Cloud Architecture

Production-grade infrastructure as code on AWS.

AWS VPC

Completed

CIDR: 10.0.0.0/16

Subnets: 3 Public, 3 Private (Multi-AZ)

Gateways: Internet Gateway (IGW) for public subnets, NAT Gateway for private outbound.

EKS Cluster

Completed

Version: Kubernetes 1.28

Node Group: Managed, t3.medium, Auto-scaling (1-3 nodes)

IAM: IRSA (IAM Roles for Service Accounts) with OIDC provider.

Amazon RDS

Completed

Engine: PostgreSQL 16

Instance: db.t3.micro

Storage: 20GB gp3 (Encrypted)

Security: Accessible only from EKS Node Security Group (Port 5432).

Amazon MSK

Completed

Engine: Apache Kafka 3.5.1

Brokers: 3 Nodes (kafka.t3.small)

Encryption: TLS in transit, KMS at rest.

ElastiCache

Completed

Engine: Redis 7.0

Instance: cache.t3.micro

Security: AUTH token enabled, Private Subnet placement.

Local Development

For local testing on WSL, we replicate the AWS environment using:

  • Minikube (Docker Driver) simulating EKS.
  • Helm Charts for PostgreSQL, Kafka (Bitnami), Redis, and Jaeger.
  • SPIRE Server deployed via Helm for identity management.
  • Port Forwarding for accessing services (Jaeger UI, etc.).