choreo
2023/03/01
 
1 Mar, 2023 | 3 min read

Private Choreo Data Planes on AWS

  • Binura Gunasekara
  • Associate Director/Architect - WSO2

Photo by shawnanggg on Unsplash

Expanding on Choreo’s multi-cloud capabilities as an internal developer platform for cloud-native application deployment, API management and DevOps, we’re pleased to announce that you can now run Choreo as a private data plane on your Amazon Web Services (AWS) infrastructure.

A quick recap on Private Choreo Data Planes:

  • While the Choreo-managed Cloud Data Plane is a great way to get started on the platform, most enterprises prefer to run their workloads and APIs on their cloud infrastructure for security and compliance needs. 
  • Private Choreo Data Planes allow organizations to run their workloads, integrations, and APIs on their cloud infrastructure, behind enterprise firewalls - with Choreo taking care of integrating the complex moving parts and cloud services to create a seamless experience for your development teams.

Figure 1: An overview of a private data plane

  • Private Data Planes on AWS - How do they work?
    • You can connect one or more Elastic Kubernetes Clusters (EKS), and Choreo environments and promotion flows can be configured as required across these environments, which can also be across multiple EKS clusters.
    • The private data plane(s) and associated deployment environments in Choreo can be flexibly configured on your AWS infrastructure.
      • A private data plane at its core consists of an EKS cluster and the Choreo system components including the API gateways. Choreo takes care of the hard parts by managing and connecting the underlying cloud infrastructure together to provide you with a platform to seamlessly develop, deploy, and manage your applications, APIs, and integrations on AWS.
        • Multiple environments can be created on these attached private data planes as needed across different projects under your Choreo organization. Environments are created on a per-project basis, and different teams can utilize this capability to effectively and securely share private data planes to build out their own deployment environments and CI/CD pipelines.
        • Production and non/pre-production environments can be split between different data planes for greater isolation but it’s also possible to create all your environments on a single data plane (with the ability to expand to a multi-data plane/AWS account configuration later).
    • The clusters can be configured within private networks and firewalls but requires allow-listed egress access to a few Choreo endpoints on the WSO2-managed Control Plane. Choreo doesn’t open any ports or load balancers on your cloud infrastructure to connect to the control plane.
    • Choreo will natively integrate with the following AWS cloud services to provide a seamless experience:
      • Elastic Container Registry (ECR) for storing your built images.
        Choreo’s CI/CD pipelines will automatically push new builds to your private ECR, and all connected private data planes will be able to pull and deploy these images upon deployment or promotion.
      • AWS Secret Manager for encrypting and storing sensitive application secrets and configurations (which are then applied to your workloads on EKS).
        Your sensitive application secrets and configurations are not kept on the Choreo Control Plane, these are encrypted and stored on your AWS Secret Manager.
      • Cloud networking resources (from API Gateways and Ingress Controllers to the underlying VPCs, network security groups, etc.) to enable Choreo’s API management features. The installation will include two Choreo Connect Gateways for your public and internal APIs as well as an Ingress Controller for serving web applications.
    • Choreo’s built-in observability features can only be enabled if logs and metrics can be pushed to the Choreo control plane from your AWS environment. As this could be a breach of compliance for most enterprises, Choreo offers curated support for setting up third-party Observability tools such as New Relic or Datadog (support for other observability tooling can be provided on demand if required) within the private infrastructure.

Figure 2: Private data plane on AWS (High-level view)

Getting Started

If you’re already on the Choreo Cloud Data Plane and want to transition to a Private Choreo Data Plane on AWS, learn more about hybrid data planes, or contact us to get started.

If you’re new to Choreo, sign up for free and try it today! 

English