Skip to main content

System overview

Atlas Infra is a shared AWS stack with one public edge, one shared ECS cluster, one Kafka backbone, and separate runtime surfaces for the three operator-facing workloads in this repository.

Runtime topology

LayerCurrent shape
Public ingressInternet-facing ALB in public subnets with host-header routing
ComputeECS/Fargate in private subnets
StreamingAmazon MSK with IAM + TLS
StoragePostgreSQL RDS for dashboard backend and S3 for optional Kafka exports
SecretsAWS Secrets Manager
ObservabilityCloudWatch logs, CloudWatch alarms, SNS, AWS Budgets

Request flow

Events ingestion API

The default ALB target group and the events_ingestion_host rule both route to the events ingestion ECS service. The service runs on the shared ECS cluster, reads its runtime config from Secrets Manager, and publishes telemetry to MSK.

Dashboard backend

Requests for dashboard_backend_host are routed to a dedicated ECS service and target group. The service receives configuration from a dedicated Secrets Manager secret and persists data in PostgreSQL RDS.

Kafka UI

Requests for kafka_ui_host are routed to a separate ECS service that connects to the same MSK cluster over IAM + TLS for operator inspection.

Shared building blocks

  • VPC: two availability zones, public and private subnets, NAT gateways, an S3 gateway endpoint, and workload-specific security groups.
  • ALB: one HTTPS edge with host-based routing for the three public hostnames used by Atlas workloads.
  • MSK: one Kafka cluster shared by the services in this repository, with outputs for internal and public IAM + TLS bootstrap brokers.
  • Monitoring: Container Insights, CloudWatch log groups, alarm wiring, and a budget alert flow through a shared operator email.

Current operating model

  • terraform/staging is the current active environment root, but its default naming still deploys the poc-atlas-dev shape.
  • terraform/prod uses the same module graph with production-oriented values such as private MSK placement, multi-VPC connectivity, and private RDS placement.
  • The repository provisions infrastructure only. The events ingestion API and dashboard backend images are expected to be built and pushed from their own application repositories.
tip

Use Environment model next if you need to understand why the staging directory and the environment = "dev" default are both present.