Data, security, and observability
This page groups the core platform services that support WardMitra reliability and governance.
Primary relational database
Use Amazon RDS for PostgreSQL 15 as the primary operational database target.
Recommended baseline:
- Multi-AZ for production
- automated backups enabled
- point-in-time recovery enabled
- PgBouncer for connection pooling
Legacy data migration
The current Aviel DB usage needs a dedicated migration assessment. Deliverable 1 should assume:
- schema review before final cutover design
- separate migration rehearsal in non-production
- rollback criteria defined before production migration
Document or non-relational store
Where document-style storage is still required, evaluate:
- MongoDB Atlas, if SPWHI wants a managed external service
- Amazon DocumentDB, if keeping more inside AWS is preferred
This decision can stay open in Deliverable 1, but the architecture should reserve room for it.
Object storage
Use S3 for:
- complaint photos and uploads
- exported reports
- model artifacts if AI workloads are introduced
- static web assets
Security and secrets baseline
Detailed policy work belongs to Deliverable 3, but the architecture should already assume the following baseline:
- IRSA for workload-level AWS access
- SSM Parameter Store for most config values
- Secrets Manager only where managed rotation is actually useful, especially database credentials
- least-privilege IAM roles
- WAF in front of the public ingress path
- CloudTrail and audit logging enabled
Observability baseline
Detailed monitoring playbooks will come later, but the target architecture should budget for:
- metrics with Prometheus and Grafana
- log aggregation with Loki or CloudWatch-backed equivalents
- alerting for application and infrastructure failure paths
- audit visibility for CI/CD and AWS control-plane changes
At minimum, the team should be able to answer:
- is the API healthy?
- are pods restarting or failing?
- is the database under pressure?
- did a recent deployment cause the issue?