...
System Architecture
Diagram
Drawio | ||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Resources
Resource | Description | How is it used? |
---|---|---|
Route 53 | Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. For more information, please see Setting up Amazon Route 53 documentation | You can attach your domain name to the AWS Application Load Balancer to point to the Panintelligence dashboardAWS ACM |
AWS ACM | AWS Certificate Manager is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources. For more information, please see Setting up - AWS Certificate Manager documentation | In order to use port 443/HTTPS in the AWS Application Load Balancer, you will need an SSL certificate. |
AWS S3 Bucket | Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. For more information, please see AWS S3 Bucket documentation | The architecture requires the user to upload a lambda zip provided in the Git repository and another s3 bucket is created to store images, themes and excel-data. |
AWS Internet gateway | An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. For more information, please see Internet Gateways documentation | The Panintelligence dashboard requires web browser access. |
AWS IAM | AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. For more information, please see AWS IAM documentation | IAM permissions allows you to have fine grain control on who and what has access to resources. |
AWS Security groups | A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. For more information, please AWS Security Groups documentation | Increase protection to your infrastructure. |
AWS Application Load Balancer | Elastic Load Balancing automatically distributes your incoming traffic across multiple targets, such as EC2 instances, containers, and IP addresses, in one or more Availability Zones. It monitors the health of its registered targets, and routes traffic only to the healthy targets. For more information, please see AWS Application Load Balancer documentation | The ALB directs traffic to the healthy EC2 targets. |
AWS VPC | Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data centre, with the benefits of using the scalable infrastructure of AWS. For more information, please see AWS VPC documentation | We use the AWS VPC to launch resources in the virtual network. |
Subnets | You need to specify a logical address to specific resources. For more information, please see Subnets documentation | Configure resources to specific subnet cidr blocks. |
NACL | A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. For more information, please see NACL documentation | Configure additional security. |
AWS Lambda | AWS Lambda is a serverless compute service that lets you run code without provisioning or managing servers, creating workload-aware cluster scaling logic, maintaining event integrations, or managing runtimes. For more information, please see AWS Lambda documentation | The infrastructure uses AWS Lambda to side load S3 objects to AWS EFS |
AWS RDS MariaDB | Amazon Relational Database Service (Amazon RDS) is a web service that makes it easier to set up, operate, and scale a relational database in the AWS Cloud. For more information, please see AWS RDS MariaDB documentation | The Panintelligence dashboard uses AWS RDS MariaDB as an external DB. |
AWS EFS | Amazon Elastic File System (Amazon EFS) provides a simple, serverless, set-and-forget elastic file system for use with AWS Cloud services and on-premises resources. For more information, please see AWS EFS documentation | AWS EFS is used to keep persistent data for themes, images, SVG and custom jdbc |
AWS Auto scaling | AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost. For more information, please see AWS Auto scaling documentation | Auto scaling is used to increase or decrease the EC2 instances depending on traffic. |
AWS NAT gateway | A NAT gateway is a Network Address Translation (NAT) service. You can use a NAT gateway so that instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances. Please see AWS NAT gateway documentation | Allows you to use Panintelligence Automated Lincence Manager |
AWS ECS | Amazon Elastic Container Service (ECS) is a fully managed container orchestration service that simplifies running, scaling, and securing Docker container applications on AWS. It integrates seamlessly with other AWS services. | manages the containers in the microservice modelA |
AWS Cloudwatch | Amazon CloudWatch is a monitoring and observability service designed for DevOps engineers, developers, and IT managers. It provides real-time monitoring, logging, and alarms for AWS resources, applications, and services, ensuring operational health and performance optimization. | stores logs and container metrics and insights for monitoring, logging and scaling purposes. |
Service Quotas
Technical Data sheet
...