Why our stack?
Why we choose our tech stack ¶
Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. Millions of customers—including the fastest-growing startups, largest enterprises, and leading government agencies—are using AWS to lower costs, become more agile, and innovate faster.
Build, Deploy, and Manage Websites, Apps or Processes On AWS' Secure, Reliable Network. AWS is Secure, Reliable, Scalable Services. HIPAA Compliant. Easily Manage Clusters. Global Infrastructure. Highly Scalable.
Read More: What is AWS
Why WAF (Well Architected Framework)❓
AWS Well-Architected helps cloud architects to build secure, high-performing, resilient, and efficient infrastructure for their applications and workloads. Based on five pillars — operational excellence, security, reliability, performance efficiency, and cost optimization — AWS Well-Architected provides a consistent approach for customers and partners to evaluate architectures, and implement designs that can scale over time.
Read More: AWS Well-architected
Why Infra as Code (IaC) & Terraform❓
Confidence: A change breaks the env? Just roll it back. Still not working? Build a whole new env with a few keystrokes. IaC enables this.
Repeatability: Allows your infra to be automatically instantiated, making it easy to build multiple identical envs.
Troubleshooting: Check source control and see exactly what changed in the env. As long as you are diligent and don’t make manual envs changes, then IaC can be a game changer.
DR: Require the ability to set up an alternate env in a different DC or Region. IaC makes this a much more manageable prospect.
Auditability: You will need to be able to audit both changes and access to an env, IaC gives you this right out of the box.
Visibility: As an env expands over time, is challenging to tell what has been provisioned. In the #cloud this can be a huge #cost issue. IaC allows tracking your resources.
Portability: Some IaC techs are #multicloud. Also, translating #Terraform from one cloud provider to another is considerably more simple than recreating your entire envs in a cloud-specific tool.
Security: See history of changes to your SG rules along with commit messages can do wonders for being confident about the security configs of your envs.
Terraform allows to codify your application infrastructure, reduce human error and increase automation by provisioning infrastructure as code. With TF we can manage infrastructure across clouds and provision infrastructure across 300+ public clouds and services using a single workflow. Moreover it helps to create reproducible infrastructure and provision consistent testing, staging, and production environments with the same configuration.
Terraform has everything we expect from a IaC framework: open source, cloud-agnostic provisioning tool that supported immutable infrastructure, a declarative language, and a client-only architecture.
AWS Organizations helps you centrally manage and govern your environment as you grow and scale your AWS resources. Using AWS Organizations, you can programmatically create new AWS accounts and allocate resources, group accounts to organize your workflows, apply policies to accounts or groups for governance, and simplify billing by using a single payment method for all of your accounts.
Why AIM and roles❓
AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.
- Integration and Fine-grained access control with almost every AWS service and its resources.
- Multi-factor authentication for highly privileged users.
- Analyze, monitor and audit access.
Security | Why Web Application Firewall (WAF), Cloud Trail, Config, Guarduty❓
Raise your security posture with AWS infrastructure and services. Using AWS, you will gain the control and confidence you need to securely run your business with the most flexible and secure cloud computing environment available today. As an AWS customer, you will benefit from AWS data centers and a network architected to protect your information, identities, applications, and devices. With AWS, you can improve your ability to meet core security and compliance requirements, such as data locality, protection, and confidentiality with our comprehensive services and features.
Amazon Virtual Private Cloud (Amazon VPC) is a service that lets you launch AWS resources in a logically isolated virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 for most resources in your virtual private cloud, helping to ensure secure and easy access to resources and applications.
Why Kubernetes (K8s) & AWS EKS❓
Kubernetes, also known as K8s, is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery. Kubernetes builds upon 15 years of experience of running production workloads at Google, combined with best-of-breed ideas and practices from the community.
Amazon Elastic Kubernetes Service (Amazon EKS) gives you the flexibility to start, run, and scale Kubernetes applications in the AWS cloud or on-premises. Amazon EKS helps you provide highly-available and secure clusters and automates key tasks such as patching, node provisioning, and updates. Customers such as Intel, Snap, Intuit, GoDaddy, and Autodesk trust EKS to run their most sensitive and mission critical applications.
EKS runs upstream Kubernetes and is certified Kubernetes conformant for a predictable experience. You can easily migrate any standard Kubernetes application to EKS without needing to refactor your code.
Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. This means customers of all sizes and industries can use it to store and protect any amount of data for a range of use cases, such as data lakes, websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics. Amazon S3 provides easy-to-use management features so you can organize your data and configure finely-tuned access controls to meet your specific business, organizational, and compliance requirements. Amazon S3 is designed for 99.999999999% (11 9's) of durability, and stores data for millions of applications for companies all around the world.
Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need.
Amazon RDS is available on several database instance types - optimized for memory, performance or I/O - and provides you with six familiar database engines to choose from, including Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle Database, and SQL Server. You can use the AWS Database Migration Service to easily migrate or replicate your existing databases to Amazon RDS.
Why Hashicorp Vault❓
As many organizations migrate to the public cloud, a major concern has been how to best secure data, preventing it from unauthorized access or exfiltration.
Deploying a product like HashiCorp Vault gives you better control of your sensitive credentials and helps you meet cloud security standards.
HashiCorp Vault is designed to help organizations manage access to secrets and transmit them safely within an organization. Secrets are defined as any form of sensitive credentials that need to be tightly controlled and monitored and can be used to unlock sensitive information. Secrets could be in the form of passwords, API keys, SSH keys, RSA tokens, or OTP.
HashiCorp Vault makes it very easy to control and manage access by providing you with a unilateral interface to manage every secret in your infrastructure. Not only that, you can also create detailed audit logs and keep track of who accessed what.
Manage Secrets and Protect Sensitive Data. Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.