Architecture Overview
Scottsdale Mint is a serverless WordPress e-commerce platform built on AWS infrastructure, optimized for high-concurrency precious metals transactions with real-time pricing.
System Architecture Diagramโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ EXTERNAL SYSTEMS โ
โ NFusion Pricing API โโโ Laravel Middleware โโโ WP REST API โ
โ (spot prices) (price transform) (/suma/v1/update-prices) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ AWS CloudFront CDN โ
โ - Static asset caching - Image processing โ
โ - WooCommerce session cookies - CloudFront IP header โ
โ - Bypass: /cart, /checkout, /my-account, /uploads/elementor โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ AWS Lambda (Ymir โ WordPress Runtime) โ
โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ WordPress (Bedrock) โ โ
โ โ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ โ โ
โ โ โ WP Core โ โ WooCommerce โ โ Elementor Pro โ โ โ
โ โ โ 6.9.1 โ โ 10.5.1 โ โ 3.35.3 โ โ โ
โ โ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ โ โ
โ โ โ โ
โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ
โ โ โ suma-elementor Theme (v2.3.0) โ โ โ
โ โ โ Pricing โข WooCommerce โข REST API โข Klaviyo โข Yotpo โ โ โ
โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ โ
โ โ โ โ
โ โ Custom Plugins: ACH Gateway โข WooEmails โข OrderTracking โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ
โ Memory: 4096MB (prod) โ Timeout: 120s โ Concurrency: 800 โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ โ โ
โผ โผ โผ
โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโ
โ Amazon S3 โ โ Amazon Aurora โ โ Valkey / Redis โ
โ โ โ MySQL โ โ (Object Cache Pro) โ
โ - Uploads โ โ - WP database โ โ - Object cache โ
โ - KYC docs โ โ - Read replica โ โ - Session data โ
โ - Backups โ โ endpoint โ โ - Transients โ
โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโ
Key Architectural Decisionsโ
Serverless Lambda (Ymir)โ
WordPress runs in AWS Lambda functions via Ymir. This means:
- No persistent processes โ each request spawns a fresh Lambda invocation.
- External cron โ
DISABLE_WP_CRON=1is always set; scheduled tasks run via Ymir's built-in cron runner (cron: 1inymir.yml). - Ephemeral filesystem โ no persistent file writes. Uploads go to S3. Logs go to PHP stderr (CloudWatch).
- Cold starts โ Ymir's "warmup" feature pre-warms the Lambda pool on deploy (100 requests in production).
Bedrock Frameworkโ
Roots.io Bedrock provides:
- All dependencies via Composer โ WordPress core, all plugins, and the theme are in
composer.json. - Environment-based configuration โ secrets in
.env, logic inconfig/environments/*.php. - Hardened paths โ WordPress core is at
/web/wp/, content at/web/app/(not publicly writable). - No direct file editing in production โ
DISALLOW_FILE_EDIT=true,DISALLOW_FILE_MODS=true.
Split Aurora Endpointsโ
The database uses Amazon Aurora MySQL with separate read and write endpoints:
DB_WRITER_HOSTโ All write operations (INSERT, UPDATE, DELETE)DB_READER_HOSTโ All read operations (SELECT), cached queries
Multi-Layer Cacheโ
See Caching Architecture for full detail.
- CloudFront CDN โ Edge caching for static assets, product pages
- Valkey/Redis โ Object cache (transients, query cache, session data)
- Browser cache โ Static assets, product images
Real-Time Pricing Architectureโ
Precious metals prices update every minute:
NFusion API
โ
โผ
Laravel Middleware (external โ not in this repo)
โ (transforms spot prices, calculates premiums, applies tiers)
โผ
POST /wp-json/suma/v1/product/update-prices
โ (REST endpoint in suma-elementor/inc/endpoints/class-pricing.php)
โผ
WooCommerce product prices updated in Aurora
โ
โผ
Redis object cache invalidated for updated products
โ
โผ
CloudFront cache invalidated for updated product pages
This endpoint is performance-critical. Do not add blocking operations or slow DB queries to the price update path.
Request Flowโ
Standard Page Load (Cached)โ
Browser โ CloudFront (cache hit) โ Response
Standard Page Load (Cache Miss)โ
Browser โ CloudFront โ Lambda (WordPress) โ Aurora Read Replica โ Redis
โ Response โ CloudFront caches response
Checkout and Cartโ
These paths are excluded from CloudFront caching (/cart, /checkout, /my-account):
Browser โ CloudFront (bypass) โ Lambda (WordPress) โ Aurora Write + Read โ Redis
Payment Processing (e.g., ACH)โ
Browser โ checkout page โ ACH Gateway โ
Plaid API (bank account auth) โ
iTransact API (ACH submission) โ
Kount (fraud pre-auth) โ
Kount ENS callback to /wp-json/kount/v1/ens โ
WC order status updated โ Customer notified via Mailgun
Concurrency and Scalingโ
| Environment | Lambda Concurrency | Memory | Warmup |
|---|---|---|---|
| Production | 800 | 4096 MB | 100 requests |
| Staging | 100 | 2048 MB | 40 requests |
| Development | 80 | 2048 MB | 20 requests |
Lambda scales horizontally โ at 800 concurrency, up to 800 simultaneous requests can be handled. Aurora and Redis are the scalability bottlenecks; both are managed by AWS.
Security Boundariesโ
| Layer | Mechanism |
|---|---|
| HTTPS everywhere | CloudFront HTTPS only; FORCE_SSL_ADMIN=true |
| Admin access | 2FA mandatory (WP 2FA Premium + Twilio) |
| Payment fraud | Kount Pre-Auth on all payment methods |
| File modification | DISALLOW_FILE_EDIT=true, DISALLOW_FILE_MODS=true |
| SQL injection | All queries via $wpdb->prepare() or WP Query API |
| XSS | All output escaped via WP functions |
| CSRF | WP nonces on all AJAX/form submissions |
| IP spoofing | wp-config.php handles CloudFront + Cloudflare headers correctly |
| HSTS | headers-security-advanced-hsts-wp plugin |
| Data encryption | SENSITIVE_DATA_KEY for sensitive data at rest |