This chapter presents a brief overview of the environment setup, prerequisites, and security policies. 

It includes the following topics:

• Environment Setup
• Prerequisites
• Security
• Architecture Diagram

Environment Setup

• All application and database-related instances will be placed inside a Virtual Private Cloud (VPC) with each node in a different AZ, within the same region
• VPC
  • ECS - will be automatically created by CloudFormation scripts
  • EKS - will be automatically created after executing eksctl 
• AWS ACM service will be used for managing SSL certificates
• The database will be on Amazon RDS service
• We will use Docker images stored in ZERO Systems private Docker Registry (ECR repository)

Prerequisites

• An AWS account with privileges necessary to create and manage AWS Secrets Manager, EKS or ECS cluster, ACM certificate, RDS instance, EC2, S3 and VPC
• Install tools
  • awscli latest - https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html 
  • kubectl 1.23.x - https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html
  • eksctl latest - https://docs.aws.amazon.com/eks/latest/userguide/eksctl.html 
  • helm3 - https://helm.sh/docs/intro/install/
• Setup an AWS profile https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html
• Predefined values and configurations in AWS Secrets Manager. For details, see the Storing the Configuration File section in Preparation.
• Amazon RDS for SQL Server instance and its credentials. For details, see Database Setup.
• Availability of a valid ACM certificate 
• ZERO Connect license for cluster deployment (to be provided by ZERO Systems during the implementation project)
• Configuration files for automation and other scripts will be provided by ZERO Systems

Security

All communication between the parties is encrypted.

On ZERO Connect API, HTTPS is used. ZERO Connect talks to the database via an encrypted channel with authentication enabled.

Architecture Diagram