Featured Project

Profiles by Riskwest.

A web-based event risk profiling tool used by organisations to model and gain an understanding of those activities that could pose risk or present opportunity for the organisation.

How it was done

Profiles by Riskwest - two data/API driven, serverless web apps.

React.js for the frontend, and AWS managed GraphQL API service (AppSync) on backend.

The ‘client’ app provides organisations with project risk modelling and risk assessment profiles. The ‘admin’ app is a dashboard used by Riskwest administrators to manage users, create event-based risk templates, and for app analytics.

The data requirements, specifically the serving and storage of data, was pivotal in determining the application architecture. More specifically, Riskwest client data needs to be stored within Australia.

We also wanted to utilise managed, serverless services where possible to reduce development time, and ongoing infrastructure and maintenance costs. This led to the decision to select Amazon Web Services (AWS) managed GraphQL API service (AppSync) and local data centre to manage, store and deliver the application data to the web apps. We also chose to leverage Amazon Cognito for access control for both of the apps.


The ‘client’ frontend app provides users with a dashboard that lists their saved risk assessments. They can create new risk profiles and / or update existing profiles should potential risks change. Managers can see risk profiles that belong to them and their staff. Risk assessments can also be printed from the app.

The ‘admin’ frontend dashboard app is role based, and authorised Riskwest administrators can create risk templates, create / manage user accounts, and assign risk templates to users. Existing templates can be cloned, and edited for specific users / clients.

Both the client risk profiling app and the Riskwest administration app are built with React, and make use of the same API. These frontend apps are compiled and served as static sites and hosted on Amazon S3 (Simple Cloud Storage) utilising Amazon Cloudfront (Content Delivery Network). To manage our frontend data and state management, we used Apollo Client for fetching our GraphQL queries, caching the data, and performing data mutations to the database. We can also manage real-time data updates with AppSync’s managed GraphQL subscriptions.

To handle app authentication and authorisation, that is sign-up, sign-in, password recovery, and API access control, we integrated the managed Amazon Cognito service, and manage user sessions in the React apps.


Amazon Cognito manages our pool of users, and handles authentication and user authorisations to the resources they are trying to connect to.

Riskwest client data needs to be stored within Australia. We used AWS’s managed GraphQL API service, AppSync, to define our API schema, to attach our resolvers, and connect them to a data source - in this case AWS DynamoDB database tables, located in Australia. AppSync allows us to further customise resolvers, data sources, and allows for GraphQL subscriptions for real-time updates.

Our database, DynamoDB, is a fully managed NoSQL database that stores the data in tables. It’s a server less database and scales on demand, with fine grain options available to customise to suit specific needs. Database backups are easily configured and set.


The frontend applications are hosted on Amazon S3 (Simple Cloud Storage) utilising Amazon Cloudfront (Content Delivery Network). Amazon Cognito for the user and identity pools. The API via the managed AWS AppSync service, and the data on Amazon DynamoDB.


Client App Dashboard
Create Profile Wizard
Profiles List View
Admin App Dashboard

Let's work together


© 2021 Gramercy Studios Pty. Ltd. All rights reserved.