Infrastructure Security

Our infrastructure is built on AWS with security as a foundational design principle. Every component is deployed with isolation, encryption, and monitoring in mind.

Infrastructure Architecture

Aurelis Pricing Suite infrastructure architecture diagram showing AWS VPC with public and private subnets, CloudFront CDN, ECS containers, PostgreSQL database, and monitoring services

Network Architecture

  • VPC design with public and private subnets for strict network segmentation
  • Compute and data layers (ECS, RDS) deployed exclusively in private subnets with no direct internet access
  • Network Access Control Lists (NACLs) and Security Groups enforce fine-grained traffic rules
  • All inter-service communication occurs within the private network

Compute

  • Amazon ECS on EC2 instances in private subnets
  • No public IP addresses assigned to compute resources
  • Container images scanned for vulnerabilities before deployment
  • Automated patching and instance refresh policies

Database

  • PostgreSQL on EC2 in private subnet
  • Multi-AZ deployment for high availability
  • Encrypted storage using AES-256 via AWS KMS
  • Automated encrypted backups with configurable retention

Edge & CDN

  • Amazon CloudFront for frontend delivery with global edge caching
  • AWS WAF (Web Application Firewall) with managed rule sets
  • AWS Shield Standard for DDoS protection
  • TLS 1.2+ enforced on all edge connections

Load Balancing

  • Application Load Balancer (ALB) for API traffic routing
  • ALB deployed in private subnet, accessible only through CloudFront
  • Health checks and automatic failover for backend services

Region Flexibility

  • Infrastructure deployed in the client-chosen AWS region
  • All data remains within the selected region — no cross-region transfers
  • Regional deployment ensures compliance with data residency requirements