Capstone Project: Serverless Refund Automation System

Welcome to the final project of the Serverless Advanced course!

In this capstone, you will transition from learning isolated concepts to architecting and deploying a complete, production-grade serverless application. You will build an asynchronous Refund Automation System using AWS API Gateway, AWS Lambda, Amazon SQS, and Amazon DynamoDB, fully defined via Infrastructure as Code (IaC).

📖 Business Scenario

Customer Service receives thousands of refund requests daily. Processing these synchronously (waiting for the payment gateway to confirm) blocks the client application and often leads to HTTP timeouts during traffic spikes.

Your task is to build an asynchronous API. When a client requests a refund, the system should immediately accept the request, save it with a PENDING status, return a tracking ID, and then process the actual business logic in the background.

🏗️ Architecture Flow

Please implement the following event-driven architecture:

1. Client Request: A POST /refunds request is sent to an Amazon API Gateway endpoint. Payload includes orderId, amount, and reason.
2. Ingestion (Receiver): A synchronous AWS Lambda function validates the payload, generates a unique refundId, and saves the record to a DynamoDB table with status: PENDING.
3. Decoupling: The Receiver Lambda then sends a message containing the refundId to an Amazon SQS Queue and immediately returns a 202 Accepted response to the client.
4. Asynchronous Processing: A second AWS Lambda function (Processor) is triggered by the SQS Queue.
5. Business Logic & State Update: The Processor evaluates the refund (e.g., automatically reject if amount > 1000, otherwise approve). It updates the DynamoDB record status to either APPROVED or REJECTED.

🛠️ Technical Requirements

To pass this capstone, your solution must meet the following criteria:

1. Infrastructure as Code (IaC)

• Mandatory: The entire architecture must be defined and deployed using either AWS SAM or AWS CDK.
• Manual creation of resources via the AWS Console is strictly prohibited.

2. API & Security

• The API Gateway endpoint must be secured (e.g., using an API Key or IAM authorization).
• The API must return proper HTTP status codes (202 Accepted for successful ingestion, 400 Bad Request for invalid payloads).

3. Database Modeling (DynamoDB)

• Implement a single-table design.
• Use a logical Partition Key (e.g., PK: REFUND#<refundId>).

4. Resiliency & Error Handling

• The SQS Queue must have a Dead-Letter Queue (DLQ) configured.
• If the Processor Lambda fails to process a message (e.g., simulating a payment gateway timeout), the message should eventually move to the DLQ.

5. Observability & Security Policies

• Enable AWS X-Ray active tracing for API Gateway and both Lambda functions.
• Lambda execution roles must follow the Principle of Least Privilege (e.g., the Receiver Lambda cannot read from SQS, only write; it can only PutItem to DynamoDB, etc.).

🚀 How to Submit

1. Create a private Git repository and push your complete IaC codebase (SAM template or CDK app) and Lambda source code.
2. Update this README.md to include:
   • Instructions on how to build and deploy your application.
   • Example curl or Postman commands to test the API.
   • A brief text or image architecture diagram of your deployed stack.
3. Follow the instructions in the "How to send Capstone Project for review" internal article to properly submit your repository link and architecture diagram for evaluation.

Good luck, and build it like it's going to production!