# Cloud Deployment

The cloud deployment model for emCA leverages AWS infrastructure to provide a secure, scalable, and high-availability environment for certificate management operations.

<figure><img src="https://2804668976-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOwstGDJbR4yGRTr2aEFp%2Fuploads%2FtPr3pZnoSLaC8VJrMGQz%2Fimage.png?alt=media&#x26;token=7ed07062-8eff-472a-8c66-6f7a76f5cd8f" alt=""><figcaption></figcaption></figure>

**Key Components**

* **Application Layer**\
  Two or more EC2 instances in public subnets, behind an Application Load Balancer. AWS WAF filters HTTP(S) traffic and GuardDuty monitors for threats.
* **Database Layer**\
  Two MySQL 8.0 RDS instances in private subnets, configured as master and replica for high availability.
* **Key Storage**\
  AWS CloudHSM cluster holds CA private keys and sensitive cryptographic material.
* **Persistent Storage**\
  Amazon EBS volumes provide durable storage for application and database data.
* **Networking Controls**\
  VPC subnets and security groups isolate services, routing and VPN links secure hybrid connections.
* **Operational Notes**
  * Auto Scaling groups adjust EC2 capacity to demand.
  * RDS Multi-AZ deployment ensures failover capability.
  * All inter-service communication uses encrypted channels.