1. Introduction
2. Architecture
3. Prerequisites
4. Tools and services
5. Usage
6. Clean up
7. Reference
8. Contributing
9. License

This repo demonstrates how to build a Fintech app on AWS that uses Plaid Link to connect a user to their bank account. The app allows users to sign up using Amazon Cognito, select their bank from a list, log in to the bank, and display the accounts. The app is built using AWS Amplify, Amazon API Gateway, Amazon Cognito, AWS Secrets Manager, Amazon Simple Queue Service and Amazon DynamoDB.

The architecture consists of a React application hosted on Amplify Hosting. The API is an AWS Lambda function behind an Amazon API Gateway. The API stores and retrieves data from DynamoDB. When webhooks are received from Plaid, those are stored in a FIFO SQS queue for processing.

• Python 3, installed
• AWS Command Line Interface (AWS CLI) version 2, installed. Please follow these instructions with how to setup your AWS credentials.
• AWS Serverless Application Model (SAM), installed
• Docker Desktop, installed
• GitHub account
• Plaid account

• AWS Lambda - AWS Lambda is a serverless compute service that lets you run code without provisioning or managing servers, creating workload-aware cluster scaling logic, maintaining event integrations, or managing runtimes.
• Amazon Cognito - Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Apple, Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0 and OpenID Connect.
• Amazon API Gateway - Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale.
• AWS Amplify - AWS Amplify is a complete solution that lets frontend web and mobile developers easily build, ship, and host full-stack applications on AWS, with the flexibility to leverage the breadth of AWS services as use cases evolve.
• Amazon Simple Queue Service - Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications.
• Amazon DynamoDB - Amazon DynamoDB is a fully managed, serverless, key-value NoSQL database designed to run high-performance applications at any scale.
• AWS Secrets Manager - AWS Secrets Manager helps you manage, retrieve, and rotate database credentials, API keys, and other secrets throughout their lifecycles.
• AWS CloudFormation - AWS CloudFormation lets you model, provision, and manage AWS and third-party resources by treating infrastructure as code.

1. GitHub: Create a personal access token with the repo scope selected. The access token will be used by AWS Amplify to securely connect to your GitHub account to access the source code. Amplify will then build, deploy and host the application using Amplify Hosting.
2. GitHub: Fork the repository to your personal account. This is required so Amplify can access the repository and download the source code.
3. Plaid: Ensure you have both a client_id and Sandbox Secret available on the Keys page

git clone https://github.com/<GitHubUserName>/aws-plaid-demo-app
cd aws-plaid-demo-app
sam build --use-container --parallel --cached
sam deploy \
  --guided \
  --tags "GITHUB_ORG=<GitHubUserName> GITHUB_REPO=aws-plaid-demo-app"

SAM will then prompt you to provide values for the missing parameters listed above:

Setting default arguments for 'sam deploy'
=========================================
Stack Name [sam-app]: aws-plaid-demo-app
AWS Region [us-east-1]:
Parameter Environment [dev]:
Parameter GitHubOrg: <GitHubUserName>
Parameter GitHubRepo [aws-plaid-demo-app]:
Parameter PlaidClientId: *************
Parameter PlaidSecretKey: *************
Parameter PlaidEnvironment [sandbox]:
Parameter GitHubAccessToken: *************
#Shows you resources changes to be deployed and require a 'Y' to initiate deploy
Confirm changes before deploy [y/N]:
#SAM needs permission to be able to create roles to connect to the resources in your template
Allow SAM CLI IAM role creation [Y/n]:
Capabilities [['CAPABILITY_IAM']]: CAPABILITY_IAM CAPABILITY_AUTO_EXPAND
#Preserves the state of previously provisioned resources when an operation fails
Disable rollback [y/N]:
Save arguments to configuration file [Y/n]:
SAM configuration file [samconfig.toml]:
SAM configuration environment [default]:

SAM will then monitor the CloudFormation stack as its being deployed. Once CloudFormation completes, you can access the application within the Amplify Console to monitor the deployment progress.

Click the FrontendUrl listed CloudFormation Outputs (or the Domain URL from the Amplify Console) to access the application. You should see a screen like this:

Go through the process to create a new account providing your email address for the username. Cognito will send you a verification code to verify your email. Then click on the "Connect with Plaid" button to begin the linking process.

Select "Bank of America" and use these demo credentials:

• Username: user_good
• Password: pass_good
• Code: 1111

Continue through the Plaid Link process to have "Bank of America" and its accounts linked to the application.

Deleting the CloudFormation Stack will remove the Lambda functions, Amplify application, API Gateway and DynamoDB table.

sam delete

See CONTRIBUTING for more information.

This library is licensed under the MIT-0 License. See the LICENSE file.