26 Degrees Software is a cloud-native BIM platform engineered end-to-end on AWS. This page explains the architecture — which services we use, why we chose them, and how we plan to scale.
BIM models are large, irregularly accessed, and security-sensitive. They're also collaborative — the same model is touched by architects, engineers, contractors, and owners across multiple firms. AWS gives us the building blocks to handle all of that, while keeping a startup's burn rate sane.
Every request to 26 Cloud — from a Revit add-in syncing a model to a contractor checking a clash report on their phone — flows through this architecture.
Concrete examples of AEC&O workloads mapped to AWS services.
Revit add-in → pre-signed URL → S3 → Lambda (parser) → Aurora (metadata) → EventBridge
When a designer publishes a model, the Revit add-in uploads directly to S3 with a pre-signed URL. A Lambda extracts structure, families, and references; Aurora stores the metadata; EventBridge fans the change out to downstream services.
Step Functions → AWS Batch → Fargate workers → results in DynamoDB → WebSocket push to client
Cross-discipline coordination jobs are scheduled by Step Functions, executed by parallel Fargate workers, and streamed back to the client in real time. Customers only pay for compute while a job is running.
Client → API Gateway → Lambda → Bedrock (Claude / Llama / Titan) + vector store → streamed response
Project-scoped Q&A and risk analysis run on Amazon Bedrock with retrieval-augmented generation over a per-tenant vector index. Zero-retention contracts and tenant isolation keep customer data private.
S3 sources → Glue ETL → Lake Formation → Athena → Power BI / Tableau / QuickSight
Owners get a unified view across hundreds of models and projects. Glue normalizes BIM data into a Lake Formation data lake; Athena and QuickSight expose it to BI tools.
SAML / OIDC IdP → Cognito → tenant claims → API Gateway authorizers → per-resource IAM policies
Customers federate their existing identity provider into Cognito. Tenant-scoped JWTs gate every API call. Audit logs land in CloudTrail and are retained per customer policy.
Services → CloudWatch logs & metrics → X-Ray traces → alarms → oncall paging
Every Lambda and Fargate task emits structured logs and traces. Alarms route to oncall through SNS. A public status page is generated from CloudWatch synthetics.
How our AWS footprint and spend evolve as we grow.
Single region (us-east-1), serverless-first, multi-tenant SaaS. Early-access customers running ViewAQC Cloud and 26 Cloud Platform pilots.
Add Bedrock-powered AI Assist, Fargate workers for clash detection, multi-AZ Aurora, GuardDuty across accounts, CloudFront edge.
Active-passive DR in us-west-2, EU region for data residency, dedicated VPC tenancy and BYOK for enterprise customers, Lake Formation for Collectus.
Infrastructure as code with AWS CDK. Every change goes through CI/CD with automated tests. Runbooks live alongside the code.
Least-privilege IAM, KMS encryption everywhere, GuardDuty for runtime threats, CloudTrail for audit, Secrets Manager for credentials.
Multi-AZ by default. Idempotent APIs. Backups with point-in-time recovery. Documented RTO/RPO targets per tier.
Serverless for spiky workloads, GPU instances only when rendering, edge caching for 3D assets, autoscaling everywhere.
Lifecycle tiering on S3 (Standard → IA → Glacier), Savings Plans on steady compute, per-tenant cost allocation tags.
Regions selected for renewable energy mix, lifecycle policies to avoid storing data we don't need, autoscaling to zero where possible.
We're happy to walk technical teams, security reviewers, and AWS partners through the live architecture, the IaC repo structure, and our threat model. Reach out.