This repository contains the infrastructure as code (IaC) for deploying and managing My File. The platform provides secure document storage and sharing capabilities that can be customized for various organizational needs.
This infrastructure project is part of a larger ecosystem that includes:
- Infrastructure (this repository)
- API Service (separate repository)
- User Interface (separate repository)
The infrastructure is built using AWS CDK and provides the foundation for secure document storage, database management, and other cloud resources required to run the platform.
- Secure document storage and management
- Database infrastructure for case management
- Identity and access management
- Secure API endpoints
- Resource isolation and security controls
- Multi-environment support (development, staging, production)
- Infrastructure as Code: AWS CDK with TypeScript
- Database: PostgreSQL (Amazon RDS)
- Document Storage: Amazon S3
- API Gateway: AWS API Gateway
- Authentication: AWS Cognito
- Monitoring: CloudWatch
- Node.js (v16 or later)
- AWS CLI configured with appropriate credentials
- AWS CDK CLI installed (
npm install -g aws-cdk) - Docker (for local development)
- PostgreSQL client (for database migrations)
- Clone the repository:
git clone [repository-url]
cd [repository-name]- Install dependencies:
npm install- Copy the parameter template and configure your environment:
cp params.env.example params.env
# Edit params.env with your configuration- Bootstrap your AWS environment (if not already done):
cdk bootstrap- Deploy the infrastructure:
cdk deploy --allThe infrastructure is organized into several nested stacks within the main CDK stack:
- Account Resources Stack: Base AWS account setup including VPC configuration and shared resources
- RDS PostgreSQL Stack: Aurora/PostgreSQL database infrastructure with multi-AZ support
- Redis Elasticache Stack: Redis cluster for caching and session management
- API Stack: REST API infrastructure using API Gateway
- Cognito Auth Stack: User authentication and authorization infrastructure
- App Web UI Stack: Frontend application infrastructure with CloudFront distribution
- Web OpenAPI Stack: API documentation interface infrastructure
- Websocket API Stack: Real-time communication infrastructure with DynamoDB for connection management
- VPC configuration
- Network security groups
- Shared SSM parameters
- Production: Aurora PostgreSQL cluster with read replicas
- Non-Production: Single instance PostgreSQL
- Bastion host (in development environment)
- Security groups and subnet configurations
- Redis cluster configuration
- Security groups
- Subnet groups
- HTTP API Gateway
- API domain configuration
- CORS settings
- User pool configuration
- Authentication triggers
- OAuth/OpenID settings
- Custom domain setup
- S3 bucket for static assets
- CloudFront distribution
- WAF configuration (optional)
- S3 bucket for API documentation
- CloudFront distribution
- Domain configuration
- WebSocket API Gateway
- DynamoDB table for connection management
- Lambda handlers for WebSocket events
- SQS queue for broadcast messages
- Encryption at rest for all sensitive data
- Network isolation using VPC
- IAM roles and policies following least privilege principle
- Secure document storage with versioning
- Audit logging and monitoring
The infrastructure supports multiple environments through parameter files:
- Development
- Staging
- Production
Each environment can be configured separately using environment-specific parameters in params.env.
The infrastructure includes:
- CloudWatch dashboards
- Automated backups
- Alert configurations
- Resource monitoring
MIT License