Infrastructure Overview

Infrastructure Resources

Infrastructure resources for Drop project: deployment, monitoring, CI/CD.

Current Architecture (2026-03-06)

• Compute: AWS App Runner (eu-north-1) — drop-app (port 3000) and drop-api (port 3001)
• Database: PostgreSQL 16 on AWS RDS — db.t3.small, Multi-AZ enabled (db_multi_az = true), 30-day backup retention
• Job Queues: Redis (ElastiCache) + BullMQ — AML worker, notification dispatch (ADR-015)
• Secrets: AWS Secrets Manager — JWT_SECRET, BANKID_CLIENT_SECRET, DATABASE_URL, REDIS_URL, SENTRY_DSN
• Edge: Cloudflare — DNS, CDN, WAF (OWASP rules), DDoS protection, geo-block
• Registry: ECR — container images with vulnerability scanning
• Monitoring: CloudWatch + BetterStack + Sentry (see docs/infrastructure/MONITORING.md)
• Health check: GET /api/health — checked every 10s, 5s timeout, 3 retries

Directories

• terraform/ — Infrastructure as Code (AWS resources)
• monitoring/ — Monitoring configuration, alert rules
• cloudwatch/ — CloudWatch dashboards and log groups
• cloud-audit/ — AWS security audit results

Key Documents

• Deployment Architecture
• Deployment Guide
• DR Runbook
• CI/CD Pipeline
• Monitoring
• Environment Variables
• ADR-012: App Runner
• ADR-014: PostgreSQL-Only
• ADR-015: BullMQ + Redis