WardMitra - Infrastructure Architecture
This section is Deliverable 1 for WardMitra. It defines the recommended target-state infrastructure for SPWHI and breaks it into smaller pages so the team can review one decision area at a time.
Section guide
Read this section in the following order:
- Environments and network
- Compute platform
- Data, security, and observability
- Terraform and CI/CD foundation
- Rollout plan and open decisions
Architecture goals
The architecture should solve for the following:
- support dev, staging, and prod without manual drift
- move infrastructure management to Terraform as the single source of truth
- support reliable backend scaling beyond the current ad hoc deployment model
- isolate AI or heavy async workloads from the core API path
- provide a safer release path through GitHub Actions and staged environments
- improve secrets, backup, observability, and recovery readiness
Current state vs target state
| Area | Current pattern | Target pattern |
|---|---|---|
| Frontend | Manually deployed web hosting | React static build on S3 + CloudFront |
| Backend | Manually managed or limited-scale hosting | Node.js API on Amazon EKS |
| Environments | Weak separation | dev, staging, prod with clear promotion path |
| Infrastructure changes | Manual setup | Terraform-managed AWS resources |
| AWS auth from CI | Not standardized | GitHub Actions OIDC roles |
| Secrets | Ad hoc env management | SSM Parameter Store + selective Secrets Manager |
| Scaling | Limited, mostly manual | baseline node group + Karpenter burst scaling |
| Observability | Partial or inconsistent | Prometheus/Grafana, Loki, CloudWatch, alerts |
Recommended target-state architecture
Users
-> Route 53
-> CloudFront
-> S3 static site bucket for WardMitra web
-> Application Load Balancer
-> Amazon EKS
-> ward-mitra-api pods
-> admin/service pods
-> async worker pods
-> optional AI inference pods on isolated capacity
Amazon EKS
-> RDS PostgreSQL 15
-> PgBouncer
-> S3 media bucket
-> SQS queues for async processing
-> SSM Parameter Store / Secrets Manager via IRSA
Platform services
-> Prometheus + Grafana
-> Loki
-> CloudWatch / CloudTrail
-> ArgoCD in later delivery phases
High-level recommendation
WardMitra should move toward an AWS architecture centered on:
- S3 + CloudFront for the frontend
- EKS for backend and workers
- RDS PostgreSQL for core transactional data
- Terraform for all infrastructure changes
- GitHub Actions OIDC for CI authentication
- a stepwise rollout that starts simple enough for the current SPWHI team to operate
The most important delivery principle is not maximum complexity. It is building a platform that SPWHI's own team can safely run, review, and improve without depending on hidden manual steps.