# Infrastructure You can consider this a very short introduction. A place to learn something about what you don't know, where to look, and what questions to ask. Our infrastructure is almost all declaratively defined in [infra](https://github.com/FSHTech/infra), using a combination of [OpenTofu](https://opentofu.org/) and [Terragrunt](https://terragrunt.com/). ## AWS AWS hosts almost everything that is in use. Infrastructure should be segmented at the account level by customer. Meaning, e.g. the `customers/ulster` account is completely distinct from the `customers/eugene` account. Internal resources are in accounts that start with `internal/`. `Aggregator` and `Prod` are legacy. They continue to host infrastructure, but should not be used for new things. Infra contains a `roster.hcl` file that outlines which users get access to which accounts at which roles. A production deployment uses: - ECS for the BE - S3 + Cloudfront for the FE - The rendering service, OPA, and grafana alloy are deployed via sidecars to the BE. - A serverless Aurora cluster serves as the BE - The entire setup is regionally resilient (at the DNS layer) A demo or preview deployment (anything that uses the `fsh previews` CLI) is simply an EC2 instance running docker compose. AWS handles much of its own routing through Route53, in zones that have been delegated to it by Cloudflare. ## Cloudflare Cloudflare is used for three things: - DNS - Internal docs hosting (their pages setup is very simple) - Access - What makes a demo deployment private All DNS is controlled via terraform. ## Grafana [Our Grafana instance](https://azurebear2702.grafana.net/). Application observability is in Grafana. This is automatically setup in the stack, and can be enabled in the jsonnet declarative configuration files.