Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

System Architecture

Diagram

Drawio
mVer2
simple0
zoom1
inComment0
pageId1893269513
custContentId1895202840
diagramDisplayNameUntitled Diagram-1722956734700.drawio
lbox1
contentVer1
revision1
baseUrlhttps://panintelligence.atlassian.net/wiki
diagramNameUntitled Diagram-1722956734700.drawio
pCenter0
width846
links
tbstyle
height781.5

Resources

Resource

Description

How is it used?

Route 53

Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. For more information, please see Setting up Amazon Route 53 documentation

You can attach your domain name to the AWS Application Load Balancer to point to the Panintelligence dashboardAWS ACM

AWS ACM

AWS Certificate Manager is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources. For more information, please see Setting up - AWS Certificate Manager documentation

In order to use port 443/HTTPS in the AWS Application Load Balancer, you will need an SSL certificate.

AWS S3 Bucket

Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. For more information, please see AWS S3 Bucket documentation

The architecture requires the user to upload a lambda zip provided in the Git repository and another s3 bucket is created to store images, themes and excel-data.

AWS Internet gateway

An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. For more information, please see Internet Gateways documentation

The Panintelligence dashboard requires web browser access.

AWS IAM

AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. For more information, please see AWS IAM documentation

IAM permissions allows you to have fine grain control on who and what has access to resources.

AWS Security groups

security group acts as a virtual firewall for your instance to control inbound and outbound traffic.  For more information, please AWS Security Groups documentation

Increase protection to your infrastructure.

AWS Application Load Balancer

Elastic Load Balancing automatically distributes your incoming traffic across multiple targets, such as EC2 instances, containers, and IP addresses, in one or more Availability Zones. It monitors the health of its registered targets, and routes traffic only to the healthy targets.  For more information, please see AWS Application Load Balancer documentation

The ALB directs traffic to the healthy EC2 targets.

AWS VPC

Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data centre, with the benefits of using the scalable infrastructure of AWS. For more information, please see AWS VPC documentation

We use the AWS VPC to launch resources in the virtual network.

Subnets

You need to specify a logical address to specific resources. For more information, please see Subnets documentation

Configure resources to specific subnet cidr blocks.

NACL

network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. For more information, please see NACL documentation

Configure additional security.

AWS Lambda

AWS Lambda is a serverless compute service that lets you run code without provisioning or managing servers, creating workload-aware cluster scaling logic, maintaining event integrations, or managing runtimes. For more information, please see AWS Lambda documentation

The infrastructure uses AWS Lambda to side load S3 objects to AWS EFS

AWS RDS MariaDB

Amazon Relational Database Service (Amazon RDS) is a web service that makes it easier to set up, operate, and scale a relational database in the AWS Cloud. For more information, please see AWS RDS MariaDB documentation

The Panintelligence dashboard uses AWS RDS MariaDB as an external DB.

AWS EFS

Amazon Elastic File System (Amazon EFS) provides a simple, serverless, set-and-forget elastic file system for use with AWS Cloud services and on-premises resources. For more information, please see AWS EFS documentation

AWS EFS is used to keep persistent data for themes, images, SVG and custom jdbc

AWS Auto scaling

AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost. For more information, please see AWS Auto scaling documentation

Auto scaling is used to increase or decrease the EC2 instances depending on traffic.

AWS NAT gateway

A NAT gateway is a Network Address Translation (NAT) service. You can use a NAT gateway so that instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances. Please see AWS NAT gateway documentation

Allows you to use Panintelligence Automated Lincence Manager

AWS ECS

Amazon Elastic Container Service (ECS) is a fully managed container orchestration service that simplifies running, scaling, and securing Docker container applications on AWS. It integrates seamlessly with other AWS services.

manages the containers in the microservice modelA

AWS Cloudwatch

Amazon CloudWatch is a monitoring and observability service designed for DevOps engineers, developers, and IT managers. It provides real-time monitoring, logging, and alarms for AWS resources, applications, and services, ensuring operational health and performance optimization.

stores logs and container metrics and insights for monitoring, logging and scaling purposes.

Service Quotas

Technical Data sheet

...