Q-Sensei Logs is a fully managed analytics service for log events and metrics built on top of Q-Sensei Fuse. Q-Sensei Logs is built with a focus on security and high availability. In this section, SaaS architecture of Q-Sensei Logs is explained in detail.
The below diagram gives an overview of the Q-Sensei Logs SaaS architecture.
Amazon Route 53 DNS
Amazon Route 53 is a highly available and scalable Domain Name System (DNS) cloud web service. Q-Sensei Logs customers get their own personal domain. The personal domain name is of the form https://{personal-domain-name}.logs.qsensei.cloud. SaaS users can access their Q-Sensei Logs application by simply typing the personal domain name in the browser. The DNS service has an entry to forward all requests for the personal domain to an internet facing application load balancer.
HTTPS Internet-Facing Application Load Balancer
All incoming requests are forwarded to an Internet facing application load balancer which listens only on the HTTPS port 443. The application load balancer authenticates each and every request using AWS Cognito and then routes the traffic to targets within the AWS Virtual Private Cloud (VPC) depending on the request.
AWS Cognito - Identity and Access Management
AWS Cognito User pool is a standards-based identity provider and supports identity and access management standards, such as OAuth2.0, SAML 2.0 and OpenID Connect. We create an AWS Cognito User pool for each of our customer account. After successfully authenticating, depending on the user role, the user either sees Manager UI or the Analytical UI. Amazon Cognito is HIPAA eligible and PCI DSS, SOC, ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and ISO 9001 compliant.
Q-Sensei Logs Manager Application
The Manager application is deployed in a private subnet with no connectivity from outside. A virtual firewall is employed to only allow traffic from the application load balancer. The manager application supports the following important functionalities
- Deployment Management – Create, delete and update deployment stacks using AWS CloudFormation
- User Management – Add and Remove users per Q-Sensei Logs deployment using AWS Cognito
For more details, check our Manager UI Documentation.
Q-Sensei Logs Deployment
Q-Sensei Logs deployment represents the core set of services required to ingest events, provide analytics and alerting on the ingested events. All resources are deployed in a private subnet with no connectivity from outside. A virtual firewall is employed to only allow traffic from the application load balancer. Following are the components of the Q-Sensei Logs deployment:
- Upload API
- Analytical UI
- Alerting Service
- Q-Sensei Fuse Cluster
- Q-Sensei Service Registry