Secure property store for cloud applications

Files in S3

Files in S3

These S3 Buckets are created when bringing up a Cerberus Environment:

  • Cerberus Config bucket(s), e.g. {envName}-cerberus-config-cerberusconfigbucket-{hash}, multiple copies may be created in different regions for redundancy.
  • Load Balancer log bucket, e.g. {envName}-cerberus-load-balancer-alblogbucket-{hash}

Cerberus Config Bucket

E.g. {envName}-cerberus-config-cerberusconfigbucket-{hash}

The Cerberus Config bucket contains configuration files that are copied to Cerberus Ec2 instances when they are brought into service. All sensitive configuration data is encrypted with the AWS Encryption SDK using KMS.

This bucket has the following folder structure:

/certificates - TLS certificates
    /acme - Folder for the Let's Encrypt provider
        account-private-key-pkcs1.pem - Key needed to revoke Certificates in Let's Encrypt
    /cerberus_{envName}_{hash} - one or more folders
        /ca.pem - Certificate Authority key
        /cert.pem - TLS Certificate
        /key.pem - Private Key
        /pkcs8-key.pem - Public key in pkcs8 format (format needed by Netty)
        /cms-pubkey.pem - Public Key
/cms - Cerberus Management Service
    / - Settings for the CMS service

Load Balancer log bucket

E.g. {envName}-cerberus-load-balancer-alblogbucket-{hash}

This bucket has the following folder structure: