Instagram — Naive (API-Proxied Upload + No CDN)

Instagram is one of the most frequently asked system design interview questions because it combines media upload and processing, social graph traversal, feed generation, and global content delivery into a single problem. Companies like Meta, Pinterest, TikTok, Snapchat, and Twitter ask variants of this question because it tests a candidate's ability to reason about bandwidth constraints, storage scaling, caching strategies, and the fundamental trade-offs between consistency and latency in media-heavy systems.

The naive approach uses the simplest possible architecture: a single MediaService backed by PostgreSQL and basic S3 storage. When a user uploads a photo, the entire 2MB image is sent as a multipart POST request to the API server. The MediaService receives the full payload in memory, validates the file type (JPEG, PNG, HEIC) and size, generates a 150px thumbnail synchronously using libvips (taking 300-500ms of CPU time), uploads both the original and thumbnail to S3 via the AWS SDK PutObject API, inserts a media record into PostgreSQL, and finally returns 201 Created with the media_id. Every byte of the image passes through the API server — at 100 uploads/sec, this means 200MB/sec of image data flowing through the service tier, consuming network bandwidth and memory that could otherwise serve feed reads.

Feeds are constructed using a pure pull model. When a user opens their feed, the MediaService executes a JOIN query: SELECT posts.* FROM posts JOIN follows ON posts.author_id = follows.followee_id WHERE follows.follower_id = ? ORDER BY created_at DESC LIMIT 20. This query runs on every single feed request — there is no pre-computed feed cache. At 600 feed reads/sec, the database handles 600 complex JOIN queries per second, each scanning the follows index to find the user's followed accounts and then the posts index to find recent content. The query complexity grows with the number of followed accounts — a user following 1,000 accounts triggers a massive IN clause that forces PostgreSQL to scan thousands of index entries.

There is no CDN. All image reads hit the S3 origin directly. A user in Tokyo loading a feed with 5 images makes 5 separate requests to S3 in us-east-1, each adding 150-200ms of network latency. The total image loading time for a single feed page is 750-1000ms — dramatically worse than the 25-50ms that a CDN edge location would provide. At 600 feed reads/sec with 5 images per feed, the system generates 3,000 S3 GET requests/sec for images alone, all hitting the origin.

The architecture has no async processing pipeline. Thumbnail generation is synchronous — the user waits 300-500ms for libvips to resize the image before getting a response. There is no Kafka event stream, no worker pool, no multiple image variants (only original + thumbnail). Medium-resolution (600px) and high-resolution (1080px) variants that modern Instagram requires are simply not available.

Interviewers expect candidates to identify three critical bottlenecks: (1) API server bandwidth saturation from proxying image bytes, (2) pull-model feed queries that create O(followed_accounts) JOIN complexity on every read, and (3) absence of CDN causing global latency penalties. The progression from this naive approach to presigned URL uploads (V1) and then to async media pipelines with hybrid feed (V2) demonstrates the candidate's ability to evolve an architecture as requirements scale.

The naive Instagram system is a four-component architecture: Client, Load Balancer, MediaService, MediaDatabase (PostgreSQL), and MediaStorage (S3). There is no CDN, no cache, no event stream, no async workers, and no separation between upload handling and feed serving.

All traffic enters through the Load Balancer (AWS ALB), which distributes requests to MediaService pods using round-robin. The ALB handles up to 10K RPS — well above the system's actual limits, which are constrained by API server bandwidth and database query capacity. The ALB adds approximately 1.5ms of routing latency and must be configured for large request bodies (up to 10MB for image uploads) by increasing the default body size limit.

The MediaService is a monolithic application handling five distinct operations. Image upload (10% of traffic by count, 90%+ by bytes): receives the full 2MB image as multipart form data, buffers it in memory, validates format and size, generates a 150px thumbnail synchronously using libvips (~400ms CPU), uploads both original and thumbnail to S3 via PutObject, and inserts a media record into PostgreSQL. Post creation (10%): validates the media_id, inserts a post record with author_id, caption, and S3 URLs. Feed read (60%): executes the JOIN query across follows and posts tables to construct a reverse-chronological feed. Post detail (15%): simple indexed PK lookup. Like toggle (5%): atomic counter increment on the posts table.

The MediaService runs on 3 ECS Fargate pods with 4 vCPU and 8 GB memory each. At 50 threads per pod (150 total), the service can handle approximately 250 uploads/sec (limited by the 400ms thumbnail generation per upload consuming CPU) and 10K reads/sec (limited by the 15ms average processing time). The bottleneck shifts depending on traffic mix: during upload spikes, CPU is saturated by thumbnail generation; during read spikes, database connections are saturated by JOIN queries.

PostgreSQL stores four tables: users (profile data), posts (content records with S3 URLs), follows (social graph edges), and media (upload metadata). All four tables share a single RDS instance with 100 max connections. The feed query is the heaviest operation: it JOINs follows with posts, filters by follower_id, sorts by created_at DESC, and returns 20 rows. At 600 feed reads/sec, this JOIN dominates database CPU. There are no read replicas — all reads and writes hit the same primary instance.

MediaStorage (S3) stores original images and thumbnails. There are no presigned URLs — all uploads go through the MediaService using the AWS SDK. Images are served to clients via direct S3 origin URLs returned in API responses. Without CDN, every image read hits S3 in us-east-1, adding 50-200ms latency depending on the client's geographic location. S3 handles the throughput adequately (S3 supports thousands of GET requests/sec per prefix), but the latency penalty for global users is severe.

Vertical scaling for PostgreSQL (upgrade instance size). Horizontal scaling for MediaService via pod count increase (3 -> 6 -> 12 pods). Auto-scaling trigger: CPU utilization > 70% for 3 consecutive minutes. The ceiling is approximately 200 uploads/sec regardless of pod count because the bandwidth bottleneck is fundamental — each upload proxies 2MB through the API tier. Beyond this ceiling, architectural changes are required: presigned URL uploads (V1) to eliminate API proxying, and CDN (V1) to offload image reads from S3 origin.

Key metrics to monitor: (1) API server network throughput (bytes/sec) — the primary bandwidth indicator. Alert at 500MB/sec (50% of 10Gbps capacity). (2) Thumbnail generation duration (p50, p99) — should be 300-500ms. Alert at p99 > 800ms indicating CPU contention. (3) Feed JOIN query latency (p50, p99) — alert at p99 > 500ms. (4) PostgreSQL active connections — alert at 70/100, critical at 85/100. (5) S3 GET latency — alert at p99 > 300ms indicating origin degradation. (6) Upload success rate — alert if drops below 99%. Dashboard: Grafana with panels for upload throughput (images/sec), feed latency histogram, DB connection pool usage, S3 latency, and API server bandwidth consumption.

At 100 uploads/sec baseline: RDS db.r7g.xlarge (~$350/month), S3 Standard (~$500/month for 500TB), ECS Fargate 3 pods 4vCPU/8GB (~$250/month), ALB (~$30/month). Total: ~$1,130/month. This is the cheapest variant but breaks down beyond 200 uploads/sec due to API bandwidth saturation. The V1 CDN variant at 5K uploads/sec costs approximately $3,000/month but handles 25x the upload throughput — the per-upload cost decreases from $0.011/upload to $0.0006/upload as you scale past the naive approach's ceiling.

Image validation: all uploaded images are validated for file type (magic bytes, not just extension) and scanned for malware before storage. Size limits enforced at both ALB (10MB body limit) and application level. User authentication via JWT tokens validated on every request (~3ms overhead). No presigned URLs means all S3 access is server-side — clients never have direct S3 credentials. Rate limiting at 1K RPS per user to prevent upload abuse. Content moderation is not implemented in the naive approach — production systems require NSFW detection and content policy enforcement.

Rolling deployment for MediaService — replace one pod at a time while the ALB routes traffic to remaining pods. Database migrations run during low-traffic windows with brief maintenance for schema changes requiring table locks. S3 requires no deployment — objects are immutable once written. Zero-downtime deployment achievable for service code changes but not for PostgreSQL schema changes that add indexes on large tables (posts, follows).