Skip to main content

AWS Infrastructure Overview

This document provides a comprehensive overview of our infrastructure setup, focusing on our AWS organization structure, account management, and access procedures.

Most of our infrastructure is orchestrated through Laravel Vapor, which provisions and manages Lambda functions, API Gateways, and other serverless resources. A small subset of servers—specifically the Caddy servers responsible for automatic HTTPS and TLS termination—are provisioned and maintained using Laravel Forge.

AWS Organization Structure

Our AWS Organization (o-pjycxjtq3q) consists of 5 accounts, each serving a specific purpose. This multi-account strategy provides better security isolation, cost management, and operational boundaries.

Account Details

  • publica.la - management account

  • publica.la - misc

    • Account ID: 314863550469
    • Account email: engineering+aws_misc@publica.la
    • Purpose: This was our first AWS account. It currently lacks a specific purpose but still hosts some production workloads yet to be migrated. This is also where individual IAM users are created for engineers.

  • publica.la - production

  • publica.la - content intake

  • publica.la - staging & development

Account Access and Management

Getting Started

If you don't have AWS credentials yet, contact the Technical Team Leader or the CTO to request an IAM user account.

Account Switching Strategy

We use Account Switching to streamline operations and reduce the need for managing individual users in each account. Each engineer has a personal IAM user in the "publica.la - misc" account and uses Account Switching to access the other accounts.

Access Procedure

  1. Primary Login: First, sign in to "publica.la - misc" at this URL.

  2. Role Switching: Then, use the following shortcuts to switch roles into the other accounts:

Environment Roles

There are independent AWS Roles for each environment:

  • Staging & Development: MasterIn_StagingAndDevelopment_Admin role in account 243659051744
  • Production: MasterIn_Production_Admin role in account 375481448855
  • Content Intake: MasterIn_ContentIntake_Admin role in account 456023060357

Security and Password Policy

IAM Password Requirements

When creating a new password for your IAM user, ensure it meets these requirements:

  • Must be at least 40 characters long.
  • Must include at least one uppercase letter (A-Z).
  • Must include at least one lowercase letter (a-z).
  • Must include at least one number.
  • Must include at least one special character (!@#$%^&*()_+-=[]|').
  • Password expires after 180 days.
  • Users can change their own passwords.
  • Remember the last 24 passwords to prevent reuse.

Infrastructure Components

Core Services

Our infrastructure spans multiple AWS services across different accounts:

  • Compute: EC2 instances (Forge-managed Caddy servers) and Lambda functions managed by Laravel Vapor.
  • Storage: S3 buckets for content, artifacts, and backups
  • Databases: SingleStore cluster hosted in SingleStore-managed AWS accounts (no RDS instances) and DynamoDB tables
  • Content Delivery: CloudFront distributions used primarily to serve Farfalla JavaScript, CSS, and static images
  • Networking: VPCs, load balancers, security groups
  • Supporting Services: Additional AWS services such as SQS, SNS, CloudWatch Logs, EventBridge, and others as required

Environment Separation

  • Production: Critical services with high availability and strict change controls
  • Staging: Pre-production environment that mirrors production and is also used for occasional development and integration tasks
  • Content Intake: Isolated environment for content processing and ingestion

Getting Help

Troubleshooting Access Issues

Common issues and solutions:

  • Can't switch roles: Verify you're logged into the correct base account (314863550469)
  • Permission denied: Contact team lead to verify role assignments
  • Password policy errors: Review the password requirements above
  • Account locked: Contact team lead for account unlock procedures
X

Graph View