Infrastructure
This section provides a complete reference for the AosCloud AWS infrastructure layer. It covers every AWS resource required, Helm charts deployed to EKS, and the configuration needed to stand up a fully operational AosCloud environment.
Deployment Model
AosCloud runs on Amazon EKS with managed node groups. The infrastructure includes:
- AWS managed services — VPC, EKS cluster, Aurora PostgreSQL, ElastiCache Redis, DocumentDB, EFS, S3, CloudFront, KMS, Secrets Manager, and supporting services.
- Helm charts — Kubernetes workloads are deployed via Helm. The AOS application chart packages all microservices, while infrastructure charts (Istio, cert-manager, autoscaler, etc.) provide platform capabilities.
- Istio service mesh (ambient mode) — handles traffic routing and mTLS between services.
- rabbitmq-cluster-operator — provides RabbitMQ messaging within the cluster.
What This Section Covers
- All AWS services required and their roles in the system
- IAM roles, policies, and IRSA configuration for least-privilege access
- VPC networking, subnets, security groups, and endpoint requirements
- Full resource architecture with service-to-service data flows
- EKS cluster structure, node groups, and all deployed Helm charts
- Complete Helm values, sizing, and configuration references
This documentation provides everything needed for self-deployment of AosCloud on AWS. It assumes familiarity with AWS, Kubernetes, and Helm, but explains AosCloud-specific patterns and configurations in detail.
Azure deployment is deprecated. This documentation covers AWS only.
Reading Order
The pages in this section are designed to be consumed in sequence. Each page builds on concepts from the previous ones:
| # | Page | Description |
|---|---|---|
| 1 | Required AWS Services | Catalog of all AWS services used, grouped by function |
| 2 | IAM Roles and Policies | EKS Pod Identity / IRSA service accounts and permission boundaries |
| 3 | Networking Prerequisites | Single-VPC architecture, subnets, security groups, VPC endpoints |
| 4 | AWS Resource Architecture | Full topology diagram and resource-to-service mapping |
| 5 | Kubernetes Deployment Architecture | EKS cluster config, Helm charts, Istio mesh, pod-to-service mapping |
| 6 | Resource Sizing Guidelines | Instance types and scaling by fleet size tier |
| 7 | Helm Values Reference | Chart values, aws-values.yaml overrides, Secrets Manager integration |
| 8 | Environment Variables Reference | Per-service configuration, injection sources, inter-service dependencies |
Quick-start path: If you need to deploy immediately, start with pages 1–3 for prerequisites, then jump to page 5 (Kubernetes) for the Helm chart catalog. Use pages 7–8 for configuration reference.
Key AWS Services
The infrastructure provisions the following core services:
| Category | Services |
|---|---|
| Compute | EKS (managed node groups) |
| Networking | VPC, subnets, security groups, VPC endpoints, CloudFront (CDN), WAFv2 |
| Database | Aurora PostgreSQL (primary data store), DocumentDB (alert storage), ElastiCache Redis (caching) |
| Storage | S3 (artifacts, logs), EFS (persistent volumes) |
| Security | KMS (encryption), Secrets Manager (credentials), IAM (EKS Pod Identity / IRSA) |
| Messaging | Amazon SES (transactional email) |
| Monitoring | CloudWatch Logs |
| Deployment | ECR (container images) |
Related Documentation
- Architecture Diagrams — high-level system architecture
- Deployment Assets — legacy deployment procedures