Reef Bloom Play Guide Species Reef Education Newsletter Contact
← Part 2: A Reef You Can Hold
Issue 12 Week of June 16, 2026 Editorial · Part 3 of 3

The Same Reef, Every Window

Part two put the reef in your hand. Part three answers the question that immediately follows: if the reef can live in a browser, a phone, and an app, which copy is the real one? The answer is optional sign-in and cloud save sync — and, in keeping with everything this dispatch believes, it does absolutely nothing until you ask it to.

A reef that can be in three places has a problem the old single-window reef never did. Until now, your save has lived in one browser on one machine, written to local storage and never leaving it — which is private and instant and completely stranded. Open the game somewhere else and you start from sand. The final piece of the bigger thing closes that gap: you can now, if you want, sign in, and your reef will follow you between the desktop site, the phone edition, and the app. Three windows, one reef. This is the part that makes the other two parts mean something.

Sign-in, the boring-on-purpose way

The whole thing is built on AWS and is, by design, almost aggressively unremarkable. Sign-in uses the Cognito Hosted UI — a plain email-and-password account with sign-up and verification handled for us — over the standard authorization-code flow with PKCE. There is no authentication SDK loaded into the game; the entire exchange is, as the source comment cheerfully puts it, "two fetches." Once you are signed in, the game trades your identity token for temporary AWS credentials and talks directly to a single database table.

That table is DynamoDB, on-demand, and it is guarded by the one detail we want to call out because it is the difference between a feature and a liability: an IAM policy condition — LeadingKeys — that makes it physically impossible for your credentials to read or write any item but your own. You cannot touch another player's reef, and they cannot touch yours, not because the app politely declines but because the permission to do so was never issued. Each save syncs per slot on a newest-wins basis, and an erased slot leaves a tombstone behind so that a deletion travels between your devices as faithfully as a creation does.

The safest cloud feature is the one that cannot misbehave because it was never given the keys to. We did not ask the code to be trustworthy; we arranged for it to be incapable of betrayal.

Dormant until you say otherwise

Here is the part that will surprise no one who has read this dispatch for long. All of this is off. Out of the box, with no backend configured, the game renders no sign-in button, loads no cloud code, and keeps your reef exactly where it has always been — in your own browser, local and yours. The entire apparatus stays dormant until a single configuration file is filled in with a real backend; until that moment it is as if none of it exists. Inside the native iOS shell, where browser-style redirect sign-in needs extra native plumbing we have not laid, the feature simply reports itself unavailable and steps aside. Nothing nags. Nothing assumes. Cloud sync is a door you may open, never one you trip over.

Infrastructure Spotlight
infra/reef-auth.yaml
CloudFormation · one template
SERVERLESS

The entire backend — the user pool, the identity pool that vends credentials, the locked-down database table, and the precise IAM permissions that fence each player into their own row — is described in a single CloudFormation template and deployed by one command through a manual workflow. There are no servers to patch, no machine running at three in the morning waiting for traffic that may never come. It is serverless and on-demand, which at the dispatch's honest current scale means it costs approximately nothing, and that is exactly the point.

Long-time readers will recognise the through-line. Issues nine and nine-and-a-half were confessions about money — what the reef costs to run, the dream of merely breaking even. A backend that is free when idle is the same value in a different key: we would rather build the thing that can wait quietly for you than the thing that bleeds whether or not you arrive.

Where the reef can go

So that is the whole of it, finally said out loud across three issues. The bigger thing was never one feature. It was a place, or rather the freedom to be in any of them: a reef that gives its fish a home, that fits in a hand, that can follow you between every screen you own and still be the same reef when you arrive. We spent issues six through eight refusing to name it because, honestly, we were not sure we could build it. It is built. It is yours, in whichever window you like, and — should you ever want it to — everywhere at once.

— The Reef Bloom team

↩ Back to Part 1 ← Back to dispatch