Overview
The Resilient pattern targets mission-critical applications that need high availability, data durability, and disaster recovery. It deploys across 3 Availability Zones with KMS encryption, an Aurora PostgreSQL database, RDS Proxy, and enhanced monitoring.What’s Included
- ECS Fargate with auto-scaling across multiple AZs
- Aurora PostgreSQL database with automatic failover
- KMS encryption for data at rest (customer-managed keys)
- RDS Proxy for connection pooling and failover handling
- Enhanced monitoring with Database Insights (advanced mode)
- 30-day backup retention with point-in-time recovery
Architecture
Generated Infrastructure
Specifications
Compute (ECS Fargate)
| Setting | Value |
|---|---|
| CPU | 1024 units (1 vCPU) per task |
| Memory | 2048 MiB per task |
| Tasks | 4 minimum, 20 maximum |
| Auto-scaling | Target 70% CPU |
| Health checks | ALB + container health |
| Deployment | Blue/green with rollback |
Database (Aurora)
| Setting | Value |
|---|---|
| Engine | Aurora PostgreSQL 16.6 |
| Capacity | Serverless v2 (scales automatically with load) |
| Readers | 2 reader instances |
| Backups | 30-day retention |
| Point-in-time recovery | Within the 30-day backup window |
| Multi-AZ | Automatic failover |
| RDS Proxy | Connection pooling and failover handling, TLS required |
| Database Insights | Advanced mode, encrypted with a customer-managed key |
Security
| Setting | Value |
|---|---|
| KMS encryption | Data at rest with customer-managed keys |
| VPC | Multi-AZ across 3 zones |
| Interface endpoints | ECR, Secrets Manager |
| Flow logs | 90-day retention |
| DDoS | Shield Standard |
| Encryption | In-transit and at-rest |
| Certificates | ACM-managed SSL/TLS |
High Availability Features
Multi-AZ Deployment
- ECS tasks spread across 3 AZs
- Aurora with automatic failover
- ALB routing across AZs
- 3 NAT Gateways (one per AZ)
Auto-Scaling Policies
Database Features
- Automatic failover: Aurora promotes a reader on writer failure
- Reader instances: 2 readers for read scaling and redundancy
- Fast cloning: copy-on-write database copies for testing
- RDS Proxy: pooled connections survive failover with minimal disruption
Disaster Recovery
RTO and RPO Targets
| Target | Value |
|---|---|
| RTO (Recovery Time Objective) | < 30 minutes |
| RPO (Recovery Point Objective) | < 1 minute |
Backup Strategy
- Continuous backups: Aurora to S3 with point-in-time recovery
- Cross-region snapshots: daily
- Application state: S3 with versioning
- Configuration: AWS Systems Manager
Monitoring and Alerting
CloudWatch Dashboards
- Service health overview
- Database performance metrics
- Application business metrics
- Cost tracking dashboard
Alarms Configuration
Cost Estimation
| Resource | Specification | Monthly Cost |
|---|---|---|
| ECS Fargate | 4-20 tasks (1 vCPU, 2 GB) | $150-750 |
| Aurora Serverless v2 | Scales with load | $50-400 |
| Load Balancer | Multi-AZ ALB | $16 |
| Data Transfer | Cross-AZ | $20-100 |
| Backups | S3 storage | $10-50 |
| KMS | Key usage | ~$1 |
| Total | $250-1300 |
Security Hardening
KMS Encryption
- All data at rest encrypted with customer-managed KMS keys
- Aurora storage encryption
- S3 bucket encryption
- EBS volume encryption
Compliance Features
| Feature | Detail |
|---|---|
| Encryption | KMS customer-managed keys |
| Audit logs | CloudTrail enabled |
| Access logs | S3 with lifecycle policy |
| Compliance | SOC2 and HIPAA ready |
When to Use
Choose Resilient for:- E-commerce platforms
- Financial services
- Healthcare applications
- SaaS platforms
- Government systems
- Any mission-critical application
- Low-traffic application (use Standard)
- Cost is the primary concern (use Lightweight)
- Development only (use Tinkerer)
Migration from Standard
- Switch from an RDS Instance to Aurora
- Raise the minimum task count to 4
- Add KMS encryption
- Configure enhanced monitoring
- Set up cross-region backups
Best Practices
- Test failover procedures regularly
- Monitor costs closely, as they scale with traffic
- Document runbooks for incidents
- Practise chaos engineering
- Run regular security audits
- Performance-test at scale
- Apply cost-allocation tags for tracking
Next Steps
Deploy your application
Push the Resilient stack to AWS.
Add resources
Extend the infrastructure with storage, messaging, and more.
Compute Factory
Customise the ECS Fargate compute layer.
Load balancer
Configure CloudFront and ALB routing.