Pryzmee

Why?

During my four-month-long internship semester in Shanghai, China my friends and my self we took a ton of photos, live photos as well as videos. At some point we had so many pictures that some other platforms did not have enough space on the free tier. And other platforms are not suitable to properly store and view photos. Live Photos are not commonly supported.

Another big missing feature that I have yet to see is a fully End-to-End encrypted platform. So I saw an opportunity to build and learn new things, and therefore I decided to give it a go.

What can it do?

Essentially, I offer the same fundamental features as other platforms, but with an added layer of security – your images, videos, and even sensitive data like location are all encrypted directly on your device, ensuring your privacy and protection.

• Secure on-device encryption for images, videos, and sensitive data
• Streamline photo organization through folders and albums
• Collaborative album creation for shared experiences
• Convenient photo management: upload, download, and sharing
• Full support for Live Photos

How did I do it?

Cognito 🔐

To ensure a seamless and secure user experience, I've implemented Amazon Cognito to manage all user-related data. This includes vital information like email addresses, passwords, and names.

GraphQL 🧭

To enable communication between users' devices and the backend, I've implemented AppSync. I've created various commands for actions like working with images, albums, folders, and user data. These commands rely on the Velocity Template Language (VTL), and for more complex tasks, I've added some Lambdas to assist.

CloudFront 🌍

To ensure swift access to media elements, every upload or download is routed through a CloudFront endpoint, optimizing response times.

Each user enjoys their own dedicated storage space, essentially a personal "folder", within an S3 Bucket. More details can be found in the S3 section. Accessing one's personal media library is straightforward; each request carries a JWT Access Token from Cognito. CloudFront then cross-references the user ID in the JWT Token with the corresponding S3 path.

Additionally, I've created a feature for shared collaborative albums. If a user wishes to view photos uploaded by another user, I've implemented custom permission logic. This logic verifies whether a user is authorized to access specific photos within another user's S3 'folder.' To tackle this, I've integrated Lambda@Edge functions.

DynamoDB 🗃️

In the heart of this setup lies DynamoDB, a cornerstone of my infrastructure. It's the vault that houses a treasure trove of user data, photos, and videos, including details about user-created folders and albums, and the media elements tucked within. Each media element has its own special place in DynamoDB, complete with all its metadata.

Now, here's where it gets a bit tricky but fascinating – I've gone the extra mile to ensure the safety of sensitive information by encrypting it. This added layer of security certainly keeps us on our toes when it comes to designing the NoSQL structure.

On a broader note, apart from diving into the cloud and unraveling the mysteries of AWS, transitioning from traditional relational databases to non-relational databases was quite the journey. It was a learning experience like no other, particularly in terms of efficiently and intelligently organizing data. Secondary indexes, in particular.

S3 🪣

Every photo and video is protected with End-to-End encryption right on the user's device, ensuring that all of their precious memories are securely stored in their own personal folder. To efficiently manage tasks like updating the stored byte count for each user, I've hooked a Lambda function to the S3 bucket to handle events such as upload and delete.

SNS & SQS 📯

In my pursuit of simplifying the intricate web of systems, I naturally opted for SNS and SQS as the ideal tools. These mechanisms function behind the scenes, orchestrating the flow of information and tasks effortlessly among my diverse microservices. To ensure clarity and readability, I have intentionally refrained from displaying the intricate details of SNS, SQS, and their complex connections on the above diagram.