Fully serverless, highly scalable, and secure CRUD API architecture.
A production-grade serverless REST API built with API Gateway, Lambda, and DynamoDB. Provisioned entirely via Terraform, this architecture scales automatically to handle millions of requests while remaining highly cost-effective ($0 at idle).
From a security perspective, this repository serves as a hardened baseline for deploying API endpoints, implementing least-privilege IAM, request validation, and secure data persistence.
Client Request (HTTPS)
│
▼
Amazon API Gateway (Authentication, WAF, Request Validation)
│
▼
AWS Lambda (Business Logic)
│
▼
Amazon DynamoDB (Encrypted at Rest)
| Property | Implementation |
|---|---|
| Request Validation | API Gateway models drop malformed requests before Lambda invocation |
| Authentication | Support for IAM, Cognito, or custom Lambda authorizers |
| Data Security | DynamoDB tables use AWS KMS encryption at rest |
| Least Privilege | Lambda execution roles are restricted to specific DynamoDB table ARNs |
Deployment at Merkaba AI Risk Management:
This architecture is used as the secure foundation for the agentledger and hermes-agent-memory-vault services. By utilizing API Gateway's native request validation, we successfully mitigated a series of automated fuzzing attacks during a red team exercise, as the malformed payloads were dropped at the edge without ever consuming Lambda compute time.
agentledger— Built on top of this architecturehermes-agent-memory-vault— Utilizes this pattern for secure agent memory access
MIT License — see LICENSE for details.
Merkaba AI Risk Management security@merkabacreatives.org https://merkabacreatives.org/ai-risk