Cloud Deployment

The cloud deployment model for emCA leverages AWS infrastructure to provide a secure, scalable, and high-availability environment for certificate management operations.

Key Components

• Application Layer Two or more EC2 instances in public subnets, behind an Application Load Balancer. AWS WAF filters HTTP(S) traffic and GuardDuty monitors for threats.

• Database Layer Two MySQL 8.0 RDS instances in private subnets, configured as master and replica for high availability.

• Key Storage AWS CloudHSM cluster holds CA private keys and sensitive cryptographic material.

• Persistent Storage Amazon EBS volumes provide durable storage for application and database data.

• Networking Controls VPC subnets and security groups isolate services, routing and VPN links secure hybrid connections.

• Operational Notes

  • Auto Scaling groups adjust EC2 capacity to demand.

  • RDS Multi-AZ deployment ensures failover capability.

  • All inter-service communication uses encrypted channels.