/
Key decisions (for Cloud Automation)

Key decisions (for Cloud Automation)

This is an evolving initiative. This document holds our rough notes on principles and preferences on Cloud Automation strategy. Contact @Nouman Memon for details. Or ping us on Slack.

Infra As Code

Recomendation: Terraform βœ… Qualities: πŸ”˜ Provisioning (Docker is taking care of configuration management already) πŸ”˜ Cloud Agnostic / support πŸ”˜ Immutable infrastructure πŸ”˜ Declarative language πŸ”˜ Client-only architecture (Masterless, Agentless) πŸ”˜ Large communitiy support πŸ”° Options β†’ Terraform βœ… β†’ CloudFormation β†’ Ansible

Identity Provider

Recomendation: Keycloak βœ… Qualities: πŸ”˜ Multi-tenancy support πŸ”˜ Cost πŸ”˜ Flexible πŸ”° Options (starting with AWS) β†’ Keycloak βœ… + Better Multi tenant support as compared to Cognito + Cloud Agnostic + Better MFA + Flexible + OpenSource + Community capibilities - Complex setup (we could still use it as AWS service) β†’ AWS Cognito + Free 50K identity + Better integration with STS, Lambdas for events etc + Fully managed - Not much Flexible - Limitation on 1000 user pool per AWS account (hard for SaaS model) - LImitation in MFA (supports SMS) - AWS only - Cant scale for Multi-tenant β†’ Ory (Hydra + Kratos) + Open source + Mature documenation and easy to setup - Setting up IDP integrated (OAuth + Identity) is difficult and limited - Have SaaS option (beta + bit pricy)

Container Management

Recomendation: EKS (EC2) βœ… Qualities: πŸ”˜ Portability πŸ”˜ Simple πŸ”˜ Flexible πŸ”˜ Future proof πŸ”˜ Cost πŸ”° Options (starting with AWS) β†’ EKS (EC2) βœ… - with minikube for dev + Portable: Cloud agnostic platform investment (almost) + Flexibility + Future proof + High Abstraction: better expererience for development - Complex (needs experience) - Need configuration for integrating with AWS services (not complex though) - Might be a bit expensive (need to validate) e.g. control plane is not free (API server and etcd) β†’ ECS (FARGATE) + Initial setup is very simple + Free control plane + Built in integration with AWS services - AWS only - Limiting for complex SaaS setup - Abstraction: Coupling with AWS services due to its out-of-box integration

Docker Registry

  • Create BahmniIndia account on dockerhub

  • Keep bahmni space on dockerhub for global

AWS Services

Β 

Helm Charts

Β 

Kubernetes Packaging Structure

CI/CD tools

Β 

Monitoring and Alerting

Topics to be discussed

  • Secrets manager

  • Monitoring and Alerting (Prometheus-Grafana)

Β 

Related content

Install Bahmni on AWS Kubernetes
Install Bahmni on AWS Kubernetes
More like this
Bahmni Lite - A lightweight opensource version of Bahmni
Bahmni Lite - A lightweight opensource version of Bahmni
Read with this
Pipelines Strategy
Pipelines Strategy
More like this
Bahmni support for Open Global Standards, Interoperability, OpenHIE - (2023 Roadmap)
Bahmni support for Open Global Standards, Interoperability, OpenHIE - (2023 Roadmap)
Read with this
Bahmni on Cloud
Bahmni on Cloud
More like this
Install Bahmni on Kubernetes Minikube for Development
Install Bahmni on Kubernetes Minikube for Development
Read with this

The Bahmni documentation is licensed under Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)