Eggtive SPM Frontend infrastructure

The frontend is a React App built with Vite, hosted on S3 behind CloudFront and Route53. OAC secures the private S3 buckets by allowing only the CloudFront distribution to access its contents, keeping the content secure. Infrastrcture related config details are injected at runtime via a config.json

Eggtive SPM Backend infrastructure

The backend of SPM runs on EC2 instances. One running the application server itself, one running the keycloak server and one running prometheus for metrics. Logs are ingested via CloudWatch Unified Agent, pointing at the /var/log/service.log files. So when the Java app or Keycloak writes to stdout/stderr, systemd writes the service stdout/stderr to a log file, and the CloudWatch agent picks it up from there. Internally, all the network is routed via VPC endpoints traffic stays within the AWS Network, and none have to traverse the internet. The only time traffic goes over the internet is when client side react makes api calls to the servers, and once the request hits the ALB it's all internal. The application server validates the JWT against the Keycloak server.

Eggtive SPM Application CICD Pipeline

The CI/CD pipeline for the application is enabled via OIDC federation, meaning there's no need for long-lived keys to be on github. Github actions is able to compile the 2 source code (frontend react and backend springboot apps) and uploads the respective artifacts into th S3 bucket in the correct workload account per environment (dev/prod/customer's)