rew management services running on AWS, use AWS Direct Connect as the primary connection and AWS Site-to-Site VPN as the secondary connection. Crew member apps resolve domain names via Amazon Route 53to IP addresses for AmazonAPI Gateway and AmazonCloudFront distribution. Amazon API Gateway provides access to the application tier. Amazon CloudFront distribution serves out the static page and assets stored in an Amazon Simple Storage Service (Amazon S3), bucket. These are protected by AWS WAF (Web Application Firewall). Amazon Cognito provides user authentication and access control to crew applications. The application tier has a private Application Load Balancer (ALB) for load balancing crew management micro services. The ALB is connected to an Amazon EKS cluster in two different Availability Zones. An Amazon Aurora PostgreSQL-Compatible Edition relational database provides high availability using Aurora Replicas (reader instance). It also stores copies of the data across multiple Availability Zones. Use AWS Cloud Security s
