-
A GSP cluster resides in an AWS account within the London region (eu-west-2)
-
The infrastructure is deployed across three availability zones (eu-west-2a, eu-west-2b, eu-west-2c)
-
The cluster makes use of Global Accellerator to manage static IP addresses.
-
Load balancing is achieved through the use of an application load balancer.
-
External egress access is via a NAT gateway in each availability zone.
-
The kubernetes control plane is managed by AWS EKS
-
The cluster relies on AWS IAM for identity and authorisation
-
The cluster contains an autoscaling group containing a continuous integration service based on ConcourseCI
-
By default there are three kubernetes worker nodes for the cluster split across the three availability zones
-
All accounts benefit from AWS Shield protection against distributed denial of service attacks
-
The cluster aggregates selected log events to AWS CloudWatch for ongoing processing by the Cyber Security team
-
CloudWatch logs are shipped externally to Splunk using AWS Lambda