How We Architected PassPoint to Scale - A Serverless Story

At BufferBytes, we enjoy building products that quietly remove chaos from everyday workflows. PassPoint is one such product, a visitor experience platform that feels simple to use, yet is backed by a deeply thought‑out architecture designed for scale, security, and reliability.

This is not a checklist of AWS services. This is the story of why we made the choices we did, and how those choices helped us build a system that scales effortlessly.

The Problem That Sparked PassPoint

Anyone who has spent time in an office building has seen the same scene repeat itself. Visitors wait at the gate. Security teams juggle registers and phone calls. Employees are interrupted. Time is wasted.

Now imagine this happening not once or twice a day, but hundreds of times across multiple companies, interview drives, vendor visits, and events.

We realized the problem wasn’t just inefficiency. It was scale. Traditional processes simply don’t grow well.PassPoint was our answer to that.

What PassPoint Does

PassPoint digitizes the entire visitor journey. Companies issue visitor passes ahead of time for interviews, meetings, or general visits. Visitors receive these passes via email or WhatsApp, each containing a unique QR code.

When the visitor arrives, the security team scans the QR code using a mobile app. Verification happens instantly. Entry is logged automatically. No paperwork. No delays.

To the visitor and the security team, this feels effortless. Behind the scenes, however, every scan triggers a chain of events that must be fast, reliable, and secure regardless of how many visitors arrive at once.

Designing With Uncertainty in Mind

One thing we knew early on was that visitor traffic would never be predictable. Some days are quiet. Other days bring sudden spikes, hiring drives, audits, or large corporate events.

We didn’t want to over‑provision infrastructure for worst‑case scenarios, and we didn’t want to risk downtime when traffic surged.This uncertainty pushed us toward a serverless mindset.

Why Serverless Fit Our Problem

Serverless doesn’t remove servers, it removes the need to manage them.

By building our backend services using AWS Lambda, we allowed the platform to scale naturally with demand. A single QR scan triggers a single execution. Thousands of scans trigger thousands of executions automatically.

Our services are written in Python using Flask, packaged and deployed as Lambda functions, and exposed through API Gateway. This setup meant we no longer had to think in terms of machines or capacity. We could think purely in terms of business logic.For a small team building a fast‑growing product, that shift was powerful.

The Database Reality of Serverless Systems.

While compute scales easily in a serverless world, databases do not.Each Lambda execution can attempt to open a database connection. Under high concurrency, this can overwhelm even a well‑provisioned database, leading to slowdowns or failures.

Ignoring this problem is one of the most common mistakes in serverless architectures. We wanted to address it head‑on.

Aurora PostgreSQL as the Foundation

We chose Amazon Aurora PostgreSQL because it combines the familiarity of PostgreSQL with the reliability of a managed AWS service. Aurora handles storage scaling, replication, and availability in a way that would otherwise require significant operational effort.Aurora became the backbone of PassPoint, but it still needed protection from Lambda’s aggressive scaling behavior.

RDS Proxy: The Quiet Stabilizer

This is where RDS Proxy entered the picture.

Instead of allowing each Lambda function to open and close its own database connection, RDS Proxy acts as a smart intermediary. It maintains a pool of reusable connections and hands them out to Lambda executions as needed.The result is subtle but transformative. Sudden traffic spikes no longer translate into database stress. Connection limits are respected. Latency becomes predictable.If Aurora is the backbone of PassPoint, RDS Proxy is the shock absorber.

Security Through Network Isolation

Security was never an afterthought for us.

We placed PassPoint inside a Virtual Private Cloud (VPC), which is essentially our own isolated network within AWS. All backend services and the database live inside private subnets, completely inaccessible from the public internet.

This design ensures that sensitive data is never exposed directly, even if an external endpoint is compromised. Only controlled, authenticated paths exist into the system.

Controlled Developer Access

Developers still need access for debugging and maintenance, but that access must be deliberate.
For this, we use a bastion host, a single EC2 instance placed in a public subnet. Engineers connect to this machine under strict access controls and then reach private resources from within the VPC. All the sensitive data such as PII (Personally Identifiable Information) are strictly masked at a database level for compliance.
This approach keeps the system secure without slowing down development.

Authentication Without Reinventing It

Authentication is critical, complex, and easy to get wrong.

Rather than building our own auth system, we relied on Amazon Cognito. Cognito manages company logins, token issuance, and user lifecycle management, integrating seamlessly with API Gateway and Lambda.

This allowed us to keep authentication concerns separate from core product logic.

Storing Visitor Passes at Scale

Visitor passes, including QR codes and related assets, are stored in Amazon S3. S3’s durability and near‑infinite scalability make it ideal for assets that must always be available, yet don’t require compute resources.

When a pass is scanned at the gate, the system never directly exposes these files. Validation flows through backend services, ensuring both performance and security even under heavy load.

The Frontend: Fast, Simple, and Globally Available

While much of the complexity in PassPoint lives on the backend, the frontend experience is just as important.

We built the PassPoint frontend using Next.js, which gave us a clean developer experience, fast page loads, and the flexibility to build both static and dynamic experiences. Authentication flows integrate seamlessly with Amazon Cognito, keeping the frontend secure without becoming complicated.

The application is hosted on AWS Amplify, which handles global content delivery, HTTPS, and CI/CD out of the box. Every frontend change flows smoothly from commit to production, without manual intervention.

For us, Amplify paired naturally with a serverless backend removing deployment friction and ensuring the UI scales just as effortlessly as the APIs behind it.

The Security Gate Experience: Built for Speed and Reliability

The most critical moment in PassPoint’s lifecycle happens at the security gate.

Security personnel cannot afford delays, retries, or confusing interfaces. They need something that works instantly, even during peak hours.

For this, we built a dedicated mobile application using Flutter. The app allows security teams to scan visitor QR codes, verify passes in real time, and log entries without friction.

Beyond scanning, the app also surfaces daily planned visits provided by companies, giving security teams visibility into who is expected, when, and why. This small detail significantly improves preparedness and reduces on‑ground confusion.

Flutter allowed us to deliver a smooth, performant experience across devices while sharing a single codebase. Combined with our serverless backend, the mobile app remains fast and responsive even during high‑traffic periods.

Scheduled Work Without Servers

As PassPoint matured, real-time visitor verification was no longer the only requirement. Reporting became equally important. Companies wanted daily summaries of visits, admins needed a platform-wide view, and facility teams relied on periodic data to plan staffing and operations.

In a traditional setup, this usually means running cron jobs on long-lived servers, machines that sit idle most of the day but still need patching, monitoring, and care. We deliberately chose not to go down that path.

Instead, we relied on Amazon EventBridge to schedule and trigger background jobs. At predefined intervals, EventBridge invokes Lambda functions that generate reports, aggregate data, and send results to the right stakeholders.

Once the job finishes, the infrastructure simply disappears. There are no servers waiting around, no processes to babysit, and no hidden costs during idle hours. Scheduled work scales, executes, and fails independently, perfectly aligned with the rest of our serverless system.

Infrastructure as Code

As the system grew, one thing became very clear: manually managing infrastructure does not scale for teams or products.

We adopted the Serverless Framework to define the entire PassPoint infrastructure in code. Lambda functions, API Gateway routes, IAM permissions, VPC configurations, scheduled jobs, everything lives in version control.

This approach changed how we work. Infrastructure changes are reviewed like application code. Deployments are predictable and repeatable. Environments can be recreated without tribal knowledge or console archaeology.

Infrastructure as Code didn’t just reduce errors, it reduced stress. It allowed the team to move faster with confidence, knowing the system was always defined, documented, and reproducible.

What This Architecture Gave Us

Over time, the benefits of these decisions became obvious.
PassPoint scales naturally. Whether there are a handful of visitors or thousands arriving within minutes, the system behaves the same way. No special modes, no manual scaling, no surprises.

Security is built in from the ground up. Network isolation, controlled access, and managed authentication ensure sensitive data is protected by default, not as an afterthought.

Operational overhead stays low. We spend far less time maintaining infrastructure and far more time improving the product. For a small team, that focus is invaluable.

Most importantly, this architecture gives us confidence, confidence that PassPoint will perform reliably during the moments that matter most, when visitors are waiting at the gate and failure simply isn’t an option.