Invoice Reminders

Amazon Bedrock (Claude 3.5 / Titan)

Powers reminder tone personalization and invoice summarization. Bedrock's managed LLM access eliminates infrastructure overhead for model hosting. Claude handles nuanced, empathetic reminder generation; Titan handles embeddings for the RAG pipeline.

Amazon OpenSearch Service (Serverless)

Vector store for RAG. Stores embedded invoice data, payment history, and client communication preferences. Enables semantic search over invoice corpus for the conversational query interface.

LangGraph on ECS Fargate

Orchestrates the multi-agent workflow - Agent 1 determines reminder urgency, Agent 2 selects channel and tone, Agent 3 handles escalation paths. LangGraph's state machine model maps naturally to the payment reminder lifecycle.

AWS Lambda + Mangum

Stateless API endpoints for invoice CRUD, payment status checks, and tenant management. Mangum wraps FastAPI for Lambda compatibility. Cost-effective for bursty SaaS traffic patterns.

ECS Fargate

Long-running AI agent orchestration tasks that exceed Lambda's 15-min timeout. Auto-scales based on queue depth.

Amazon EventBridge

Cron-based scheduling for reminder dispatch. Rules engine triggers reminder workflows based on invoice due dates, payment status changes, and configurable escalation timers.

Amazon SQS

Decouples reminder generation from notification delivery. Dead-letter queues capture failed deliveries for retry. FIFO queues ensure ordered processing per invoice.

Amazon SNS

Fan-out pattern for multi-channel notifications. Single publish triggers parallel delivery across email (SES), SMS (SNS), and WhatsApp (Pinpoint).

Aurora PostgreSQL (Serverless v2)

Multi-tenant invoice data with row-level security. Serverless v2 auto-scales capacity based on load - critical for SaaS with variable tenant activity. Supports Text-to-SQL queries via the RAG interface.

ElastiCache Redis

Session management, API response caching, and rate-limiting counters. Reduces database load for frequently accessed invoice status checks.

S3

Invoice PDF storage with lifecycle policies. Server-side encryption (SSE-S3) for data at rest. Pre-signed URLs for secure client access.

Amazon Cognito

Multi-tenant OAuth2/OIDC authentication with user pools per tenant. Supports social login and MFA. Issues short-lived JWT tokens (1hr expiry) with custom claims for tenant isolation.

AWS KMS

Envelope encryption for PII fields (client emails, phone numbers, payment details). Customer-managed keys (CMK) for tenant data isolation.

IAM

Least-privilege policies for all Lambda functions and ECS tasks. Service-linked roles with no wildcard permissions.

VPC

Private subnets for Aurora and ElastiCache. VPC endpoints for S3, SQS, and Bedrock to keep traffic off the public internet.

CloudWatch Metrics

Custom metrics for reminder delivery rates, AI response latency, and payment conversion rates. Composite alarms for SLA monitoring.

AWS X-Ray

End-to-end distributed tracing from API Gateway through Lambda/ECS to downstream services. Trace sampling at 5% for cost management.

CloudTrail

Immutable audit log for all API calls. Critical for fintech compliance - who accessed what invoice data and when.

OpenTelemetry

Instrumented in application code, exported to CloudWatch via the ADOT collector. Provides vendor-neutral telemetry alongside native AWS tracing.

Lambda cold starts matter for AI workloads - Provisioned concurrency for the RAG query endpoint eliminated P99 latency spikes from 8s to 1.2s.

Bedrock token costs add up - Implemented prompt caching and response streaming to reduce Claude API costs by 40%.

EventBridge scheduling precision - Sub-minute scheduling required a combination of EventBridge rules and SQS delay queues for fine-grained reminder timing.

Multi-tenancy in Aurora - Row-level security (RLS) policies per tenant proved more maintainable than schema-per-tenant at this scale.