/
Key decisions (for Cloud Automation)
Key decisions (for Cloud Automation)
This is an evolving initiative. This document holds our rough notes on principles and preferences on Cloud Automation strategy. Contact @Nouman Memon for details. Or ping us on Slack.
Infra As Code
Recomendation: Terraform ✅
Qualities:
🔘 Provisioning (Docker is taking care of configuration management already)
🔘 Cloud Agnostic / support
🔘 Immutable infrastructure
🔘 Declarative language
🔘 Client-only architecture (Masterless, Agentless)
🔘 Large communitiy support
🔰 Options
→ Terraform ✅
→ CloudFormation
→ Ansible
Identity Provider
Recomendation: Keycloak ✅
Qualities:
🔘 Multi-tenancy support
🔘 Cost
🔘 Flexible
🔰 Options (starting with AWS)
→ Keycloak ✅
+ Better Multi tenant support as compared to Cognito
+ Cloud Agnostic
+ Better MFA
+ Flexible
+ OpenSource
+ Community capibilities
- Complex setup (we could still use it as AWS service)
→ AWS Cognito
+ Free 50K identity
+ Better integration with STS, Lambdas for events etc
+ Fully managed
- Not much Flexible
- Limitation on 1000 user pool per AWS account (hard for SaaS model)
- LImitation in MFA (supports SMS)
- AWS only
- Cant scale for Multi-tenant
→ Ory (Hydra + Kratos)
+ Open source
+ Mature documenation and easy to setup
- Setting up IDP integrated (OAuth + Identity) is difficult and limited
- Have SaaS option (beta + bit pricy)
Container Management
Recomendation: EKS (EC2) ✅
<