AWS

The environments are hosted on AWS where they are built using Cloudformation templates. Each environment consists of two Cloudformation stacks, templates for these are available in https://github.com/6aika/sixodp-infra.

Database stack

The database stack contains components with irreplaceable data. If the stack is destroyed, the data is lost. The stack contains the following resources:
  • MySQL database (RDS instance)
  • PostgreSQL database (RDS instance)
  • Security group for databases
  • Subnet for databases
  • Dataset bucket (S3)
  • Policies of dataset bucket
  • NFS network drive for images and its mount targets (EFS)
  • Security group for EFS
The stack takes the following parameters:
  • Environment name (pre-defined list)
  • Database subnets (pre-defined list)
  • User name and password for superuser in CKAN (postgreSQL) database
  • User name and password for superuser in WordPress (MySQL) database
The stack outputs following parameters:
  • Database security group
  • Dataset bucket

Application stack

The application stack contains the components which can be replaced without data loss. The stack contains following resources:
  • Ubuntu 20.04 Virtual machine (EC2)
  • Security group for EC2
  • Ingress rules for database and EFS security groups in database stack.
  • Domain name for the portal and pgadmin if the environment manages its own domain.
  • Policies for EC2 instance to access S3 buckets
  • Elastic IP address if the environment does not manage its own domain, the IP address changes if the stack is destroyed.
The stack takes the following parameters:
  • Environment name (pre-defined list, should match database stack environment name)
  • Instance type (pre-defined list)
  • Database security group (select correct one from the list)
  • EFS security group (select correct one from the list)
  • Name of the EFS file system (copy from database stack. At the time of implementation AWS did not have api for this.)
  • Hosted zone id (select from route53 domains if the environment manages its own domain)
  • White listed ip address in cidr form for allowed ssh access (default value is Gofore office address)
  • 2 client ip addresses for pgadmin access (pgadmin UI is available only to these addresses)
  • Git branch (which branch is used to install application stack)
The stacks are also depicted on the following figure:
Additionally to the stacks, each application stack requires access to secrets S3 bucket which is configured within the stack template.