Developers
AWS Topology
Accounts, regions, VPCs, ALB/CloudFront, Route53, and security groups.
AWS Topology
Sentinel runs on AWS across multiple accounts with strict network segmentation and geo-restricted access.
Accounts
| Role | Account ID | Region | Purpose |
|---|---|---|---|
| Management | 664224997032 |
ap-south-1 |
Route53, IAM, Terraform state, Jenkins |
| Development | — | ap-south-1 |
Dev workloads, sandbox |
| Production | — | ap-south-1 |
Live workloads, customer data |
Network Architecture
Internet
│
▼
CloudFront CDN (dev: sentinel-dev.centricitywealth.tech)
│
▼
External ALB (HTTPS, WAF)
│
├──► ECS Fargate: sentinel (frontend)
├──► ECS Fargate: studio-middleware
├──► ECS Fargate: nexus-backend
├──► ECS Fargate: zen-chatbot
├──► ECS Fargate: agentic-backend
└──► ... (other services)
│
▼
Internal ALB (private subnets)
│
├──► MongoDB (DocumentDB)
├──► PostgreSQL (RDS)
├──► OpenSearch
└──► Redis (ElastiCache)
Route53
| Record | Target | Notes |
|---|---|---|
sentinel.centricitywealth.tech |
Prod ALB | Live app |
sentinel-dev.centricitywealth.tech |
Dev CloudFront | Dev environment |
sentinel-ai-platform.centricitywealth.tech |
GitHub Pages | Documentation |
jenkins-dashboard.centricitywealth.tech |
Jenkins ALB | CI/CD |
Hosted zone: Z08590081H9KT0BUGB1O9 (Management account)
Security Groups
| Group | Ingress | Egress |
|---|---|---|
alb-external |
443 from CloudFront | All to ECS |
ecs-services |
From ALB only | All to internal services |
db-documentdb |
27017 from ECS only | None |
db-postgres |
5432 from ECS only | None |
cache-redis |
6379 from ECS only | None |
Geo-Restriction
Dev CloudFront: India only (IN).
Prod ALB: No geo-restriction (global access).