LogoDev portal

DevOps Infrastructure

Comprehensive overview of iMBrace DevOps Infrastructure and its documentation set for AWS Private Cloud deployments

iMBrace DevOps Infrastructure Overview

Introduction

The iMBrace DevOps Infrastructure documentation set provides a comprehensive guide to deploying, configuring, and managing the iMBrace Platform within a Private Cloud environment on AWS.
It covers everything from infrastructure provisioning and system setup to automated application deployment using Ansible, Docker, and AWS CLI.

The documentation package is structured into distinct parts for various deployment models:

  • Standard Private Cloud Single Node Deployment Guide — Single-node setup for testing or on-premise use.
  • Standard Private Cloud HA Deployment Guide — Multi-node High Availability (HA) setup with EC2 instances, load balancers, and distributed services.
  • Standard HA Infra Configuration and Provision Guide on AWS — AWS resource provisioning guide including VPC, ALB/NLB, RDS, ElastiCache, MSK, IAM, and Bedrock configuration.
  • iMBrace Platform Environment Specification — Hardware, OS, software dependencies, and environmental standards for both single and HA configurations.
  • ALB and NLB Config.xlsx — Reference sheet for listener rules and target group mappings.

Infrastructure Architecture

Overall Design

The iMBrace infrastructure follows a multi-layer architecture designed for scalability, security, and high availability.

  • Public Layer (OnServer Nodes)
    Hosts public-facing applications such as app-gateway, backend, dashboard, marketplace, chat-widget, and wfconnectorservice.

  • Private Layer (Engine Nodes)
    Hosts backend services and core logic components such as ai-service, aiv2, and workflow-engine.

  • Load Balancing & Networking Layer

    • AWS Application Load Balancer (ALB): Handles HTTPS traffic for public-facing web services.
    • AWS Network Load Balancer (NLB): Routes internal traffic to engine servers.
    • AWS Route 53: Manages both public (*.io) and private (*.lan) DNS zones.

  • Data Layer

    • MongoDB Atlas (or local MongoDB container)
    • PostgreSQL RDS
    • ElastiCache Redis
    • Apache Kafka / AWS MSK

  • AI & Search Layer

    • AWS Bedrock: Provides access to LLMs (Titan, Llama 4).
    • MeiliSearch: Lightweight full-text search engine installed on engine nodes.

⚙️ DevOps Workflow

1. Local Environment Setup

  • Install dependencies: git, ansible, python3, sops, awscli, VSCode.
  • Retrieve and decrypt credentials (GitLab, IAM keys, SSH private key).
  • Configure AWS CLI profile: 
    aws configure --profile imbrace

2. Repository Management

  • Clone repositories from GitLab (private-cloud-single or private-cloud-ha): 
    git clone https://gitlab.com/imbraceco/partners/private-cloud-single.git
# or
git clone https://gitlab.com/imbraceco/partners/private-cloud-ha.git
  • Checkout the develop branch and pull the latest commits: 
    cd private-cloud-*/    # enter the cloned repo
git fetch --all
git checkout develop
git pull
  • Main directories include:
    • ai-service
    • aiv2
    • app-gateway
    • backend
    • chat-widget
    • dashboard
    • wfconnectorservice
    • workflow-engine

3. Infrastructure Provisioning

  • Execute Ansible playbooks from the repo’s ansible/ directory:
    • Install required system packages: 
      ansible-playbook -i hosts ansible/sysinit-alux.yml
    • Configure AWS & GitLab credentials: 
      ansible-playbook -i hosts ansible/set-credentials.yml
    • Clone repositories on target servers: 
      ansible-playbook -i hosts ansible/clone-repo.yml
    • Deploy containerized system components: 
      ansible-playbook -i hosts ansible/site-deploy-remote.yml

4. Application Configuration

  • Decrypt, update, and re-encrypt .env files using SOPS: 
    export AWS_PROFILE=imbrace

# decrypt
sops -d ai-service/secrets.enc.env > ai-service/secrets.env

# edit ai-service/secrets.env as needed
# e.g. MONGODB_URI=..., AWS_ACCESS_KEY_ID=..., AWS_SECRET_ACCESS_KEY=..., WORKFLOW_URL=..., AWS_S3_BUCKET=..., AWS_S3_URL=...

# re-encrypt
sops -e ai-service/secrets.env > ai-service/secrets.enc.env
  • Update AWS keys, Mongo URIs, workflow endpoints, S3 buckets, etc. for each app directory.
  • Commit and push configuration changes to GitLab: 
    git add .
git commit -m "chore(config): update env and secrets"
git push

5. Application Deployment

  • SSH into each server and synchronize files: 
    # on each target server
sh /opt/imbrace/repos/<repo-name>/ansible/files/sync-files.sh
  • Define service mappings in app_mapping.txt (example): 
    # Format: <folder> <service>
app-gateway app-gateway
backend backend
chat-widget chat-widget
dashboard dashboard
wfconnectorservice wfconnectorsvc
ai-service ai-service
aiv2 ai-v2
workflow-engine workflow
  • Start application containers: 
    # on each target server
sh deploy-apps.sh
  • Restart the Nginx proxy: 
    docker restart nginx-proxy

☁️ AWS Resource Stack

The following components are provisioned for the HA environment:

ComponentAWS ServiceRole
Domain & DNSRoute53Public + Private Zone
SSLACMWildcard Certificate
ComputeEC2OnServer & Engine nodes
Load BalancerALB, NLBPublic/Private Load Balancing
DatabaseRDS PostgreSQLWorkflow & backend data
CacheElastiCache RedisSession & caching
StreamingMSK KafkaEvent streaming
Object StorageS3App data & logs
AIBedrockLLM APIs
SearchMeiliSearchFull-text search engine

Security & Management

  • IAM Role-based Authentication between EC2 ↔ MSK ↔ Bedrock.
  • Encrypted credentials managed through sops and AWS KMS.
  • Network isolation enforced via dedicated VPCs with separated engine/onserver subnets.
  • Logging & monitoring handled through AWS CloudWatch and S3 logs (MSK, ALB).

DevOps Infrastructure Documentation Includes

DocumentDescription
Standard Private Cloud Single Node Deployment GuideWorkflow for deploying iMBrace on a single node — ideal for PoC or on-prem environments.
Standard Private Cloud HA Deployment GuideHA (multi-node) deployment guide using Ansible, Nginx proxy, Kafka CLI, and MeiliSearch.
Standard HA Infra Configuration & Provision Guide on AWSFull AWS resource provisioning: Route53, ALB, NLB, SG, IAM, RDS, Redis, MSK, Bedrock.
iMBrace Platform Environment SpecificationHardware and software requirements, OS setup, Docker, GPU configuration, networking, firewall, and IAM.
ALB and NLB Config.xlsxDetailed domain ↔ target group ↔ listener rule mappings across the system.

Purpose of the DevOps Infrastructure Documentation

This documentation helps DevOps engineers and system administrators:

  • Standardize the deployment of iMBrace infrastructure on AWS Private Cloud environments.
  • Automate provisioning & deployment using Ansible, reducing manual operations.
  • Easily replicate or scale the infrastructure for new customers.
  • Ensure security, HA (High Availability), and stability for the entire system.

Schedule APIs

Schedule APIs provide functionality to manage and retrieve scheduled tasks and automations within your organization. These APIs allow you to access scheduler configurations, recurring events, and automation workflows.

Getting Started with iMBrace DevOps Infrastructure

Quick start guide for deploying and managing iMBrace Platform infrastructure on AWS Private Cloud

On this page

iMBrace DevOps Infrastructure OverviewIntroductionInfrastructure ArchitectureOverall Design⚙️ DevOps Workflow1. Local Environment Setup2. Repository Management3. Infrastructure Provisioning4. Application Configuration5. Application Deployment☁️ AWS Resource StackSecurity & ManagementDevOps Infrastructure Documentation IncludesPurpose of the DevOps Infrastructure Documentation