/
Key decisions (for Cloud Automation)

Key decisions (for Cloud Automation)

This is an evolving initiative. This document holds our rough notes on principles and preferences on Cloud Automation strategy. Contact @Nouman Memon for details. Or ping us on Slack.

Infra As Code

Recomendation: Terraform ✅ Qualities: 🔘 Provisioning (Docker is taking care of configuration management already) 🔘 Cloud Agnostic / support 🔘 Immutable infrastructure 🔘 Declarative language 🔘 Client-only architecture (Masterless, Agentless) 🔘 Large communitiy support 🔰 Options → Terraform ✅ → CloudFormation → Ansible

Identity Provider

Recomendation: Keycloak ✅ Qualities: 🔘 Multi-tenancy support 🔘 Cost 🔘 Flexible 🔰 Options (starting with AWS) → Keycloak ✅ + Better Multi tenant support as compared to Cognito + Cloud Agnostic + Better MFA + Flexible + OpenSource + Community capibilities - Complex setup (we could still use it as AWS service) → AWS Cognito + Free 50K identity + Better integration with STS, Lambdas for events etc + Fully managed - Not much Flexible - Limitation on 1000 user pool per AWS account (hard for SaaS model) - LImitation in MFA (supports SMS) - AWS only - Cant scale for Multi-tenant → Ory (Hydra + Kratos) + Open source + Mature documenation and easy to setup - Setting up IDP integrated (OAuth + Identity) is difficult and limited - Have SaaS option (beta + bit pricy)

Container Management

Recomendation: EKS (EC2) ✅ <