Designing an internal developer platform architecture
The following image shows the core components of an internal developer platform.
AWS recommends that organizations adopt a multi-account strategy to isolate and manage their applications and data. The same principle applies when building an internal developer platform. Deploy the internal developer platform in a shared services or a tooling AWS account that has access to the rest of your organization's accounts. This supports different development teams that use different AWS accounts for their environments. It also centralizes management and provides cost visibility for all of the different components that are managed by the internal developer platform.
The internal developer platform requires an orchestrator to deploy its different components. You can use Amazon Elastic Container Service (Amazon ECS) or Amazon Elastic Kubernetes Service (Amazon EKS). Build a cluster that hosts the different internal developer platform services to enable its capabilities. This architecture provides the ability to scale the platform infrastructure as it serves more end users. More information about platform capabilities is provided later in this guide, but in summary, these capabilities need to address the functionalities that developers need to manage their workloads. Examples include:
-
Security for workload protection
-
Infrastructure as code to manage the workload infrastructure
-
Continuous integration and continuous deployment (CI/CD) to automate the testing and deployment of workloads
-
Secure ingress to provide access to the workload services
-
Tenancy to isolate different teams and workloads
-
Observability to address logging, metrics, tracing, and alerting for workloads and their infrastructure
Backstage
For reference architectures for internal developer platforms, see the following:
