/
Key decisions (for Cloud Automation)
Key decisions (for Cloud Automation)
This is an evolving initiative. This document holds our rough notes on principles and preferences on Cloud Automation strategy. Contact @Nouman Memon for details. Or ping us on Slack.
Infra As Code
Recomendation: Terraform ✅
Qualities:
🔘 Provisioning (Docker is taking care of configuration management already)
🔘 Cloud Agnostic / support
🔘 Immutable infrastructure
🔘 Declarative language
🔘 Client-only architecture (Masterless, Agentless)
🔘 Large communitiy support
🔰 Options
→ Terraform ✅
→ CloudFormation
→ Ansible
Identity Provider
Recomendation: Keycloak ✅
Qualities:
🔘 Multi-tenancy support
🔘 Cost
🔘 Flexible
🔰 Options (starting with AWS)
→ Keycloak ✅
+ Better Multi tenant support as compared to Cognito
+ Cloud Agnostic
+ Better MFA
+ Flexible
+ OpenSource
+ Community capibilities
- Complex setup (we could still use it as AWS service)
→ AWS Cognito
+ Free 50K identity
+ Better integration with STS, Lambdas for events etc
+ Fully managed
- Not much Flexible
- Limitation on 1000 user pool per AWS account (hard for SaaS model)
- LImitation in MFA (supports SMS)
- AWS only
- Cant scale for Multi-tenant
→ Ory (Hydra + Kratos)
+ Open source
+ Mature documenation and easy to setup
- Setting up IDP integrated (OAuth + Identity) is difficult and limited
- Have SaaS option (beta + bit pricy)
Container Management
Recomendation: EKS (EC2) ✅
Qualities:
🔘 Portability
🔘 Simple
🔘 Flexible
🔘 Future proof
🔘 Cost
🔰 Options (starting with AWS)
→ EKS (EC2) ✅ - with minikube for dev
+ Portable: Cloud agnostic platform investment (almost)
+ Flexibility
+ Future proof
+ High Abstraction: better expererience for development
- Complex (needs experience)
- Need configuration for integrating with AWS services (not complex though)
- Might be a bit expensive (need to validate) e.g. control plane is not free (API server and etcd)
→ ECS (FARGATE)
+ Initial setup is very simple
+ Free control plane
+ Built in integration with AWS services
- AWS only
- Limiting for complex SaaS setup
- Abstraction: Coupling with AWS services due to its out-of-box integration
Docker Registry
Create BahmniIndia account on dockerhub
Keep bahmni space on dockerhub for global
AWS Services
Helm Charts
Kubernetes Packaging Structure
CI/CD tools
Monitoring and Alerting
Topics to be discussed
Secrets manager
Monitoring and Alerting (Prometheus-Grafana)
, multiple selections available,
Related content
Install Bahmni on AWS Kubernetes
Install Bahmni on AWS Kubernetes
More like this
Bahmni Lite - A lightweight opensource version of Bahmni
Bahmni Lite - A lightweight opensource version of Bahmni
Read with this
Pipelines Strategy
Pipelines Strategy
More like this
Bahmni support for Open Global Standards, Interoperability, OpenHIE - (2023 Roadmap)
Bahmni support for Open Global Standards, Interoperability, OpenHIE - (2023 Roadmap)
Read with this
Bahmni on Cloud
Bahmni on Cloud
More like this
Install Bahmni on Kubernetes Minikube for Development
Install Bahmni on Kubernetes Minikube for Development
Read with this
The Bahmni documentation is licensed under Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)