Partner Spotlight: Tulip & AWS

How it Works

• AWS Elastic Load Balancing on Kubernetes

  Traffic arrives at Tulip instances by way of AWS Elastic Load Balancing (ELB), a layer 4 routing and ingress service. Tulip uses Kubernetes for application container orchestration, and the Kubernetes ingress service terminates SSL traffic from the ELB and routes requests to the correct Tulip application instance. Access to the Kubernetes cluster is strictly limited using Amazon Virtual Private Cloud (Amazon VPC) features such as security groups and network Access Control Lists.

• Event Monitoring Powered by Prometheus

  Tulip has a robust event monitoring infrastructure, powered by Prometheus. Its alert manager alerts on-call engineers in the case defined event threshold limits (request latency, network errors, etc.) are triggered. Amazon Elasticsearch Service is used for log aggregation, and the open-source Elastalert tool is used to define alert thresholds, analogous to the Prometheus event thresholds.

• Asset Storage on Amazon S3

  Assets such as images, videos, PDF documents, and other files are often used to provide a rich user experience when building operations apps. Tulip stores all customer file uploads in Amazon Simple Storage Service (Amazon S3) buckets, with strict and audited access control.
  

• Security with Amazon RDS, EBS, and KMS

  Security is a concern for companies of all sizes, and Tulip leverages AWS to deliver a secure hosting environment for operations apps. We isolate customer environments so that data is securely stored and integrity-protected.

  Data is encrypted when stored on AWS, as well as in-transit between AWS and a customer’s environment. Specifically, Tulip uses Amazon Relational Database Service (Amazon RDS) for persistent storage, and the Amazon Elastic Block Store (Amazon EBS) volume uses AWS Key Management Service (KMS) to encrypt data at rest.