/monorepo
DeploymentDeploy to AWS

Infrastructure Core

Core infrastructure components including VPC, Database, and Caching.

The CoreStack establishes the foundational networking and shared persistent resources required for the application to run securely and efficiently.

VPC Architecture

We utilize a dedicated Virtual Private Cloud (VPC) to isolate our resources.

  • Private Subnets: Host sensitive resources like the Aurora Database, Valkey (Redis) Cluster, and App Runner VPC Endpoints. These subnets have egress access (via NAT Gateway) but no direct public ingress.
  • Public Subnets: Host resources that need direct internet access, such as NAT Gateways and the Bastion Host.
  • Availability Zones: The VPC spans multiple Availability Zones (AZs) for high availability.

Database (Aurora Serverless v2)

We use Amazon Aurora PostgreSQL Serverless v2 for the primary relational database.

  • Serverless Scaling: Automatically scales compute capacity based on demand (measured in ACUs - Aurora Capacity Units).
  • Security: Placed in private subnets, accessible only from the App Runner services (via VPC Connector) and the Bastion Host.
  • Secrets Manager: Credentials are automatically generated and stored in AWS Secrets Manager. The application retrieves these at runtime.

Caching (Valkey / Redis)

We use Amazon ElastiCache (Valkey) for caching and queue management.

  • Cluster Mode: Configured for high availability.
  • Private Access: Accessible only within the VPC.

Security Groups

Security groups act as virtual firewalls to strictly control traffic:

  • Database SG: Allows traffic on port 5432 only from the App Runner Security Group and Bastion Host.
  • Redis SG: Allows traffic on port 6379 only from the App Runner Security Group.
  • App Runner SG: Allows outbound traffic to fetch dependencies and connect to the database/cache.
  • Bastion SG: Allows SSH access (if configured) for secure database management.

Environment Configuration

The infrastructure is configured via environment variables in infra/aws/.env.

# AWS Configuration
INFRA_AWS_ACCOUNT=123456789012
INFRA_AWS_REGION=us-east-1

# Domain Configuration
INFRA_DOMAIN_NAME=example.com
INFRA_DOMAIN_API_NAME=api.example.com
INFRA_DOMAIN_ID_PUBLIC_HOST_ZONE_ID=Z00000000000000000000

AWS CDK

Infrastructure as Code using AWS CDK.

Database & Caching

Architecture of the persistence layer (Aurora & Valkey).

On this page

VPC ArchitectureDatabase (Aurora Serverless v2)Caching (Valkey / Redis)Security GroupsEnvironment Configuration