The Trinity Beast Infrastructure — Resource Inventory

Complete inventory of all AWS resources, their purpose, specifications, and interconnections. Source of truth for all infrastructure documentation.

Account: 211998422884 Region: us-east-2 (Ohio) Updated: May 3, 2026 Version: v16

Infrastructure Summary
Compute Layer — ECS Fargate
Data Layer
Network Layer
Content Delivery & Storage
Scheduled Tasks & Automation
Secrets & Security
CloudWatch Dashboards & Alarms
Price Feed Architecture
Performance Configuration
Stress Test Resources
Connection Map

1. Infrastructure Summary

ECS Containers

3 LPO/LRS + 1 Webhook

Total vCPU

8 per container

Total RAM

128 GB

32 GB per container

Aurora ACU

2–18

Serverless v2

ElastiCache

52.8 GB

cache.r7g.2xlarge

DB Connections

600

150 per container

Load Balancers

1 ALB + 1 NLB

Availability Zones

1 container per AZ

2. Compute Layer — ECS Fargate

Cluster: trinity-beast-fargate-cluster — 4 services run the same Docker image (trinity-beast-lpo-server:latest), differentiated by SERVER_TYPE environment variable. The first 3 run APP_REPORT_SERVER (LPO + LRS). The 4th runs WEBHOOK_SERVER (outbound price push delivery — no ALB target, no inbound ports). All tasks run on AWS Nitro System hosts — Nitro Cards offload networking and storage I/O to dedicated hardware, delivering bare-metal-equivalent performance and hardware-enforced security isolation.

Service	Task Definition	SERVER_TYPE	vCPU	RAM	DB Conns	Cache Conns	Ports
`trinity-beast-main-service`	lpo-task:23	APP_REPORT_SERVER	8 vCPU	32 GB	150	300	TCP 8080, 9090 / UDP 2679, 2680
`trinity-beast-mirror-service`	lpo-task:23	APP_REPORT_SERVER	8 vCPU	32 GB	150	300	TCP 8080, 9090 / UDP 2679, 2680
`trinity-beast-lrs-service`	lpo-task:23	APP_REPORT_SERVER	8 vCPU	32 GB	150	300	TCP 8080, 9090 / UDP 2679, 2680
`trinity-beast-webhook-service`	webhook-task:1	WEBHOOK_SERVER	8 vCPU	32 GB	150	300	TCP 8083 (health only)

Key Features per Container: Independent WebSocket price feeds (6 exchanges), local sync.Map cache (zero-network hot path), Distributed Adaptive Connection Governor (6000 max concurrent), blocking UDP governor, micro-batch Aurora writes (300 rows / 100ms trickle), structured JSON error responses.

Webhook Service (BeastWebhook): Outbound-only container — no ALB target group, no inbound traffic. Reads active webhook_subscriptions from Aurora, resolves prices from local wsPriceCache (same 6 WebSocket feeds), and pushes to Associates via UDP fire-and-forget + HTTPS signed POST with 3 retries. Health check on TCP 8083. CLUSTER_NODE: BeastWebhook.

Peak Utilization (Run 15 Stress Test): Main: 96.3% CPU / 92.7% Memory | Mirror: 97.0% CPU / 96.9% Memory | LRS: 80.1% CPU / 73.2% Memory. All containers survived 21.4M requests across all 13 stress levels.

Lambda

Function	Purpose	Runtime	Memory	Timeout	Architecture	Connects To
`trinity-beast-receipt`	Post-checkout receipt processing (subscription, donation, LRS addon). Reads tier config from `rate_limit_template` table. Captures preferred language from Stripe checkout locale and stores on `users.preferred_lang` and `transactions.preferred_lang`.	provided.al2023 (Go)	256 MB	30s	x86_64	Stripe API, Aurora, SES, api.cpmp-site.org/admin

Note: Lambda is NOT in the VPC — it uses public admin endpoints (/admin/invalidate-key) to avoid the $32/mo NAT gateway cost.

SQS — Usage Log Queue

Attribute	Value
Queue Name	`trinity-beast-queued-usage-logs`
Type	Standard (not FIFO)
Message Retention	4 days
Visibility Timeout	60 seconds
Purpose	Decouples usage log writes from the price hot path. LPO server sends fire-and-forget messages to SQS; the `trinity-beast-queued-writer` Lambda consumes batches and batch-inserts into Aurora.
Consumer	`trinity-beast-queued-writer` Lambda (Go, provided.al2023, 256 MB)
Event Source Mapping	Batch size 100, max batching window 5 seconds

Architecture: The SQS queue eliminates Aurora write pressure from the price hot path. The LPO server publishes usage log messages to SQS with fire-and-forget semantics. The trinity-beast-queued-writer Lambda polls the queue in batches of 100 (with a 5-second batching window) and performs efficient batch inserts into Aurora. At normal production traffic, SQS cost is ~$1.00/month ($0.40 per million messages).

3. Data Layer

Aurora Serverless v2 Available

Attribute	Value
Cluster	`trinity-beast-aurora-cluster`
Engine	PostgreSQL 17.7
ACU Range	2 – 18 (auto-scaling)
Storage	Optimized I/O (aurora-iopt1)
Writer	`trinity-beast-aurora-writer` (us-east-2c)
Reader	`trinity-beast-aurora-reader` (us-east-2b)
Writer Endpoint	`trinity-beast-aurora-cluster.cluster-cvg4oeysemon.us-east-2.rds.amazonaws.com`
Reader Endpoint	`trinity-beast-aurora-cluster.cluster-ro-cvg4oeysemon.us-east-2.rds.amazonaws.com`
Total Connections	600 (150 per container × 4)
Deletion Protection	Enabled
Peak ACU (Run 15)	16.5 of 18 max

Tables: api_keys, usage_logs, transactions, users, application_parameters, support_tickets, demo_leads, report_parameters, report_count, report_usage_logs, newsletter_subscribers

ElastiCache for Valkey Available

Attribute	Value
Replication Group	`trinity-beast-cache`
Node Type	cache.r7g.2xlarge (Graviton3)
vCPU	8
Memory	52.8 GB
Network	3.75 Gbps baseline / 15 Gbps burst
Engine	Valkey 7.2
Cluster Mode	Disabled (standalone)
Nodes	1 (single, no replica)
Auto-Failover	Disabled
Multi-AZ	Disabled
TLS (transit)	Enabled
Encryption at Rest	Enabled
Endpoint	`master.trinity-beast-cache.ptsbmm.use2.cache.amazonaws.com:6379`

Key Patterns: apikey:{key} (API key hashes), price:{ASSET} (cached prices), usage_logs:index (sorted set), app:config (application parameters), {adaptive:lpo}:successes/total/throttle (governor counters), report_usage:{id} (report usage logs)

Migration Note: Replaced MemoryDB db.r7g.2xlarge (primary + replica) on April 22, 2026. Same Valkey protocol, same TLS, zero code changes. Savings: ~$1,755/month. Aurora is the source of truth — ElastiCache is a pure performance cache rebuilt by the sync job in ~16 seconds.

4. Network Layer

Application Load Balancer Active

Attribute	Value
Name	`Trinity-Beast-TCP-ALB`
Type	Application (Layer 7)
Scheme	Internet-facing
Idle Timeout	300 seconds
Cross-Zone	Enabled
Availability Zones	us-east-2a, us-east-2b, us-east-2c
TLS	ACM certificate, TLS 1.2+
Target Group (LPO)	`trinity-beast-fargate-group` → port 8080 (HTTP/1.1)
Target Group (LRS)	`trinity-beast-lrs-9090` → port 9090 (HTTP/1.1)
Deregistration Delay	30 seconds
Peak Throughput (Run 15)	31K req/s through ALB with TLS

Listeners: HTTPS:443 (default → LPO TG, rules: lrs.cpmp-site.org → LRS TG, /reports/* → LRS TG), HTTP:80, HTTP:8080, HTTP:9090

Network Load Balancer — UDP Active

Attribute	Value
Name	`Trinity-Beast-UDP-NLB`
Type	Network (Layer 4)
Scheme	Internet-facing
Protocol	UDP
Target Groups	`Trinity-Beast-UDP-2679-TG` (LPO), `Trinity-Beast-UDP-2680-TG` (LRS)
Peak Throughput (Run 15)	84.9K UDP req/s through NLB

Route: udp.cpmp-site.org → UDP 2679 (LPO) / 2680 (LRS)

DNS (Route 53)

Record	Target	Purpose
`api.cpmp-site.org`	ALB (Trinity-Beast-TCP-ALB)	TCP API — LPO price queries
`lrs.cpmp-site.org`	ALB (Trinity-Beast-TCP-ALB)	TCP API — LRS reports
`udp.cpmp-site.org`	NLB (Trinity-Beast-UDP-NLB)	UDP API — LPO + LRS
`cpmp-site.org`	CloudFront (E110PRKEIYQVLL)	Website
`www.cpmp-site.org`	CloudFront (E110PRKEIYQVLL)	Website (www redirect)

VPC

Attribute	Value
VPC ID	`vpc-03deaddb7083cd59c`
CIDR	10.0.0.0/16
Subnets	Public (ALB/NLB) + Private (ECS, Aurora, ElastiCache)
Availability Zones	us-east-2a, us-east-2b, us-east-2c
ECS Subnet (current)	Main: `subnet-06781ce7266a4b870` (us-east-2a) · Mirror: `subnet-0e7e032219e0a6956` (us-east-2b) · LRS: `subnet-0d77afcde34842b5c` (us-east-2c)

Security Groups

Security Group	ID	Purpose
Trinity-ECS-SG-v3	`sg-050b617f93b2388f6`	ECS Fargate tasks — allows ALB/NLB + direct access
ElastiCache SG	`sg-08a14f22df269a909`	ElastiCache — allows ECS containers on port 6379
Stress Test SG	`sg-0bec9c9fa46fb3be1`	Stress test EC2 instances — allows SSM + container access

5. Content Delivery & Storage

CloudFront Distribution Deployed

Attribute	Value
Distribution ID	`E110PRKEIYQVLL`
Price Class	PriceClass_All (global edge locations)
Origin	S3 (trinity-beast-website-east2)
Custom Domains	`cpmp-site.org`, `www.cpmp-site.org`

S3 Bucket Active

Attribute	Value
Bucket	`trinity-beast-website-east2`
Purpose	Static website, documentation library, admin tools, stress test binaries
Key Paths	`/` (HTML), `/css/`, `/js/`, `/images/`, `/icons/`, `/docs/`, `/admin/`, `/tools/`, `/includes/`

ECR Repositories Active

Repository	Purpose
`trinity-beast-lpo-server`	Unified server image (all 4 ECS services including webhook)
`trinity-beast-sync-job`	Nightly sync job image

6. Scheduled Tasks & Automation

Rule	Schedule	Task Definition	Purpose	Status
`trinity-beast-nightly-sync`	`cron(0 6 * * ? *)` = 1 AM EST	trinity-beast-sync-job:3	Nightly Aurora → ElastiCache sync (usage_logs, api_keys, app params, report_usage_logs)	Enabled

Sync Performance: Full historical load of 249K logs completes in ~16 seconds. Incremental syncs (new records only) complete in under 200ms. The sync job uses redis.NewUniversalClient which works with both ElastiCache standalone and cluster mode configurations.

7. Secrets & Security

Secrets Manager — `trinity-beast-secrets`

Single consolidated secret containing all application credentials. Used by all 3 ECS services, Lambda, and the Sync Job. 16 keys total.

#	Key	Description
1	`DB_HOST`	Aurora writer endpoint
2	`DB_PORT`	Aurora port (5432)
3	`DB_NAME`	Database name
4	`DB_USER`	Database username
5	`DB_PASSWORD`	Database password
6	`STRIPE_SECRET_KEY`	Stripe API secret key
7	`SES_SMTP_HOST`	SES SMTP endpoint
8	`SES_SMTP_PORT`	SES SMTP port (587)
9	`SES_SMTP_USER`	SES SMTP IAM username
10	`SES_SMTP_PASSWORD`	SES SMTP IAM password
11	`SES_REGION`	SES region (us-east-2)
12	`SES_FROM_NOREPLY`	No-Reply sender address
13	`SES_FROM_SUPPORT`	Support sender address
14	`SES_FROM_PARTNERS`	Partners sender address
15	`SES_FROM_CONTACT`	Contact sender address
16	`SES_DOMAIN`	Verified SES domain

⚠️ Security: Actual values are never stored in documentation or source code. All consumers read from Secrets Manager at runtime.

API Keys

Key	Purpose	Rate Limit	Status
`demo-public-2026-03-01-abc123`	Public demo (website + native demo binary)	3 QPS (demo) / 1,000 QPS (performance)	Active
`stress-test-unlimited-2026-04-20`	Stress testing	100,000 QPS	Active

Web Application Firewalls (WAF)

WAF	Scope	Attached To	Rules
`CreatedByCloudFront-449feaa5`	CloudFront (Website)	Distribution `E110PRKEIYQVLL`	Anti-DDoS, IP Reputation, Common Rules, Known Bad Inputs
`trinity-beast-api-waf`	Regional (API)	ALB `Trinity-Beast-TCP-ALB`	IP Reputation, Common Rules, Known Bad Inputs, SQL Injection, Rate Limit Global (2000/5min), Rate Limit Admin (100/5min), Rate Limit Analytics (300/5min)

Threat Detection & Monitoring

Service	Resource	Purpose	Status
GuardDuty	Detector `18ceef6f8dddcf6082473cc7016ee458`	Automated threat detection — VPC flow logs, CloudTrail, DNS analysis	Active
Shield Standard	CloudFront + ALB	Automatic DDoS mitigation (Layer 3/4)	Active
CloudTrail	`trinity-beast-events-trail`	Multi-region API audit trail	Active
VPC Flow Logs	`fl-009c595743a159c57`, `fl-0549684b9986c6598`	Network traffic logging on both VPCs	Active

Security Alarms (CloudWatch)

Alarm	Trigger	Threshold
`TrinityBeast-WAF-HighBlockRate`	WAF blocks spike	>100 blocks in 10 minutes
`TrinityBeast-API-5xx-Spike`	Server errors	>10 errors in 10 minutes
`TrinityBeast-API-4xx-Spike`	Client errors / scanning	>200 errors in 15 minutes
`TrinityBeast-GuardDuty-Finding`	Threat detected	Any finding

Security Dashboard

Dashboard	Widgets	Region
`Trinity-Beast-Security-Dashboard`	CloudFront WAF, API WAF, Blocks by Rule, ALB Errors, ALB Latency, Security Alarms, ElastiCache Health	us-east-2

8. CloudWatch Dashboards & Alarm Notifications

Five CloudWatch dashboards provide real-time visibility into every layer of the infrastructure — application performance, security posture, cost tracking, and an executive overview. 17 alarms monitor for anomalies and trigger notifications when thresholds are breached.

Dashboards (5)

Dashboard	Purpose	Key Widgets	Region
`Trinity-Beast-Application-Dashboard`	Core application metrics — LPO, LRS, Lambda, and container health	CPU/Memory per service, request rates, latency p50/p99, cache hit ratios, Lambda invocations/errors/duration, container logs	us-east-2
`Trinity-Beast-Security-Dashboard`	Security & defense monitoring across all protection layers	CloudFront WAF allowed/blocked, API WAF allowed/blocked, blocks by rule (stacked), ALB error codes, ALB latency, security alarms panel, ElastiCache CPU/memory/hit rate	us-east-2
`Trinity-Beast-Master-Dashboard`	Unified overview combining application and infrastructure metrics	All ECS services, Aurora, ElastiCache, ALB/NLB, Lambda, CloudFront — single pane of glass	us-east-2
`Trinity-Beast-Cost-Executive-Dashboard`	High-level cost summary for executive review	Monthly spend, savings plan coverage, cost by service, month-over-month trend	us-east-2
`Trinity-Beast-Cost-Detailed-Dashboard`	Granular cost breakdown by resource	Per-service cost, data transfer, storage, compute hours, reserved vs on-demand	us-east-2

Alarms (17)

Alarm	Metric	Condition	Category
`Trinity-Beast-ECS-CPU-High`	ECS CPUUtilization (Main)	CPU > threshold	Compute
`Trinity-Beast-ECS-CPU-High-Mirror`	ECS CPUUtilization (Mirror)	CPU > threshold	Compute
`Trinity-Beast-ECS-CPU-High-LRS`	ECS CPUUtilization (LRS)	CPU > threshold	Compute
`Trinity-Beast-Main-Service-Count-Low`	ECS RunningTaskCount (Main)	Tasks < 1	Availability
`Trinity-Beast-Mirror-Service-Count-Low`	ECS RunningTaskCount (Mirror)	Tasks < 1	Availability
`Trinity-Beast-LRS-Service-Count-Low`	ECS RunningTaskCount (LRS)	Tasks < 1	Availability
`Trinity-Beast-ALB-UnhealthyTargets`	ALB UnHealthyHostCount	Unhealthy > 0	Availability
`Trinity-Beast-NLB-UnhealthyTargets`	NLB UnHealthyHostCount	Unhealthy > 0	Availability
`Trinity-Beast-Aurora-CPU-High`	RDS CPUUtilization	CPU > threshold	Database
`Trinity-Beast-Aurora-Connections-High`	RDS DatabaseConnections	Connections > threshold	Database
`Trinity-Beast-ElastiCache-CPU-High`	ElastiCache EngineCPUUtilization	CPU > threshold	Cache
`Trinity-Beast-ElastiCache-Memory-High`	ElastiCache DatabaseMemoryUsagePercentage	Memory > threshold	Cache
`Trinity-Beast-S3-Size-Unusual-Growth`	S3 BucketSizeBytes	Unusual growth	Storage
`TrinityBeast-WAF-HighBlockRate`	WAFV2 BlockedRequests	>100 blocks in 10 min	Security
`TrinityBeast-API-5xx-Spike`	ALB HTTPCode_Target_5XX_Count	>10 errors in 10 min	Security
`TrinityBeast-API-4xx-Spike`	ALB HTTPCode_Target_4XX_Count	>200 errors in 15 min	Security
`TrinityBeast-GuardDuty-Finding`	GuardDuty finding	Any finding	Security

Access: All dashboards are accessible from the AWS Console at us-east-2.console.aws.amazon.com/cloudwatch/home?region=us-east-2#dashboards. The KCC provides direct access via bash scripts/kcc.sh daily (infrastructure report) and bash scripts/kcc.sh security (security report).

9. Price Feed Architecture

The Trinity Beast maintains persistent WebSocket connections to 6 exchanges. Every trade pushes a price update in real-time (sub-second latency). 150 assets are prewarmed across all feeds — 25 per exchange. Each feed has its own independent asset list, configurable via application parameters without redeployment. Each of the 4 ECS containers maintains its own independent WebSocket connections for redundancy (24 total connections cluster-wide).

WebSocket Feeds — 6 Exchanges, 150 Prewarmed Assets

Exchange	Protocol	Endpoint	Pair Suffix	Source Tag
Coinbase	WebSocket	`wss://advanced-trade-ws.coinbase.com`	USD	`coinbase-ws`
Gemini	WebSocket	`wss://ws.gemini.com`	USD	`gemini-ws`
Kraken	WebSocket	`wss://ws.kraken.com/v2`	USD	`kraken-ws`
Gate.io	WebSocket	`wss://api.gateio.ws/ws/v4/`	USDT	`gateio-ws`
Bybit	WebSocket	`wss://stream.bybit.com/v5/public/spot`	USDT	`bybit-ws`
OKX	WebSocket	`wss://ws.okx.com:8443/ws/v5/public`	USDT	`okx-ws`

Prewarmed Assets by Exchange (24 each, 150 total)

Exchange	Assets (24)	Application Parameter
Coinbase	BTC, ETH, SOL, DOGE, XRP, LINK, DOT, LTC, AVAX, UNI, PEPE, XLM, RNDR, JASMY, ICP, EOS, EGLD, ZEC, ENJ, ANKR, LRC, SKL, COTI, RLC	`coinbase_prewarm_assets`
Gemini	AAVE, ADA, MATIC, ATOM, NEAR, ARB, MKR, CRV, GRT, FIL, SHIB, BAT, MANA, SAND, AXS, CHZ, STORJ, AMP, REN, UMA, BOND, CTSI, RLY, RAD	`gemini_prewarm_assets`
Kraken	NANO, SC, LSK, KAVA, BICO, RARI, OCEAN, CFG, CQT, ALGO, FET, FLOW, MINA, GLMR, MOVR, KSM, ASTR, PHALA, NODL, PARA, KILT, ACA, TEER, LIT	`kraken_prewarm_assets`
Gate.io	BNB, TRX, APT, INJ, OP, SUI, VET, HBAR, FTM, CELR, DENT, HOT, ONE, REEF, WIN, TFUEL, STMX, TROY, VITE, OAX, PUNDIX, ACH, BEL, CHESS	`gateio_prewarm_assets` (via `exchange_asset_map`)
Bybit	TON, WLD, APE, BLUR, IMX, ENS, LDO, SNX, COMP, 1INCH, SUSHI, GALA, MAGIC, RDNT, HOOK, ID, EDU, CYBER, ARKM, NTRN, MAV, SEI, WOO, AGLD	`bybit_prewarm_assets` (via `exchange_asset_map`)
OKX	KAS, TIA, JUP, STRK, PYTH, W, ZRO, PENDLE, ONDO, RENDER, WIF, FLOKI, PEOPLE, MASK, LOOKS, HIGH, RSS3, PERP, BADGER, ALCX, FXS, TRIBE, ALPHA, DODO	`okx_prewarm_assets` (via `exchange_asset_map`)

Feed Configuration Parameters

Parameter	Value	Purpose
`coinbase_prewarm_assets`	btc,eth,sol,doge,xrp,link,dot,ltc,avax,uni,pepe,xlm,rndr,jasmy,icp,eos,egld,zec,enj,ankr,lrc,skl,coti,rlc	Coinbase WebSocket subscription list (24 assets)
`gemini_prewarm_assets`	aave,ada,matic,atom,near,arb,mkr,crv,grt,fil,shib,bat,mana,sand,axs,chz,storj,amp,ren,uma,bond,ctsi,rly,rad	Gemini WebSocket subscription list (24 assets)
`kraken_prewarm_assets`	nano,sc,lsk,kava,bico,rari,ocean,cfg,cqt,algo,fet,flow,mina,glmr,movr,ksm,astr,phala,nodl,para,kilt,aca,teer,lit	Kraken WebSocket subscription list (24 assets)
`gateio_prewarm_assets`	bnb,trx,apt,inj,op,sui,vet,hbar,ftm,celr,dent,hot,one,reef,win,tfuel,stmx,troy,vite,oax,pundix,ach,bel,chess	Gate.io WebSocket subscription list (24 assets)
`bybit_prewarm_assets`	ton,wld,ape,blur,imx,ens,ldo,snx,comp,1inch,sushi,gala,magic,rdnt,hook,id,edu,cyber,arkm,ntrn,mav,sei,woo,agld	Bybit WebSocket subscription list (24 assets)
`okx_prewarm_assets`	kas,tia,jup,strk,pyth,w,zro,pendle,ondo,render,wif,floki,people,mask,looks,high,rss3,perp,badger,alcx,fxs,tribe,alpha,dodo	OKX WebSocket subscription list (24 assets)
`kraken_prewarm_interval_minutes`	3	Kraken REST batch poll interval (also used as general prewarm interval)
`kraken_prewarm_offset_seconds`	15	Stagger offset to avoid thundering herd across containers
`prewarm_assets`	(combined Coinbase + Gemini list)	Legacy combined prewarm list — Coinbase and Gemini assets
`prewarm_interval`	3	General prewarm cycle interval in minutes

Hot Path: (1) Local sync.Map → (2) ElastiCache → (3) REST fallback. WebSocket feeds write to Tier 1 on every trade. FlushToElastiCache() batch-writes all fresh local prices to Tier 2 every 30 seconds via Redis pipeline. 99.9% of requests served from Tier 1 (zero network hops). Each container maintains its own independent WebSocket connections for redundancy — 6 feeds × 4 containers = 24 persistent connections cluster-wide.

Asset Management: Coinbase, Gemini, and Kraken assets are controlled via application_parameters in Aurora. Gate.io, Bybit, and OKX assets are managed via the exchange_asset_map table. All are synced to ElastiCache and hot-reloadable without redeployment. Assets beyond the 150 prewarmed are fetched on-demand from the best available exchange.

10. Performance Configuration

All settings are configurable via application_parameters in Aurora, synced to ElastiCache, and hot-reloadable via /admin/reload-params. The /admin/system-mode?mode=performance endpoint applies the full performance profile.

Parameter	Value	Purpose
`adaptive_max_concurrent`	6000	TCP governor — max simultaneous connections across cluster
`adaptive_success_threshold`	0.50	Governor throttle trigger threshold
`adaptive_throttle_delay_ms`	0	No artificial delay when throttling
`udp_max_concurrent_lpo`	3000	UDP LPO blocking governor per container
`udp_max_concurrent_lrs`	3000	UDP LRS blocking governor per container
`db_max_open_conns`	150	Aurora connection pool per container
`db_max_idle_conns`	75	Idle Aurora connections kept warm
`cache_pool_size`	300	ElastiCache connection pool per container
`cache_min_idle_conns`	60	Idle ElastiCache connections kept warm
`cache_dial_timeout_ms`	500	Fast-fail connection timeout
`cache_read_timeout_ms`	500	Fast-fail read timeout
`cache_write_timeout_ms`	500	Fast-fail write timeout
`sqs_batch_size`	10	Messages per SQS SendMessageBatch call (1-10)
`sqs_flush_ms`	100	SQS producer flush interval in milliseconds
`sqs_buffer_size`	50,000	SQS producer channel buffer capacity
`sqs_timeout_ms`	3,000	Per-batch SQS API call timeout in milliseconds
`http_idle_timeout_seconds`	300	Keep-alive connections held open
`http_read_timeout_seconds`	5	Fast-fail on slow reads
`http_write_timeout_seconds`	5	Fast-fail on slow writes
`cache_ttl_seconds`	9	Local cache TTL before checking ElastiCache
`log_level`	error	Minimal logging in performance mode

11. Stress Test Resources

Resource	Type	Purpose
`stress-test-ssm-role`	IAM Role	SSM access for stress test EC2 instances
`stress-test-ssm-profile`	IAM Instance Profile	Attached to stress test EC2 instances
`sg-0bec9c9fa46fb3be1`	Security Group	Stress test instance — reaches ECS containers directly
`lt-06c1d77f884da6b43`	Launch Template	trinity-beast-stress-run13 (us-east-2a, SSM profile)
`stress-test-unlimited-2026-04-20`	API Key	100K QPS rate limit for stress testing
`s3://trinity-beast-website-east2/tools/trinity-stress-linux`	S3 Object	Stress test binary (Go, Linux AMD64)

Test Client: m6in.4xlarge (16 vCPU, 64 GB, 50 Gbps networking), launched in us-east-2a (same AZ as containers). Supports TCP and UDP, round-robin distribution, per-container metrics, 13-level progressive load test.

12. Connection Map

Internet → The Trinity Beast (Inbound)

Path	Flow
TCP API	Client → Route 53 (`api.cpmp-site.org`) → ALB (TLS termination) → ECS containers (port 8080)
LRS Reports	Client → Route 53 (`lrs.cpmp-site.org`) → ALB (TLS termination) → ECS containers (port 9090)
UDP API	Client → Route 53 (`udp.cpmp-site.org`) → NLB (Layer 4) → ECS containers (port 2679/2680)
Website	Client → Route 53 (`cpmp-site.org`) → CloudFront → S3
Stripe Webhooks	Stripe → API Gateway → Lambda (`trinity-beast-receipt`)
Stripe Checkout	Client → Stripe (with `?locale=XX&client_reference_id=XX` from `cpmp-lang`) → Webhook → Lambda → Aurora (`preferred_lang`)

ECS Containers → Backend (Internal)

Connection	Purpose	Protocol
ECS → Aurora	Batched writes (usage_logs), reads (api_keys, config, rate_limit_template, webhook_subscriptions)	PostgreSQL (TCP 5432, 150 conns/container)
ECS → ElastiCache	Cache reads/writes, governor counters, config	Valkey (TCP 6379, TLS, 300 conns/container)
ECS → Coinbase WS	Real-time price feed (24 assets)	WebSocket (outbound, persistent)
ECS → Gemini WS	Real-time price feed (24 assets)	WebSocket (outbound, persistent)
ECS → Kraken WS	Real-time price feed (19 assets)	WebSocket (outbound, persistent)
ECS → Gate.io WS	Real-time price feed (24 assets)	WebSocket (outbound, persistent)
ECS → Bybit WS	Real-time price feed (24 assets)	WebSocket (outbound, persistent)
ECS → OKX WS	Real-time price feed (24 assets)	WebSocket (outbound, persistent)
ECS → CloudWatch	Logs and metrics	HTTPS (outbound)
Webhook → Associates	Outbound price push (UDP fire-and-forget + HTTPS signed POST)	UDP + HTTPS (outbound only)

Lambda → External (Outbound)

Connection	Purpose	Protocol
Lambda → Stripe API	Read checkout sessions (including locale), manage subscriptions, create portal sessions	HTTPS
Lambda → Aurora	Insert users, api_keys, transactions; read rate_limit_template; store preferred_lang	PostgreSQL (public endpoint)
Lambda → SES	Send receipt emails	HTTPS (SES API)
Lambda → api.cpmp-site.org	Cache invalidation (`/admin/invalidate-key`)	HTTPS (public ALB)
Lambda → lrs.cpmp-site.org	Cache invalidation (`/admin/invalidate-key`)	HTTPS (public ALB)

Table of Contents