> ## Documentation Index
> Fetch the complete documentation index at: https://docs.fjall.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Enterprise Pattern

> Deploy maximum-capability Fjall infrastructure on AWS with advanced security, compliance, and high-throughput scaling.

## Overview

The Enterprise pattern delivers the highest level of infrastructure capability. It combines large compute allocations, KMS encryption across all data stores, advanced database insights, read replicas, VPC endpoints, and S3-backed flow logs with 365-day retention.

```bash theme={null}
fjall create app --name api --type enterprise
```

## Architecture

```
┌─────────────────────────────────────────────────────────┐
│  VPC (3 AZs, 3 NAT Gateways)                           │
│                                                         │
│  ┌─────────────────────────────────────────────┐        │
│  │  ALB (Application Load Balancer)             │        │
│  └──────────────┬──────────────────────────────┘        │
│                 │                                        │
│  ┌──────────────▼──────────────────────────────┐        │
│  │  ECS Fargate (2048 CPU / 4096 MiB)           │        │
│  │  6 tasks (scales to 100)                     │        │
│  └──────────────┬──────────────────────────────┘        │
│                 │                                        │
│  ┌──────────────▼──────────────────────────────┐        │
│  │  RDS Proxy (TLS required)                    │        │
│  └──────────────┬──────────────────────────────┘        │
│                 │                                        │
│  ┌──────────────▼──────────────────────────────┐        │
│  │  Aurora (2 readers, KMS, 35-day backup)      │        │
│  │  Advanced Database Insights (KMS encrypted)  │        │
│  └─────────────────────────────────────────────┘        │
│                                                         │
│  VPC Endpoints: ECR, Secrets Manager, KMS, CloudWatch   │
│  Flow Logs: S3 (365-day retention)                      │
└─────────────────────────────────────────────────────────┘
```

## What's Included

| Resource          | Configuration                                         |
| ----------------- | ----------------------------------------------------- |
| **Compute**       | ECS Fargate, 2048 CPU, 4096 MiB memory                |
| **Scaling**       | 6 desired tasks, scales to 100                        |
| **Database**      | Aurora with 2 readers, KMS encryption, 35-day backup  |
| **Proxy**         | RDS Proxy with TLS required                           |
| **Insights**      | Advanced Database Insights with KMS-encrypted storage |
| **Read Replica**  | Included (Instance type)                              |
| **Network**       | 3 AZs, 3 NAT Gateways                                 |
| **VPC Endpoints** | ECR, Secrets Manager, KMS, CloudWatch Logs            |
| **Flow Logs**     | S3 destination, 365-day retention                     |
| **Encryption**    | KMS customer-managed keys for storage and insights    |
| **Backup**        | Enterprise-tier AWS Backup                            |
| **Lambda**        | 1024 MB memory, 300s timeout (if added)               |

## Generated Infrastructure

When you create an enterprise app, Fjall generates an `infrastructure.ts` file similar to:

```typescript theme={null}
import {
  App,
  DatabaseFactory,
  ComputeFactory,
  getConfig,
} from "@fjall/components-infrastructure";

const appName = "api";
const app = App.getApp(appName, {
  network: {
    maxAzs: 3,
    natGateways: { count: 3 },
    flowLogs: { destination: "s3", retentionDays: 365 },
    vpcEndpoints: {
      interface: {
        ecr: true,
        secretsManager: true,
        kms: true,
        cloudwatchLogs: true,
      },
    },
  },
  backup: { tier: "enterprise" },
});

const apiDatabase = app.addDatabase(
  DatabaseFactory.build("api", {
    vpc: app.getVpc(),
    type: "Aurora",
    databaseName: "api",
    encryption: { storageKey: { useCMK: true } },
    databaseInsights: {
      mode: "advanced",
      encryptionKey: { useCMK: true },
    },
    proxy: { requireTLS: true },
    readers: { count: 2 },
    backupRetention: 35,
  }),
);

app.addCompute(
  ComputeFactory.build("ApiCompute", {
    type: "ecs",
    ecrRepository: app.getDefaultContainerRegistry(),
    services: [
      {
        name: "api",
        capacityProvider: "FARGATE",
        containers: [
          {
            port: 3000,
            environment: {
              ENVIRONMENT: getConfig().environment,
              DATABASE_HOST: apiDatabase.getHostEndpoint(),
              DATABASE_PORT: `${apiDatabase.getHostPort()}`,
              DATABASE_NAME: apiDatabase.getDatabaseName(),
            },
            secretsImport: {
              DATABASE_PASSWORD: apiDatabase
                .getCredentials()
                .getImport("password"),
            },
          },
        ],
        cpu: 2048,
        memoryLimitMiB: 4096,
        desiredCount: 6,
        scaling: { minCapacity: 6, maxCapacity: 100 },
        connections: [apiDatabase],
      },
    ],
  }),
);
```

## Enterprise vs Resilient

| Feature                                 | Resilient            | Enterprise                            |
| --------------------------------------- | -------------------- | ------------------------------------- |
| CPU / Memory                            | 1024 / 2048 MiB      | 2048 / 4096 MiB                       |
| Desired Tasks                           | 4                    | 6                                     |
| Max Tasks                               | 20                   | 100                                   |
| Database (default)                      | Aurora               | Aurora                                |
| Instance size (if Instance type chosen) | r7g.large            | r7g.xlarge                            |
| Read Replica                            | No                   | Yes                                   |
| VPC Endpoints                           | Secrets Manager      | ECR, Secrets Manager, KMS, CloudWatch |
| Flow Logs                               | CloudWatch (90 days) | S3 (365 days)                         |
| Lambda Memory                           | 512 MB               | 1024 MB                               |
| Lambda Timeout                          | 120s                 | 300s                                  |
| Backup                                  | Standard             | Enterprise                            |

## When to Use

Enterprise is designed for:

* Regulated industries (finance, healthcare) requiring audit trails and encryption
* High-throughput applications that need 100+ concurrent tasks
* Workloads that require VPC endpoints to keep traffic off the public internet
* Organisations with compliance requirements for long-term log retention

## Cost Considerations

Enterprise infrastructure runs at higher baseline cost due to:

* 6 Fargate tasks running continuously (2 vCPU / 4 GB each)
* 3 NAT Gateways (one per AZ)
* Aurora with 2 readers and RDS Proxy
* VPC Interface Endpoints (per-hour charge per endpoint per AZ)
* S3 flow log storage (365-day retention)

Estimated monthly cost: \$300-800+ depending on traffic and data volume.

## Next Steps

<CardGroup cols={2}>
  <Card title="Deploy Application" icon="rocket" href="/deployment/deploy-application">
    Deploy your enterprise app to AWS
  </Card>

  <Card title="Add Resources" icon="plus" href="/deployment/add-resources">
    Extend with storage, messaging, or CDN
  </Card>

  <Card title="Compute Factory" icon="microchip" href="/patterns/compute-factory">
    Customise compute configuration
  </Card>

  <Card title="Database Factory" icon="database" href="/patterns/database-factory">
    Customise database configuration
  </Card>
</CardGroup>
