Coming soon Deadlift is awaiting AWS Marketplace approval. Join the waitlist →
Deadlift
Join the waitlist

Architecture

Deadlift is one CloudFormation stack. Everything in this page is provisioned inside your AWS account when you subscribe through Marketplace.

What gets deployed

LayerResource
FrontendS3 bucket + CloudFront distribution serving a static Next.js export
APIAppSync GraphQL API with Cognito User Pool authorization
Compute13 Lambda functions (AppSync resolvers + scheduled jobs) and one inline AppSync JS resolver
Storage5 DynamoDB tables: sessions, audit log, daily counters, auto-replay rules, settings
IdentityCognito User Pool with optional MFA, email/SSO sign-in
MonitoringCloudWatch alarms reconciled per DLQ by a scheduled Lambda; SNS topic for delivery
NotificationsSNS topic with optional email subscription, plus a Lambda that POSTs to your configured webhook URL

How a replay works

  1. You browse a DLQ. The frontend calls AppSync listMessages, which holds the SQS visibility timeout for 5 minutes via a ReceiveMessage call. Receipt handles are stored in DynamoDB.
  2. You select messages and hit replay. AppSync invokes the replay-messages Lambda with the message IDs.
  3. The Lambda reads the stored receipt handles, sends the messages to the source queue (derived from the DLQ redrive policy), then deletes them from the DLQ.
  4. The audit log writes an entry with your Cognito user ID, the queue URL, the action, and the message count.

Messages never travel through Deadlift infrastructure - they stay inside your account, moving directly between SQS and Lambda.

Why no SaaS backend?

Deadlift is sold as a bring-your-own-account product. The trade-offs:

  • Data residency: customer data never leaves the customer’s AWS account
  • Cost transparency: usage shows up in the customer’s existing AWS bill
  • Compliance simpler: no third-party data processor to vet
  • ⚠️ Updates require a stack update: customers update on their own cadence; we publish new templates to Marketplace
  • ⚠️ Multi-tenancy via Cognito User Pools: each deployment is a single tenant

For our target customer (engineering teams managing AWS workloads, especially in regulated environments), the data residency story outweighs the update friction.

Tier gating

The CloudFormation stack receives a Tier parameter set by AWS Marketplace based on your subscription. The Lambda functions read this from their TIER environment variable and gate behaviour accordingly:

  • DLQ count limits enforced by list-queues
  • Daily message browse caps enforced by list-messages, tracked in the CounterTable
  • Audit history retention enforced by DynamoDB TTL on the AuditTable
  • Webhooks gated by dlq-webhook (no-op when tier doesn’t include them)
  • Multi-user gated at the Cognito layer

When you upgrade your subscription, the Marketplace flow updates the CloudFormation parameter and the limits change immediately.