. Fork this diagram to customize compliance controls, add additional Lambda functions, or adapt the multi-account strategy for your healthcare workload.

People also ask

How do you design a HIPAA-compliant serverless architecture on AWS with encrypted PHI storage and AI/ML processing?

Grace Cares uses a multi-zone serverless design separating Edge/CDN, API Ingress, Compute, Data (PHI-encrypted DynamoDB/S3), AI/ML (Bedrock agents), and Identity/Security zones. CloudFront delivers content via TLS 1.2+, API Gateway v2 with Lambda Authorizer validates JWT tokens, Lambda backend-api accesses encrypted data stores, and Lambda agents orchestrate Bedrock, Textract, and Comprehend Medic