Key decisions (for Cloud Automation)

Owned by Nouman Memon
Last updated: Jun 02, 2022 by Mradul Jain
4 min read

This is an evolving initiative. This document holds our rough notes on principles and preferences on Cloud Automation strategy. Contact @Nouman Memon for details. Or ping us on Slack.

Infra As Code

Recomendation: Terraform āœ… Qualities: šŸ”˜ Provisioning (Docker is taking care of configuration management already) šŸ”˜ Cloud Agnostic / support šŸ”˜ Immutable infrastructure šŸ”˜ Declarative language šŸ”˜ Client-only architecture (Masterless, Agentless) šŸ”˜ Large communitiy support šŸ”° Options ā†’ Terraform āœ… ā†’ CloudFormation ā†’ Ansible

Identity Provider

Recomendation: Keycloak āœ… Qualities: šŸ”˜ Multi-tenancy support šŸ”˜ Cost šŸ”˜ Flexible šŸ”° Options (starting with AWS) ā†’ Keycloak āœ… + Better Multi tenant support as compared to Cognito + Cloud Agnostic + Better MFA + Flexible + OpenSource + Community capibilities - Complex setup (we could still use it as AWS service) ā†’ AWS Cognito + Free 50K identity + Better integration with STS, Lambdas for events etc + Fully managed - Not much Flexible - Limitation on 1000 user pool per AWS account (hard for SaaS model) - LImitation in MFA (supports SMS) - AWS only - Cant scale for Multi-tenant ā†’ Ory (Hydra + Kratos) + Open source + Mature documenation and easy to setup - Setting up IDP integrated (OAuth + Identity) is difficult and limited - Have SaaS option (beta + bit pricy)

Container Management

Recomendation: EKS (EC2) āœ… Qualities: šŸ”˜ Portability šŸ”˜ Simple šŸ”˜ Flexible šŸ”˜ Future proof šŸ”˜ Cost šŸ”° Options (starting with AWS) ā†’ EKS (EC2) āœ… - with minikube for dev + Portable: Cloud agnostic platform investment (almost) + Flexibility + Future proof + High Abstraction: better expererience for development - Complex (needs experience) - Need configuration for integrating with AWS services (not complex though) - Might be a bit expensive (need to validate) e.g. control plane is not free (API server and etcd) ā†’ ECS (FARGATE) + Initial setup is very simple + Free control plane + Built in integration with AWS services - AWS only - Limiting for complex SaaS setup - Abstraction: Coupling with AWS services due to its out-of-box integration

Docker Registry

  • Create BahmniIndia account on dockerhub

  • Keep bahmni space on dockerhub for global

AWS Services

Ā 

Helm Charts

Ā 

Kubernetes Packaging Structure

CI/CD tools

Ā 

Monitoring and Alerting

Topics to be discussed

  • Secrets manager

  • Monitoring and Alerting (Prometheus-Grafana)

Ā 

The Bahmni documentation is licensed under Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)