/
Key decisions (for Cloud Automation)

Key decisions (for Cloud Automation)

Owned by Nouman Memon
Last updated: Jun 02, 2022 by Mradul Jain
4 min read

This is an evolving initiative. This document holds our rough notes on principles and preferences on Cloud Automation strategy. Contact @Nouman Memon for details. Or ping us on Slack.

Infra As Code

Recomendation: Terraform ✅ Qualities: 🔘 Provisioning (Docker is taking care of configuration management already) 🔘 Cloud Agnostic / support 🔘 Immutable infrastructure 🔘 Declarative language 🔘 Client-only architecture (Masterless, Agentless) 🔘 Large communitiy support 🔰 Options → Terraform ✅ → CloudFormation → Ansible

Identity Provider

Recomendation: Keycloak ✅ Qualities: 🔘 Multi-tenancy support 🔘 Cost 🔘 Flexible 🔰 Options (starting with AWS) → Keycloak ✅ + Better Multi tenant support as compared to Cognito + Cloud Agnostic + Better MFA + Flexible + OpenSource + Community capibilities - Complex setup (we could still use it as AWS service) → AWS Cognito + Free 50K identity + Better integration with STS, Lambdas for events etc + Fully managed - Not much Flexible - Limitation on 1000 user pool per AWS account (hard for SaaS model) - LImitation in MFA (supports SMS) - AWS only - Cant scale for Multi-tenant → Ory (Hydra + Kratos) + Open source + Mature documenation and easy to setup - Setting up IDP integrated (OAuth + Identity) is difficult and limited - Have SaaS option (beta + bit pricy)

Container Management

Recomendation: EKS (EC2) ✅ Qualities: 🔘 Portability 🔘 Simple 🔘 Flexible 🔘 Future proof 🔘 Cost 🔰 Options (starting with AWS) → EKS (EC2) ✅ - with minikube for dev + Portable: Cloud agnostic platform investment (almost) + Flexibility + Future proof + High Abstraction: better expererience for development - Complex (needs experience) - Need configuration for integrating with AWS services (not complex though) - Might be a bit expensive (need to validate) e.g. control plane is not free (API server and etcd) → ECS (FARGATE) + Initial setup is very simple + Free control plane + Built in integration with AWS services - AWS only - Limiting for complex SaaS setup - Abstraction: Coupling with AWS services due to its out-of-box integration

Docker Registry

  • Create BahmniIndia account on dockerhub

  • Keep bahmni space on dockerhub for global

AWS Services

 

Helm Charts

 

Kubernetes Packaging Structure

CI/CD tools

 

Monitoring and Alerting

Topics to be discussed

  • Secrets manager

  • Monitoring and Alerting (Prometheus-Grafana)

 

Related content

Install Bahmni on AWS Kubernetes
Install Bahmni on AWS Kubernetes
Bahmni Wiki
More like this
Bahmni Lite - A lightweight opensource version of Bahmni
Bahmni Lite - A lightweight opensource version of Bahmni
Bahmni Wiki
Read with this
Pipelines Strategy
Pipelines Strategy
Bahmni Wiki
More like this
Bahmni support for Open Global Standards, Interoperability, OpenHIE - (2023 Roadmap)
Bahmni support for Open Global Standards, Interoperability, OpenHIE - (2023 Roadmap)
Bahmni Wiki
Read with this
Bahmni on Cloud
Bahmni on Cloud
Bahmni Wiki
More like this
Install Bahmni on Kubernetes Minikube for Development
Install Bahmni on Kubernetes Minikube for Development
Bahmni Wiki
Read with this

The Bahmni documentation is licensed under Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)