gitea_admin/qvest-task
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
685de1816d
qvest-task/docs/diagrams/aws-infrastructure.md
gitea_admin 685de1816d feat: implement update automation and backup system with CI tests (#1) 
- Diun monitors Docker images
- Automated updates for nginx, manual approval for gitea/postgres
- Weekly cert renewal automation via cron
- Health checks with automatic rollback on failure
- AWS SES email notifications on update failures
- Daily S3 backups + pre-update snapshots
- Integration tests with Gitea Actions quality gate
- Change domain from gitea.poll-streams.com to git.poll-streams.com
- Add diagrams
2026-06-11 15:51:48 +00:00

60 lines
2.9 KiB
Markdown
Raw Blame History

# AWS Infrastructure Diagram
This diagram shows the high-level AWS resources and their relationships.
```mermaid
%%{init: {'theme':'base', 'themeVariables': { 'primaryColor':'#e5e7eb','primaryTextColor':'#111827','primaryBorderColor':'#9ca3af','lineColor':'#111827','secondaryColor':'#d1d5db','tertiaryColor':'#f3f4f6','edgeLabelBackground':'#ffffff','mainBkg':'#f5f5f4','nodeBorder':'#9ca3af','background':'#f5f5f4','clusterBkg':'transparent'},'themeCSS':'.node rect, .node circle, .node ellipse, .node polygon, .node path { filter: none !important; box-shadow: none !important; } .cluster rect { filter: none !important; box-shadow: none !important; } svg { background-color: #f5f5f4 !important; } .cluster-label { background-color: #ffffff !important; padding: 6px 12px !important; border-radius: 4px !important; font-size: 16px !important; font-weight: 700 !important; box-shadow: 0 1px 3px rgba(0,0,0,0.12) !important; border: 1px solid #d1d5db !important; } .edgePath, .edgePath path, .flowchart-link { z-index: 1 !important; }'}}%%
graph TB
Internet([Internet/Users])
Route53[Route 53<br/>DNS]
EC2[EC2 Instance<br/>Docker Host + Runners]
S3[(S3 Bucket<br/>Backups)]
Secrets[AWS Secrets Manager<br/>DB/Admin Credentials]
IAM[IAM Role<br/>EC2 Permissions]
Internet -->|HTTPS| Route53
Route53 -->|DNS Resolution| EC2
EC2 -->|Backup Upload| S3
EC2 -->|Fetch Credentials| Secrets
IAM -.->|Attached to| EC2
EC2 -->|Update Runner Token| Secrets
subgraph AWS["AWS Account"]
subgraph VPC["VPC"]
EC2
end
Route53
S3
Secrets
IAM
end
style AWS fill:#e5e7eb,stroke:#4b5563,stroke-width:2px,stroke-dasharray: 5 5
style VPC fill:#d1d5db,stroke:#4b5563,stroke-width:2px,stroke-dasharray: 5 5
style EC2 fill:#10B981,stroke:#333,stroke-width:1px,color:#fff
style S3 fill:#F97316,stroke:#333,stroke-width:1px,color:#fff
style Route53 fill:#6366F1,stroke:#333,stroke-width:1px,color:#fff
style Secrets fill:#8B5CF6,stroke:#333,stroke-width:1px,color:#fff
style IAM fill:#F59E0B,stroke:#333,stroke-width:1px,color:#fff
```
## Components
- **Route 53**: DNS service that points domain to EC2 instance
- **EC2 Instance**: Single VM running Docker containers + 2 Gitea Actions runners (systemd services)
- **S3 Bucket**: Storage for database and application backups (with versioning)
- **AWS Secrets Manager**: Stores DB credentials, admin credentials, SES SMTP credentials, runner tokens
- **IAM Role**: EC2 instance profile with permissions for S3, Secrets Manager read/update
- **VPC**: Isolated network containing EC2 instance
## Traffic Flow
1. User accesses `git.poll-streams.com`
2. Route 53 resolves to EC2 public IP
3. Request hits EC2 (nginx handles SSL, proxies to Gitea)
4. EC2 regularly backs up data to S3
5. Ansible fetches credentials from Secrets Manager during deployment
6. Gitea generates runner token via API, stored back in Secrets Manager
Reference in New Issue View Git Blame Copy Permalink