CNB - Bank

Cloud-native microservices banking platform self-hosted on Raspberry Pi with enterprise-grade security

Terraform Docker Kubernetes Raspberry Pi MySQL AWS API Gateway Cloudflare Tunnel React Cognito WAF IAM CI/CD Microservices

Overview

CNB - Bank is a full-stack, cloud-native banking and investment platform built to demonstrate real-world microservices architecture, infrastructure-as-code, and layered security design. The entire backend runs on a self-managed Kubernetes cluster provisioned on Raspberry Pi hardware, exposed to the public internet through a Cloudflare Tunnel — eliminating the need for a static IP or open firewall ports while maintaining a production-grade access pattern.

The platform is composed of two independently deployable microservices: a core banking system handling accounts, transactions, and balances, and a live market data trading platform for equity lookups and simulated trades. Both services share a unified React frontend and are protected by AWS Cognito for user authentication and AWS WAF for request filtering at the API Gateway layer.

All infrastructure is defined in Terraform, making every component — from VPC rules to Kubernetes manifests — reproducible and version-controlled. A CI/CD pipeline automates container builds and rolling deployments so that code changes flow from commit to running pod with minimal manual intervention. IAM policies follow least-privilege principles throughout, ensuring each service only holds the permissions it requires.

Microservices

Core Banking

Handles user accounts, balance management, deposits, withdrawals, and transaction history. Backed by a self-hosted MySQL database running inside the Kubernetes cluster.

Market Trading

Connects to live market data APIs to display equity prices and execute simulated trades. Independently deployable with its own data store and API surface.

Security Layer

AWS WAF filters malicious requests at the API Gateway edge. Cognito handles authentication and token issuance. All internal service-to-service calls are scoped by IAM roles.

CI/CD Pipeline

Automated container builds trigger on code push, push images to a registry, and apply rolling Kubernetes deployments — enabling zero-downtime updates to both services.

Key Features

Self-managed Kubernetes cluster on Raspberry Pi hardware
Cloudflare Tunnel for secure public exposure — no open ports
AWS WAF + Cognito for edge security and authentication
Terraform IaC for reproducible cloud infrastructure
Two independently deployable microservices
Unified React frontend across both services
Self-hosted MySQL inside the cluster
Automated CI/CD pipeline with rolling deployments
IAM least-privilege policies per service
AWS API Gateway as unified entry point

Architecture

Architecture diagram / screenshot coming soon

This project is currently private. Repository link will be added when available.

Repository Coming Soon