New Infrastructure Providing a Centralized System to Manage and Access the Network
The project be best explained by the following sections:
Government Compliance and Security Standards
The leverages on the use of AWS accounts and compartments (VPC) to ensure that internet and intranet traffic is properly managed based on the AIAS standards.
Common Infrastructure
Common infrastructure provides a centralised way of managing ACRA’s network and workloads.
We have 6 different compartments created for common infra, they are:
- Intranet DMZ - Consists of Ingress, Egress and GUT components for Intranet zone.
- Internet DMZ - Consists of Ingress, Egress and GUT components for Internet zone. This is the only compartment that is associated with Internet Gateway.
- Internet Common Service (Integration Tier) - Consists of API Gateway and Relay infra for Internet zone.
- Intranet Common Service (Integration Tier) - Consists of API Gateway and Relay infra for Intranet zone.
- Management - Consists of common AD servers and management related services
- DevOps - consists of common test servers and DevOps facilities. (With future plan to integrate with SHIP and HATS)
The integration tier leverages on the use of the Amazon API gateway to perform authentication, authorisation and payload inspection. Centralisation of the API gateway of all applications allows for easy onboarding of additional applications.
Project Level Segregation - Billing and Access Management
AWS accounts are used to provide billing and access segregation to the appropriate project teams.
Each application has its own AWS account and they have minimally 2 compartments (UAT and Production) in Internet or Intranet zone or both. For now, we have 7 ACRA applications and systems onboarded to GCC, namely:
- Variable Capital Companies (VCC) Portal
- ACRA API Mall
- BizFinx Portal
- SRMS
- eRegistry
- iKnow
- RITES
A special test account, i.e. ITPG Lab has also been created for pilot project and trial usage.