Best Practices for Deploying X-Road Security Servers on AWS
X-Road® is an open-source solution for secure data exchange between organizations. Data is exchanged on X-Road through access points called Security Servers (see: X-Road Architecture), implementing the same technical specifications. Security Servers are required for both producing and consuming data and services via X-Road.
Before Getting Started
This project discusses the best practices for deploying X-Road Security Servers on AWS through the lens of AWS Well-Architected Framework. The AWS Well-Architected Framework describes the key concepts, design principles, and architectural best practices for designing and running workloads in the cloud. The AWS Well-Architected Framework consists of five pillars that are covered in different sections of this project.
The operational excellence pillar focuses on running and monitoring systems to deliver business value, and continually improving processes and procedures. Key topics include automating changes, responding to events, and defining standards to manage daily operations.
The security pillar focuses on protecting information and systems. Key topics include confidentiality and integrity of data, identifying and managing who can do what with privilege management, protecting systems, and establishing controls to detect security events.
The reliability pillar focuses on ensuring a workload performs its intended function correctly and consistently when it’s expected to. A resilient workload quickly recovers from failures to meet business and customer demand. Key topics include distributed system design, recovery planning, and how to handle change.
The performance efficiency pillar focuses on using IT and computing resources efficiently. Key topics include selecting the right resource types and sizes based on workload requirements, monitoring performance, and making informed decisions to maintain efficiency as business needs evolve.
The cost optimization pillar focuses on avoiding unnecessary costs. Key topics include understanding and controlling where money is being spent, selecting the most appropriate and right number of resource types, analyzing spend over time, and scaling to meet business needs without overspending.
Refer to the Getting Started with AWS guide for more information about the AWS Cloud and how to launch your first workloads on AWS.
X-Road Security Servers can be launched on Amazon EC2 Instances - see the AWS Quick Start Guide for launching a Linux Virtual Machine and the X-Road Security Server Installation Guide for Ubuntu for more details on how to set up a Security Server on an Ubuntu Linux instance.
Alternatively, X-Road Security Server Sidecar containers can be launched on Amazon Elastic Container Service or on Amazon Elastic Kubernetes Service. See the Security Server Sidecar User Guide for more details.
For hands-on tutorials on compute, containers and databases, take a look at the Getting Started Resource Center.
I Have More Questions
See the Frequently Asked Questions page for common questions and answers about running your X-Road workloads on AWS. If you can't get a satisfying answer from there, Join the X-Road Community to meet X-Road enthusiasts around the world and ask for help.
This guide is not intended to provide step-by-step instructions of setting up a Security Server on AWS, as the process
can vary significantly on your use case. If you feel you need guidance on getting started or someone to take you
through the process end-to-end, reach out to the X-Road Community or to
X-Road Technology Partners for further help.
If you think that there are crucial design guidelines missing from this guide, feel free to open an issue and describe what's missing in as much detail as you can.
Contributing to this Project
We welcome community contributions as pull requests. See CONTRIBUTING for more information.
Before submitting a pull request for change in content (e.g. proposing a new best practice or removing one, changing diagrams, adding or removing content from an existing best practice), please open an issue to discuss the improvement in detail. For minor changes in formatting or correcting typographical errors, you can open a pull request directly.
The best way to contact the team or to report an issue with the content is through GitHub. You can open an issue and describe the issue in as much detail as you can.
Reporting Security Concerns
See CONTRIBUTING for more information on how to report security related issues.
The documentation is made available under the Creative Commons Attribution-ShareAlike 4.0 International License. See the LICENSE file.
The sample code within this documentation is made available under the MIT-0 license. See the LICENSE-SAMPLECODE file.