Architecture
ConsoleMe
ConsoleMe is a Python Tornado web application backed by Redis, DynamoDB, and (optionally) S3. For local development, our docker-compose-dependencies.yaml file can be used for local DynamoDB and Redis.
Hub and Spoke Model
ConsoleMe utilizes a hub and spoke architecture. The "Hub Account" is the account you have ConsoleMe on. The "Hub Role" (also called the "Central Role") is what ConsoleMe uses. This role is directly attached to the EC2 instances or ECS/K8s containers that ConsoleMe is running on. There is only one Hub Role per deployment of ConsoleMe.
There should be one "Spoke Role" on each of your AWS accounts, including on the Hub Account. ConsoleMe will use its Hub Role to assume the Spoke Roles across your various accounts to cache resources or update permissions.
The required IAM permissions for the Hub and Spoke roles are here.
The one exception to the hub-and-spoke model is when ConsoleMe is brokering credentials to roles, to either provide AWS console access or CLI credentials through Weep. In this case, ConsoleMe's Hub Role needs direct access to assume the requested role in order to broker credentials.
DynamoDB Tables
ConsoleMe makes use of several DynamoDB tables. If you plan to have a multi-region deployment of ConsoleMe, you must make these DynamoDB tables global in your production environment. The configuration of these tables is defined here.
Redis
Redis is used to cache content for quick retrieval by the frontend. By default, this information is cached in the default redis logical database (0).
Redis is also used by the Celery Beat scheduler and workers to negotiate and execute Celery tasks. By default, ConsoleMe will assign logical database 1 for this purpose.
Here is a non-exhaustive list of the common redis keys and expected values that you might find in your redis cache:
S3
Data typically stored to Redis can also be stored in S3. This is useful if you want to make use of this data outside of ConsoleMe, or if you want a way to quickly and easily restore data that isn't in Redis.
Last updated