scribble Pad

 

Human access to accounts/resources

Human access should happen via SSO, in AWS we implemented SSO in a separate account that isn’t prod, dev, uat, etc.. , then the users are given delegate access to only the accounts they need to access (read only).

The idea behind this is to avoid  the creation several sets of users in several accounts and having just one point of management for users, making it easier to manager and more secure/controllable.

 

Humans should not get read-write access to anything, the only user that has write access is the CI/CD. This way we ensure nothing is changed manually.

Manual changes will defeat the purpose of infrastructure as code and in the long run will make the code un-runnable without major interventions and disruptions.

 

 

To illustrate the architecture and their relationships, let's create a high-level diagram:

               +---------------------------------------------+
              |         Salesforce Health Cloud UI         |
              +---------------------------------------------+
                              |
                              | Sends data to
                              |
                              v
    +-----------------------------------------+
    |        Azure API Management (APIM)      |
    |                                         |
    |   - Exposes APIs securely               |
    |   - Handles authentication &            |
    |     authorization                       |
    +-----------------------------------------+
                              |
                              | Sends data/messages to
                              |
               +------------------------------------------+
               |         Azure Service Bus               |
               |                                          |
               |   - Acts as a messaging backbone       |
               |   - Ensures reliable message delivery   |
               +------------------------------------------+
                              |
                              | Triggers workflows in
                              |
               +------------------------------------------+
               |         Azure Logic Apps                |
               |                                          |
               |   - Orchestrates business processes     |
               |   - Integrates with APIs and services   |
               +------------------------------------------+
                              |
                              | Processes data with
                              |
               +------------------------------------------+
               |         Azure Function Apps             |
               |                                          |
               |   - Executes custom logic               |
               |   - Responds to events and triggers     |
               +------------------------------------------+
                              |
                              | Sends processed data to
                              |
          +--------------------------------------------------+
          |               LIMS System (On-Premises)           |
          |                                                  |
          |   - Manages laboratory data                       |
          |   - Receives data from Azure services             |
          +--------------------------------------------------+

In this architecture:

  • The Salesforce Health Cloud UI interacts with users and sends data to Azure API Management.
  • Azure API Management acts as the entry point for APIs, handling security, authentication, and authorization.
  • Azure Service Bus provides reliable messaging between components, allowing decoupled communication.
  • Azure Logic Apps orchestrates workflows and integrates with APIs and services.
  • Azure Function Apps execute custom logic in response to events or triggers.
  • The LIMS system, located on-premises, manages laboratory data and receives processed data from Azure services.

These components work together to enable seamless communication, data processing, and integration between the Salesforce Health Cloud UI and the LIMS system, with Azure services facilitating the necessary interactions and workflows.

Comments

Post a Comment

Popular posts from this blog

APIM -- High Availability skipping DR and Geo-Redundancy

  Regional Redundancy : Deploy your APIM service in an Azure region that offers redundancy and fault tolerance. Azure regions consist of multiple data centers, ensuring resilience against data center failures within the region. Scale Units : Configure your APIM service with multiple scale units within the same region. Scale units are isolated instances of APIM infrastructure that handle incoming traffic independently. Distributing your API traffic across multiple scale units ensures redundancy and fault tolerance at the application layer. Define Terraform Configuration : Write Terraform configuration files (usually with a .tf extension) that describe the resources needed for your APIM deployment, including multiple instances representing scale units. Create Scale Units : Use Terraform to define multiple instances of the APIM service using the azurerm_api_management resource. Each instance represents a scale unit, capable of handling incoming traffic independently.   Availabi...
Read more

Working on Azure -- Terraform - connectivity

If you're using a service principal account to authenticate with Azure, you'll still need to install the Azure CLI on your VDI, but you'll also need to configure the CLI to use the service principal for authentication. Here's how you can do it: Install Azure CLI : Download and install the Azure CLI on your VDI by following the installation instructions provided by Microsoft. You can find the installation instructions for various operating systems here . Authenticate with Service Principal : Once the Azure CLI is installed, you'll need to authenticate with Azure using the service principal credentials. Run the following command and provide the necessary details:  
Read more