...
The User Data Request Queue is a backed by SQS. Queue entries contain health code, email address, start date, and end date. (NOTE: It's probably a bad idea to have health code and email address live in the same place, even if only temporarily, as this means someone only needs to break into our AWS account to potentially get identified user health data. One alternative is to put just the email address in the SQS queue and have the Bridge User Data Download Service query Stormpath, but that still leaves us with personal identifying info in SQS.)
The Bridge User Data Download Service is a daemon process running in EC2. (TBD What framework? How is this deployed?) This process will poll the User Data Request Queue for user data requests. It then queries the HealthDataRecord and HealthDataAttachment DDB tables and the attachments S3 bucket to pull the raw health data records, bundles them up, and uploads them to S3. The service then sends an email to the user with a link to download their health data.
...