Add system architecture diagram (#494)

Most projects need a system architecture diagram that they can review with a security team in order to get the authority to deploy their system to production. This change adds a template system architecture diagram in Lucid.
navapbc · Dec 12, 2023 · 66415a3 · 66415a3
1 parent d7fa769
commit 66415a3
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/docs/system-architecture.md b/docs/system-architecture.md
@@ -0,0 +1,21 @@
+# System Architecture
+
+This diagram shows the system architecture. [🔒 Make a copy of this Lucid template for your own application](https://lucid.app/lucidchart/8851888e-1292-4228-8fef-60a61c6b57e7/edit).
+
+![System architecture](https://lucid.app/publicSegments/view/e5a36152-200d-4d95-888e-4cdbdab80d1b/image.png)
+
+* **Access Logs** — Amazon S3 bucket storing the application service's access logs.
+* **Alarms SNS Topic** — SNS topic that notifies the incident management service when an alarm triggers.
+* **Application Load Balancer** — Amazon application load balancer.
+* **Aurora PostgreSQL Database** — Amazon Aurora Serverless PostgreSQL database used by the application.
+* **Build Repository ECR Registry** — Amazon ECR registry that acts as the build repository of application container images.
+* **CloudWatch Alarms** — Amazon CloudWatch Alarms that trigger on errors and latency.
+* **CloudWatch Evidently Feature Flags** — Amazon CloudWatch Evidently service that manages feature flags used by the application to manage feature launches.
+* **Database Role Manager** — AWS Lambda serverless function that provisions the database roles needed by the application.
+* **GitHub** — Source code repository. Also responsible for Continuous Integration (CI) and Continuous Delivery (CD) workflows. GitHub Actions builds and deploys releases to an Amazon ECR registry that stores Docker container images for the application service.
+* **Incident Management Service** — Incident management service (e.g. PagerDuty or Splunk On-Call) for managing on-call schedules and paging engineers for urgent production issues.
+* **Service** — Amazon ECS service running the application.
+* **Terraform Backend Bucket** — Amazon S3 bucket used to store terraform state files.
+* **Terraform Locks DynamoDB Table** — Amazon DynamoDB table used to manage concurrent access to terraform state files.
+* **VPC Endpoints** — VPC endpoints are used by the Database Role Manager to access Amazon Services without traffic leaving the VPC.
+* **VPC Network** — Amazon VPC network.