Infrastructure Diagrams

​

System Architecture

​

Core Middleware Infrastructure

​

Key Components

TLS Certificate

• Provides secure HTTPS connections to the application
• Encrypts data in transit between clients and the application
• Managed through AWS Certificate Manager

DNS Configuration

• Hosted Zone: Manages DNS records for the domain
• Core Hosted Zone: Specific DNS configuration for the core middleware services
• Routes external traffic to the appropriate AWS services

Network Architecture

• VPC (Virtual Private Cloud): Isolated network environment for TextLayer Core resources
• Subnets:
  • Public Subnets: Host internet-facing resources like the Application Load Balancer
  • Private Subnets: Host protected resources like the Web Service, providing an additional security layer

Security Components

• ALB Security Group: Controls traffic to and from the Application Load Balancer
• Service Security Group: Governs access to the Web Service, allowing only necessary connections

Application Components

• Application Load Balancer: Distributes incoming traffic across multiple targets for improved availability
• Web Service: Core application service running in containers within the private subnet
• Container Registry: Stores and manages Docker container images used by the Web Service

Monitoring and Logging

• CloudWatch Log Group: Centralized logging solution for application and infrastructure logs
• Enables monitoring, alerting, and troubleshooting of the entire stack

​

Data Flow

1. External requests reach the system through HTTPS, secured by TLS certificates
2. DNS routes the traffic to the Application Load Balancer in the public subnet
3. The ALB forwards requests to the Web Service running in the private subnet
4. The Web Service pulls container images from the Container Registry when needed
5. All components write logs to CloudWatch for monitoring and troubleshooting

​

Network Topology

​

Security Zones