Skip to content

Alpelo - Salon Management Platform

Network & Security

Network & Security Infrastructure

[CLD-001] Provision VPC with Network Segmentation

Description

Provisions a Virtual Private Cloud (VPC) with strict segmentation to isolate the "AI Data Plane" from the public internet.

Acceptance Criteria

[ ] VPC created with CIDR 10.0.0.0/16.
[ ] Public Subnet: For Load Balancers and Bastion Hosts.
[ ] Private Subnet (App Tier): For API Services (FastAPI).
[ ] Private Subnet (Data/AI Tier): For Postgres, Vector DB, and EC2 Inference Nodes. No internet gateway access.
[ ] NAT Gateway configured for outbound patch updates only.

[CLD-002] Security Group Configuration

Description

Defines firewall rules to ensure only the Core API Service can talk to the Inference Service.

Acceptance Criteria

[ ] Inference-SG: Allow Inbound TCP 11434 (Ollama) ONLY from App-Tier-SG.
[ ] DB-SG: Allow Inbound TCP 5432 ONLY from App-Tier-SG.
[ ] All public inbound traffic blocked on Internal SGs.