Asset Servicing Operations
A global asset-servicing platform processing positions, corporate actions, entitlements, tax lots, and reconciliation. The architecture uses CQRS with RDS PostgreSQL as the write-side store and DynamoDB as the read-side projection. Kinesis streams carry position feeds, Lambda normalizes and processes events, an ECS Fargate worker handles entitlement calculations by polling SQS, and DynamoDB Streams trigger reconciliation. This scenario validates Simfra's ability to run complex financial workflows across streaming, compute, and storage services.
Services
| Service | Role |
|---|---|
| Kinesis | Position feed ingestion stream, KMS encrypted |
| Lambda | Three Python functions: ingest-normalizer (Kinesis ESM), API handler, reconciliation (DynamoDB Streams) |
| ECS Fargate | Go servicing engine polling SQS for entitlement calculations |
| ECR | Container image repository for servicing engine |
| DynamoDB | Three tables: positions, entitlements (read projection), queue-state - with streams |
| RDS | PostgreSQL for entitlements and tax lots (write-side, source of truth) |
| S3 | Calculation results, reconciliation reports, pipeline artifacts - SSE-KMS |
| SQS | Entitlement request queue, notification queue, DLQ - all KMS encrypted |
| EventBridge | Custom bus for EntitlementCompleted events |
| SNS | Notification topic for completed entitlements |
| AppConfig | Dividend processing rules (withholding rates, market calendars) |
| API Gateway | REST API for position and entitlement queries |
| KMS | Single customer-managed key for all services |
| IAM | Seven scoped roles: three Lambda, ECS execution, ECS task, CI/CD |
| Secrets Manager | RDS database credentials |
| CodeCommit | Source repository |
| CodeBuild | Lambda packaging and Docker image builds |
| CodeDeploy | Lambda deployment |
| CodePipeline | Orchestration |
Architecture
Position feeds --> Kinesis Stream (KMS)
|
v
Lambda: ingest-normalizer (ESM)
|
v
DynamoDB: positions table (with streams)
|
├── DynamoDB Streams --> Lambda: reconciliation
| |
| v
| S3 reports
|
v
SQS: entitlement-requests
|
v
ECS Fargate: servicing-engine (Go, SQS polling)
| | | |
v v v v
RDS (write) DynamoDB S3 EventBridge
entitlements (read calculations |
tax_lots projection) v
SNS --> SQS notification
The CQRS pattern separates write and read concerns: the ECS servicing engine writes entitlements and tax lots to RDS PostgreSQL (the source of truth) and simultaneously updates a DynamoDB read projection for fast query access. The API Gateway Lambda handler reads from DynamoDB for low-latency queries. DynamoDB Streams on the positions table trigger a reconciliation Lambda that compares positions against entitlements and writes discrepancy reports to S3. AppConfig provides business rules like dividend withholding rates and market calendars without requiring redeployment.
What This Validates
- CQRS pattern: RDS as write-side store, DynamoDB as read-side projection
- Kinesis-to-Lambda stream processing via event source mapping
- DynamoDB Streams triggering Lambda for event-driven reconciliation
- ECS Fargate worker polling SQS for long-running financial calculations
- API Gateway to Lambda proxy for query API
- EventBridge-to-SNS-to-SQS notification chain for completed entitlements
- AppConfig for live business rule configuration (withholding rates, calendars)
- Single KMS key encrypting DynamoDB (3 tables), SQS (3 queues), SNS, Kinesis, RDS, and S3
- Seven scoped IAM roles with least-privilege per component
Test Coverage
Tests include smoke checks for all resources, integration tests for position ingestion through Kinesis, corporate action processing with entitlement calculation, notification delivery verification, reconciliation report generation in S3, and API CRUD operations. Security tests validate KMS encryption across all services and IAM role scoping. Performance tests cover 20 concurrent Kinesis position updates and 5 concurrent corporate action submissions with SQS delivery verification.