AWS Architecture

Each app is placed in one region which is chosen at app creation time.

VPCs & Regions

Tapitalee sets up a VPC in each region being used. All apps are placed into this one VPC.

Apps are separated by security groups and IAM policies.

Add-On resources (databases, etc) are restricted to containers and EC2 instnaces attached to the app.

Each app has one ECS Fargate Cluster created (which has no cost while idle).

App Processes

Each app starts with one process called “default”, which is for servers facing the Internet, usually a web server.

You can create other processes eg. for running background workers.

Each process is an ECS Fargate Service.

Process Deployment Independence

When deploying your application, each process is deployed independently:

• Separate Deployments: Each process gets its own deployment operation
• Isolated Failures: If one process fails to deploy, others continue
• Independent Rollbacks: Failed processes rollback individually without affecting successful deployments
• Mixed Versions: Your app can run with different processes on different versions

This architecture ensures maximum resilience and allows partial deployments to succeed even when individual components fail.

Security

Databases, filesystems, and other add-ons are attached to one app and this automatically creates and maintains security groups and IAM security policies, restricting access to these add-ons to the services, tasks, and EC2 instances with the app.

Some add-ons can be shared with other apps, which automatically adds the required security group entries.

Tasks (short-lived processes)

Short-lived commands can be run in their own containers, they run in the ECS cluster as an ECS Task.

They have access to the same set of resources as the rest of the app.

Console sessions are also a type of task.