/monorepo
DeploymentDeploy to AWS

Database & Caching

Architecture of the persistence layer (Aurora & Valkey).

Our persistence layer is composed of Amazon Aurora Serverless V2 (PostgreSQL) for relational data and Valkey (Redis) for caching and queues.

Aurora PostgreSQL

We use Amazon Aurora Serverless V2, which automatically scales compute capacity to match your application's demand.

Configuration

  • Engine: Aurora PostgreSQL (Compatible with PostgreSQL 14).
  • Scaling:
    • Min ACU: 0.5 (Approx. 1 GB RAM).
    • Max ACU: 2.0 (Approx. 4 GB RAM).
  • Data API: Enabled. Allows serverless query execution without managing persistent connections.
  • Storage: Encrypted at rest using AWS KMS.

Security

  • Access: The database is not publicly accessible. It accepts connections only from:
    • App Runner Services: Via VPC Connector.
    • Bastion Host: For administrative access.
  • Credentials: Managed by AWS Secrets Manager. The application retrieves the secret ARN and fetches credentials at runtime.

Valkey (Redis)

We use Amazon ElastiCache (Valkey) for high-performance caching and job queues.

Configuration

  • Engine: Valkey (Redis compatible).
  • Topology: Cluster mode disabled (or enabled depending on specific needs, default is single node/cluster).
  • Port: 6379.

Security

  • Network: Accessible only within the VPC.
  • Encryption: Encrypted in transit and at rest.

Connecting to the Database

To connect to the private database from your local machine, you must use AWS Systems Manager (SSM) to create a port forwarding tunnel via the Bastion Host.

Prerequisites

  1. AWS CLI configured with appropriate permissions.
  2. Session Manager Plugin installed (Install Guide).

Start the Tunnel

The BastionStack outputs a ready-to-use command to start the tunnel. You can find this in the CloudFormation console outputs or by running:

cdk describe BastionStack

The command looks like this:

aws ssm start-session \
  --target i-0ff11303127a49abb \
  --document-name AWS-StartPortForwardingSessionToRemoteHost \
  --parameters '{"host":["corestack-auroracluster...rds.amazonaws.com"],"portNumber":["5432"], "localPortNumber":["5433"]}'
  • target: The Instance ID of the Bastion Host.
  • host: The endpoint of the Aurora Cluster.
  • portNumber: The remote database port (5432).
  • localPortNumber: The port on your local machine to forward to (e.g., 5433).

Once the tunnel is active, you can connect to the database using localhost:5433.

Infrastructure Core

Core infrastructure components including VPC, Database, and Caching.

Application Deployment

How applications are deployed using AWS App Runner and API Gateway.

On this page

Aurora PostgreSQLConfigurationSecurityValkey (Redis)ConfigurationSecurityConnecting to the DatabasePrerequisitesStart the Tunnel