| |
COMMUNITY
AMAZON WEB SERVICES
|
| Notes based on ibCom's use of AWS to host mydigitalstructure.com. |
| BACKGROUND |
| mydigitalstructure is a fully hosted webapi and platform - a "backend as a service" - it allows developers to use a common model and set of methods to rapidly build modern enterprise apps.
Functionality ranges from hosting a public website through to full accounting.
There are 25 core objects (ie contacts, projects, invoices etc) with 700+ methods (ie add contact, search for contact).
mydigitalstructure is a fully hosted multi-tenanted environment that services 1000s of enterprise spaces - with demand changing from one moment to the next.
|
| DESIGN GOALS |
- Highly dynamic infrastructure that can react quickly to demand both on the up and the down.
- Self-managing - allowing the ibCom model and code to run within a set of infrastructure rules that requires minimal human interaction.
- Supply costs that are economically aligned with a competitive marketplace.
- Work with common well-proven standards (protocols) above and below the mydigitalstructure layer.
|
| EXECUTION |
| PHASE |
SERVICES |
1
|
- IAM, Identity Access Management, with Multi Factor Authentication (MFA)
- ELB, Elastic Load Balancers x 6
- Route53, DNS Management
- EIP, Elastic IP x 1
- EC2, Elastic Compute Service x 2+
- EBS, Elastic Block Store (Volume) with EC2
- RDS, Relational Database Service
- VPC, Virtual Private Cloud
- SES, Simple Email Service
- CLI, Command Line Interface
|
| 2 |
- Phase 1 +
- DynamoDB, Non-relational database service
- S3, Simple Storage Service
|
| Security Groups |
For managing port access - https access onto load balancers and then http to the EC2 app services within the VPC. |
IAM
|
Control access to services and access via command line interface, using sourceIP restrictions as a condition of the access policy. |
| VPC |
Virtual private cloud (network) - for isolated communication between services. |
| ELB |
Five load balancers to handle the core platform SSL/https access points:
- webapi: mydigitalstructure.com
- platform: 1blankspace.com
- + 2 to handle "classic" platforms
- + 1 to handle a retail service
ELB IP addresses are referenced via DNS names - allowing for arraying of the ELB appliances.
|
| Route53 |
DNS for CNAME entries for friendly names - including alias entries for root domains. |
| EIP |
One elastic IP address for administrative access. Not 100% required - may be eliminated in phase 2. |
| EC2 |
Servicing the http based app (where the code lives) and also for sharing the primary EBS volume. |
| EBS |
For file storage; as attachments to objects. Current app needs synchronise access to files - next phase will introduce the "in-lab" S3 based file storage. |
| RDS |
For model data storage. |
| SES |
For sending emails - each space (tenant) has its own domain verified for sending emails. Services adhoc emails and also eNews campaigns. Uses SMTP. Phase 2 will convert to webservice - so app lives with-in the http protocol. |
| CLI |
More a tool than a service - but important for scripting commands. Important use of sourceIP condition in policy. |
|
| USEFUL LINKS |
|
|
|
|
|
