Skip to main content

Overview

The Enterprise pattern delivers the highest level of infrastructure capability. It combines large compute allocations, KMS encryption across all data stores, advanced database insights, read replicas, VPC endpoints, and S3-backed flow logs with 365-day retention.
fjall create app --name api --type enterprise

Architecture

┌─────────────────────────────────────────────────────────┐
│  VPC (3 AZs, 3 NAT Gateways)                           │
│                                                         │
│  ┌─────────────────────────────────────────────┐        │
│  │  ALB (Application Load Balancer)             │        │
│  └──────────────┬──────────────────────────────┘        │
│                 │                                        │
│  ┌──────────────▼──────────────────────────────┐        │
│  │  ECS Fargate (2048 CPU / 4096 MiB)           │        │
│  │  6 tasks (scales to 100)                     │        │
│  └──────────────┬──────────────────────────────┘        │
│                 │                                        │
│  ┌──────────────▼──────────────────────────────┐        │
│  │  RDS Proxy (TLS required)                    │        │
│  └──────────────┬──────────────────────────────┘        │
│                 │                                        │
│  ┌──────────────▼──────────────────────────────┐        │
│  │  Aurora (2 readers, KMS, 35-day backup)      │        │
│  │  Advanced Database Insights (KMS encrypted)  │        │
│  └─────────────────────────────────────────────┘        │
│                                                         │
│  VPC Endpoints: ECR, Secrets Manager, KMS, CloudWatch   │
│  Flow Logs: S3 (365-day retention)                      │
└─────────────────────────────────────────────────────────┘

What’s Included

ResourceConfiguration
ComputeECS Fargate, 2048 CPU, 4096 MiB memory
Scaling6 desired tasks, scales to 100
DatabaseAurora with 2 readers, KMS encryption, 35-day backup
ProxyRDS Proxy with TLS required
InsightsAdvanced Database Insights with KMS-encrypted storage
Read ReplicaIncluded (Instance type)
Network3 AZs, 3 NAT Gateways
VPC EndpointsECR, Secrets Manager, KMS, CloudWatch Logs
Flow LogsS3 destination, 365-day retention
EncryptionKMS customer-managed keys for storage and insights
BackupEnterprise-tier AWS Backup
Lambda1024 MB memory, 300s timeout (if added)

Generated Infrastructure

When you create an enterprise app, Fjall generates an infrastructure.ts file similar to:
import {
  App,
  DatabaseFactory,
  ComputeFactory,
  getConfig,
} from "@fjall/components-infrastructure";

const appName = "api";
const app = App.getApp(appName, {
  network: {
    maxAzs: 3,
    natGateways: { count: 3 },
    flowLogs: { destination: "s3", retentionDays: 365 },
    vpcEndpoints: {
      interface: {
        ecr: true,
        secretsManager: true,
        kms: true,
        cloudwatchLogs: true,
      },
    },
  },
  backup: { tier: "enterprise" },
});

const apiDatabase = app.addDatabase(
  DatabaseFactory.build("api", {
    vpc: app.getVpc(),
    type: "Aurora",
    databaseName: "api",
    encryption: { storageKey: { useCMK: true } },
    databaseInsights: {
      mode: "advanced",
      encryptionKey: { useCMK: true },
    },
    proxy: { requireTLS: true },
    readers: { count: 2 },
    backupRetention: 35,
  }),
);

app.addCompute(
  ComputeFactory.build("ApiCompute", {
    type: "ecs",
    ecrRepository: app.getDefaultContainerRegistry(),
    services: [
      {
        name: "api",
        capacityProvider: "FARGATE",
        containers: [
          {
            port: 3000,
            environment: {
              ENVIRONMENT: getConfig().environment,
              DATABASE_HOST: apiDatabase.getHostEndpoint(),
              DATABASE_PORT: `${apiDatabase.getHostPort()}`,
              DATABASE_NAME: apiDatabase.getDatabaseName(),
            },
            secretsImport: {
              DATABASE_PASSWORD: apiDatabase
                .getCredentials()
                .getImport("password"),
            },
          },
        ],
        cpu: 2048,
        memoryLimitMiB: 4096,
        desiredCount: 6,
        scaling: { minCapacity: 6, maxCapacity: 100 },
        connections: [apiDatabase],
      },
    ],
  }),
);

Enterprise vs Resilient

FeatureResilientEnterprise
CPU / Memory1024 / 2048 MiB2048 / 4096 MiB
Desired Tasks46
Max Tasks20100
Database (default)AuroraAurora
Instance size (if Instance type chosen)r7g.larger7g.xlarge
Read ReplicaNoYes
VPC EndpointsSecrets ManagerECR, Secrets Manager, KMS, CloudWatch
Flow LogsCloudWatch (90 days)S3 (365 days)
Lambda Memory512 MB1024 MB
Lambda Timeout120s300s
BackupStandardEnterprise

When to Use

Enterprise is designed for:
  • Regulated industries (finance, healthcare) requiring audit trails and encryption
  • High-throughput applications that need 100+ concurrent tasks
  • Workloads that require VPC endpoints to keep traffic off the public internet
  • Organisations with compliance requirements for long-term log retention

Cost Considerations

Enterprise infrastructure runs at higher baseline cost due to:
  • 6 Fargate tasks running continuously (2 vCPU / 4 GB each)
  • 3 NAT Gateways (one per AZ)
  • Aurora with 2 readers and RDS Proxy
  • VPC Interface Endpoints (per-hour charge per endpoint per AZ)
  • S3 flow log storage (365-day retention)
Estimated monthly cost: $300-800+ depending on traffic and data volume.

Next Steps

Deploy Application

Deploy your enterprise app to AWS

Add Resources

Extend with storage, messaging, or CDN

Compute Factory

Customise compute configuration

Database Factory

Customise database configuration