AWS
Last updated
Last updated
The environments are hosted on AWS where they are built using . Each environment consists of two Cloudformation stacks, templates for these are available in .
The database stack contains components with irreplaceable data. If the stack is destroyed, the data is lost. The stack contains the following resources:
MySQL database (RDS instance)
PostgreSQL database (RDS instance)
Security group for databases
Subnet for databases
Dataset bucket (S3)
Policies of dataset bucket
NFS network drive for images and its mount targets (EFS)
Security group for EFS
The stack takes the following parameters:
Environment name (pre-defined list)
Database subnets (pre-defined list)
User name and password for superuser in CKAN (postgreSQL) database
User name and password for superuser in WordPress (MySQL) database
The stack outputs following parameters:
Database security group
Dataset bucket
The application stack contains the components which can be replaced without data loss. The stack contains following resources:
Ubuntu 20.04 Virtual machine (EC2)
Security group for EC2
Ingress rules for database and EFS security groups in database stack.
Domain name for the portal and pgadmin if the environment manages its own domain.
Policies for EC2 instance to access S3 buckets
Elastic IP address if the environment does not manage its own domain, the IP address changes if the stack is destroyed.
The stack takes the following parameters:
Environment name (pre-defined list, should match database stack environment name)
Instance type (pre-defined list)
Database security group (select correct one from the list)
EFS security group (select correct one from the list)
Name of the EFS file system (copy from database stack. At the time of implementation AWS did not have api for this.)
Hosted zone id (select from route53 domains if the environment manages its own domain)
White listed ip address in cidr form for allowed ssh access (default value is Gofore office address)
2 client ip addresses for pgadmin access (pgadmin UI is available only to these addresses)
Git branch (which branch is used to install application stack)
The stacks are also depicted on the following figure:
Additionally to the stacks, each application stack requires access to secrets S3 bucket which is configured within the stack template.