Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

Our PRD environment The Tidepool Data platform relies on a number of other AWS-provided services

Live Search
spaceKey@self
additionalpage excerpt
placeholderSearch this space

  • AWS S3

    • daily, encrypted backups of MongoDB replica set

    • raw device upload data

    • logs of all access to AWS resources via CloudTrail, CloudWatch, Config

    • Note: S3 is not region-specific. Even if US-West 2 goes down entirely (a catastrophic event that would cause major Internet service disruption), S3 is still available. This would allow Tidepool to deploy a new production environment in a new region in a matter of hours.

  • AWS Simple Email Service (SES)

    • Used to send all Tidepool service emails (e.g., new account verification, forgot password)

    • Two dedicated SES instances assist in security/logging of email/email monitoring

  • AWS DynamoDB

    • Used for saving application metrics and Analytics development

  • AWS Route53: provides Tidepool DNS

  • AWS CloudTrail: records AWS API calls

  • AWS CloudWatch: provides monitoring for AWS cloud resources and applications

  • AWS CloudFormation: management and provisioning of AWS resources

  • AWS Config: resource inventory, configuration history, and configuration change notifications for security and governance

  • AWS EKS: managed Kubernetes (k8s) services

  • AWS Secrets Manager: handling/storing/providing sensitive configuration data

  • AWS GuardDuty: network security monitoring

  • AWS ELB: Amazon Elastic Load Balancing

  • AWS SNS/wiki/spaces/TSEC/pages/730398964: Amazon Simple Notification Service - triggered relay of logs and notifications

  • AWS ASG: Auto Scaling Groups assist in maintaining and dynamically adjusting desired number of systems/resources

  • AWS VPC: Virtual Private Cloud logically separates and defines network and compute environment resources

Page Tree

All environments are configured identically to PRD Production, with these differences:

  • Separate networking environment, database and compute

  • Reduced resource demands (smaller environment)

All of the instances in each environment are self-contained in AWS Virtual Private Cloud (VPC) to allow network isolation so a change in Development has no way to affect anything in Production.

There are also a variety of support infrastructure components for each environment (load balancers, auto-scaling, public/private networks, monitoring and logging, metrics, etc.). These resources are accessed by the environments as common services in a separate cluster.