1. Architecture

The KatApp backend is deployed on AWS as a FaaS architecture. However, additional components are required to host the dashboard and the other applications.

The diagram below visualises the architecture on AWS.

AWS Architecture AWS Architecture

Devices

The devices that access the backend are on the left-hand side. On the one hand, this is the KatApp Android or iOS app, which is responsible for triages. The second is the KatApp Dashboard, which is responsible for visualising the triages and disasters in the browser.

DNS

In order to be able to use our domain (katapp.org), we need corresponding DNS entries. These are created fully automatically during deployment in AWS Route 53, provided the domain has already been purchased.

SSL

In order to encrypt our data traffic, we need SSL certificates for our domains. These are provided by the AWS Certificate Manager.

Website

We use a combination of AWS CloudFront and AWS S3 storage to provide our websites (dashboard, swagger and documentation).

The website is stored in an AWS S3. AWS CloudFront acts as a content delivery network for the fast, global provision of our website. As AWS CloudFront has a caching period of 24 hours, the CloudFront cache must be invalidated during an update/deployment. This is done automatically in the respective pipeline.

API

We use the AWS API Gateway to provide our API. This provides both the REST API and the Websocket API.

However, the API Gateway does not contain any business logic, but merely forwards the requests to the corresponding Lambda functions. Depending on the function, the corresponding AWS Dynamo DB databases or AWS S3 storage is accessed to execute the business logic.

Access Management

For security reasons, a corresponding user is automatically created for each deployment pipeline and stage during deployment. The users are stored in AWS IAM.

Deployment

All of our source code for the backend, app and websites is stored on GitHub.

The website is built in the frontend and docs pipeline, loaded onto the corresponding AWS S3 storage, and the AWS CloudFront cache is invalidated.

We use the AWS CDK to deploy the infrastructure. This creates all the resources already shown fully automatically.