Refactoring a commerce monolith without trading simplicity for chaos.

Order management and inventory validation lived inside one application. The coupling made targeted scaling difficult and allowed an inventory failure to take down checkout—turning a local dependency problem into a customer-facing outage.

The objective was not simply “move to microservices.” It was to create clear ownership boundaries, preserve data integrity, and improve recovery without adding unnecessary operational burden.

I analysed the existing domain boundaries, separated order and inventory responsibilities, and introduced an API gateway as the controlled entry point. Each service owns its data and deployment lifecycle.

Communication remained synchronous where checkout needed an immediate answer, while events handled inventory changes and work that could tolerate eventual consistency.

The request path keeps authentication and routing at the edge, business rules inside their owning service, and resilience around the inventory dependency.

A Resilience4J circuit breaker between the Order and Inventory services monitors failure rates, slow calls, and timeouts. When inventory becomes unhealthy, the breaker opens before blocked calls can exhaust the Order service’s resources.

The fallback path returns a safe temporary state or queues an order for revalidation, depending on the flow. Idempotency keys make retries safe, and bounded timeouts ensure every request has a predictable lifecycle.

Each service owns a PostgreSQL schema; no tables are shared. Hot inventory reads are cached in Redis with short TTLs, then invalidated from InventoryChangedEvent messages.

This keeps the cache a performance layer rather than a hidden source of truth. Event consumers are idempotent, and stale-data windows are explicit and measurable.

Services are containerised and deployed independently to AWS ECS on Fargate. Infrastructure is defined with Terraform and released through CI/CD with health checks and progressive rollout gates.

Prometheus metrics, Grafana dashboards, structured logs, and distributed traces expose request rate, latency, error percentage, cache behaviour, and circuit-breaker state.

The new boundaries enabled independent scaling and deployment while isolating failures. Caching reduced pressure on inventory storage and improved the critical checkout path.

Splitting code is the easy part. The real work is defining ownership, failure behaviour, data consistency, and operational signals. Microservices earned their place here because the new boundaries matched distinct scaling and reliability needs—not because the pattern was fashionable.