# Introduction
# Architecture
Our recommendation is that you follow the AWS best practices, to ensure maximum security, scaleability and reliability.
We typically deploy using AWS ECS (Elastic Container Service), using Fargate servers, while separating into progressive deeper security levels using private subnets. We strongly discourage allowing any form of direct access to the application from the public Internet - not even with whitelisted IP addresses - and by preference use AWS Session Manager (opens new window).
# Scripted Provisioning
We recommend provisioning your infrastruacture using Cloudformation (opens new window) or Terraform (opens new window). Below we walk through using set of generic Cloudformation scripts to provision your system, but feel free to modify these scripts or use equivalent Terraform scripts instead.
TIP
The following section assumes a thorough understanding of AWS and Cloudformation. If you are not familiar with these AWS services, now would be a good time to explore the AWS leaning materials and tutorials.
In the following sections, we provision in several stages:
- Create the environment (VPC, Subnets, Security Groups, ECS Cluster, etc)
- Create the database (RDS)
- Prepare the DATP node as a Docker image (ECR)
- Deploy the Docker image to the cluster (ALB, ECS, Secrets, etc)