Skip to content

Nova Home Care — Infrastructure Documentation

Welcome to the central documentation hub for Nova Home Care's AWS infrastructure. This site is version-controlled in Git, built with MkDocs Material, and deployed automatically via GitLab Pages.

Quick Navigation

Section Description
Infrastructure VPC, EC2, RDS, S3, ALBs, and monitoring
Services Django API, WordPress CMS, Gatsby, Foursites, Portal
OpenTofu Modules Reusable IaC modules reference
Disaster Recovery Multi-AZ, cross-region backups, auto-recovery
HIPAA Compliance Policies, safeguards, checklists, gap analysis
Runbooks Operational procedures and playbooks
Meeting Briefs Sprint meeting notes and decisions

Environment Overview

Item Detail
AWS Account 794248400165 (NHC)
Region us-east-2 (Ohio)
DR Region us-west-2 (Oregon)
IaC Tool OpenTofu 1.9
CI/CD GitLab Runners (self-hosted EC2)
DNS Cloudflare → ALBs (host-based routing)
PHI Environment Django API + Portal (HIPAA scope)
Non-PHI WordPress CMS, Gatsby, Foursites

Architecture

graph TB
    subgraph Internet
        CF[Cloudflare DNS]
    end

    subgraph AWS["AWS — us-east-2"]
        subgraph VPC["VPC 10.1.0.0/16"]
            subgraph Public["Public Subnets"]
                ALB1[ALB — Django/Portal]
                ALB2[ALB — WordPress/Gatsby]
                ALB3[ALB — Foursites]
            end
            subgraph Private["Private Subnets"]
                EC2D[EC2 — Django + Portal]
                EC2A[EC2 — WP CMS + Gatsby]
                EC2F[EC2 — Foursites]
                EC2R[EC2 — GitLab Runner]
                RDS1[(RDS MySQL — Django)]
                RDS2[(RDS MariaDB — WP CMS)]
                REDIS[ElastiCache Redis]
            end
        end
        S3[S3 Buckets]
        KMS[KMS Keys]
    end

    subgraph DR["AWS — us-west-2 DR"]
        DRV[DR Backup Vault]
    end

    CF --> ALB1
    CF --> ALB2
    CF --> ALB3
    ALB1 --> EC2D
    ALB2 --> EC2A
    ALB3 --> EC2F
    EC2D --> RDS1
    EC2D --> REDIS
    EC2A --> RDS2
    EC2D --> S3
    RDS1 -.->|cross-region backup| DRV

Status

Current State (DA-18)

  • ✅ RDS Multi-AZ enabled (Django MySQL + WP MariaDB)
  • ✅ EC2 Auto-Recovery alarms on all 4 instances
  • ✅ ElastiCache Redis (managed, encrypted)
  • ✅ Cross-Region DR backup vault in us-west-2
  • ✅ ASG module created (gated, ready for migration)
  • ✅ 23/23 HIPAA technical controls passing

Document Change Log

Date Change Author
2026-04-04 Expanded docs site: infrastructure, services, modules, DR sections DevOps
2026-03-30 DA-15 Phase 1 complete: NHC baseline deployed DevOps
2026-03-29 Initial documentation created DevOps