Here we will describe what we need and also what we spin-up in a standard integration
We will request an IAM User from you on a fresh sub-account under your organisation. This allows us to create our environment via our provisioning scripts (built on terraform). You will have full control of what we create and all settings can be customised. We have a default set-up, but everything can be workshopped to suit your needs.
What we require from you
Fresh AWS Account
sub-account under your organisation
We will need one IAM user for that account. We can workshop the exact permissions needed. For staging we usually request AdministratorAccess, but this can also be customised.
Here is a list of the kind of resources we are using on AWS. We are happy to customise configurations on each of the resources.
Virtual Private Network
Different subnets for private, public, database, cache
AWS Security Groups
To ensure the right resources can access the right things
AWS NAT Gateway
Allows services can access the internet to be able to reach 3rd parties. For example, for sending emails
Managed Kubernetes by AWS
AWS RDS (Aurora MySQL)
Aurora running MySQL will be the main data store
AWS Elasticcache (Redis)
Used for caching some information for performance
AWS AutoScaling Group
Used so we can autoscale cluster nodes on the Kubernetes cluster
Only created via the autoscaling group. All will be running only the AWS EKS base image.
Used for exposing services outside of the cluster, either internal or public (with possible IP whitelist)