Milliner provisions HAT infrastructure based on industry's best practices. Currently its tooling is focused on the Amazon AWS capabilities as the most advanced ones in the industry, however it could be adapted to different cloud providers with necessary features.
The solution consists of a set of nested templates that deploy the following:
— A tiered VPC with public, private and database subnets, spanning an AWS region and two availability zones. — Security groups controlling what services can be reached and from where — A highly available ECS cluster deployed across two Availability Zones in an Auto Scaling group. — A pair of NAT gateways (one in each zone) to handle outbound traffic. — Two interconnecting microservices deployed as ECS services (HAT and Milliner). — A set of RDS-based databases backing the microservices — An Application Load Balancer (ALB) to the public subnets to handle inbound traffic. — ALB host-based routes for each ECS service to route the inbound traffic to the correct service. — DNS routes set in Route53 pointing public domain names to the microservices — Centralized container logging with Amazon CloudWatch Logs. — CloudTrail based logging for security-related events such as role and security group changes, root account activity, as well as changes to CloudTrail settings