Secure property store for cloud applications

Infrastructure Overview

Infrastructure Overview

Cerberus infrastructure overview diagram

Edge Security

Cerberus uses the Amazon WAF to provide edge security. This is automatically setup with the command-line API.

The WAF automatically drops requests with incorrect request body size, SQL injection, and Cross Site Scripting (XSS).

Application Load Balancer (ALB) logs are parsed using a rate limiting lambda that automatically blacklists IP addresses exceeding a configurable request rate limit. The access logs are stored in S3 and every time a new log chunk is written to S3, the Lambda is triggered (every 10 minutes or so).

For more background information, please see:

Cerberus Management Service

The Cerberus Management Service is the main micro-service that makes up a Cerberus environment. It includes features for:

  • Management of Safe Deposit Boxes
  • User Authentication
  • AWS IAM Role Authentication
  • Permissions Management

Cerberus Management Service diagram


Amazon Aurora is used as the data store.


S3 is used for storing configuration such as CMS settings and TLS certificates.