Infrastructure

Enfineo App Infrastructure Overview

Enfineo, in its commitment to delivering a top-tier financial platform, has adopted a cutting-edge infrastructure that prioritizes scalability, security, and reliability. Here's a comprehensive overview of the app's infrastructure components and their roles:

1. Encrypted AWS RDS Database:

• At the heart of Enfineo lies the AWS RDS Database, which offers seamless, reliable, and scalable storage solutions. The database is encrypted, ensuring data at rest remains confidential and safe from potential breaches.

2. AWS Security Services:

• AWS Security Hub: This provides a unified view of the security alerts and compliance status, aggregating data from various AWS services and automating security checks.

• AWS Inspector: A tool that automatically assesses applications for vulnerabilities or deviations from best practices, ensuring the app remains secure and compliant.

3. Container Management with AWS EKS:

• The use of the AWS Elastic Kubernetes Service (EKS) enables efficient container orchestration, ensuring that application components are appropriately scaled and managed. This service aids in deploying, managing, and scaling containerized applications using Kubernetes.

4. Service Mesh & Monitoring:

• mTLS with LinkerD: Mutual Transport Layer Security (mTLS) via LinkerD ensures secure service-to-service communication, authenticating both parties in the process.

• Prometheus Monitoring Stack: Integrated within the infrastructure, Prometheus offers powerful monitoring capabilities, capturing time-series data and providing vital metrics to ensure optimal performance.

5. Infrastructure Management:

• Enfineo employs Infrastructure as Code (IaC) using Terraform and Terraform Cloud. This means the entire infrastructure is codified and versioned, ensuring repeatability, consistency, and scalability. Any infrastructure changes are applied through code, ensuring transparency and traceability.

6. Message Queuing with AWS SQS:

• The encrypted AWS Simple Queue Service (SQS) facilitates message queuing, ensuring efficient communication and decoupling between microservices. This ensures that the system remains resilient and scalable.

7. Secret Management with AWS Secret Manager:

• Storing and retrieving secrets (like API keys or passwords) securely is crucial. AWS Secret Manager provides a centralized repository to manage sensitive information, with built-in encryption capabilities.

8. Continuous Integration and Deployment:

• Github Actions: This is used for automating workflows, ensuring that code changes are continuously integrated, tested, and deployed efficiently.

9. Security Scanning and Monitoring:

• Dependabot: Integrated for the mobile package, Dependabot continually scans for vulnerabilities in dependencies, ensuring the mobile component remains secure.

• Semgrep: This tool is employed for backend code scanning. Semgrep analyzes the backend codebase for potential vulnerabilities or anti-patterns, ensuring code quality and security.