Implementation Plan for Acme Insurance

DRAFT
Updated

Overview

Build a modern webapp for Order Exports and Employee Profiles

This plan covers cloud first development of a modular solution targeting AWS. The following features are in scope for the first iteration of this project.

Use CaseIn ScopeDescription
Order ExportYesDisplay and generate PDF by extracting OMS data
My ProfileYesEmployee directory and profile customization

The following diagram shows a high level design of the solution. This plan will further detail each part shown below:

Infrastructure

This plan targets AWS for new infrastructure to support our solution.

InfrastructureDescriptionAlternates
AWS FargateServerless compute for containers with automatic scalingEKS
AWS ECSElastic container service to support service modulesEKS
AWS CloudWatchObservability, debugging, monitoringDataDog
AWS AuroraPostgreSQL relational database for storing recordsDynamoDB
AWS DynamoDBNoSQL database for fast record lookup timesAurora
AWS S3File storage for temporarily storing PDF files

Security

This plan recommends a combination of role-based access security (RBAC) and attribute-based access security (ABAC). User’s will login through Open ID. The IMS will include user claims upon successful authentication. The claims will be utilized for authorization.

This plan recommends the following permissions:

PermissionRBACABACDescription
emp-profile-viewView and lookup employee profiles
emp-profile-my-editEdit my own profile
emp-profile-any-editEdit any employee’s profile (HR only)
order-exportView and export an order

Modules

This plan recommends building multiple business and infrastructure modules to support our use cases. The goal of this architecture is to provide the ground-work for supporting additional features in future interations.

For simplicity, the team may consider a single service that combines the Web App, Order Service, and Profile Service.

Web App

The web app is a front-end ASP.NET MVC infrastructure service utilizing server side rendering (SSR). This plan recommends adopting a common CSS framework to keep styling consistent with existing systems and client designs. It may be useful to consider a modern SPA framework if we anticipate complex UX use cases.

Profile Service

The profile service is a business module utilizing .NET microservice pattern and minimal APIs. This plan recommends the service store custom profile information in AuroraDB for the following reasons:

For simplicity, this service will retrieve in real-time the “read-only” data from the IMS as needed. If necessary, this plan recommends caching to reduce latency.

This service will protect private employee profile information by checking claims on the JWT token.

This service will contain the following endpoints as defined by Open API version 3 specification:

MethodEndpointRequestResponse
GET/employeesSearch criteria* paging querystringJSON paged list of profiles
GET/employees/{id}Load full employee profileJSON employee profile
POST/employees/{id}JSON employee profileJSON employee profile

This plan also recommends the following design choices:

Order Service

The order service is a business module utilizing .NET microservice pattern and minimal APIs. This plan recommends the service store all order events in a record-per-order document in DynamoDB for the follwing reasons:

The Orders table in DynamoDB will need to be populated from the existing OMS system via an ETL job. Although this job is only meant to run once, we may need to run it multiple times as part of reconciliation process. See Sync Job for more details.

The service will accept streaming order events from the OMS and update order records in the Orders table.

The following sequence diagram shows the flow of communication for order exports:

This following endpoints will be provided as defined by Open API version 3 specification:

MethodEndpointRequestResponse
GET/ordersSearch criteria* paging querystringJSON paged list of orders
GET/orders/export/{id}Order id in routeJSON order
POST/orders/exportJSON with order id and template idJSON PDF download link

This plan also recommends the following design choices:

PDF Service

The PDF service is an infrastructure service that utilizes a headless chromium solution for rendering PDFs from HTML. This service will accept a URL or raw HTML for rendering. Any assets required for rendering must be publically available. This plan recommends embedding assets into HTML whenever possible.

Generating PDFs from HTML is a computationally expensive process. This design recommends storing PDFs in S3 for the following reasons:

MethodEndpointRequestResponse
POST/generateJSON with HTML or URL to renderJSON with unique hash ID download URL

Sync Job

The sync job is responsible for loading all order events into combined order records in the Orders table.

More information TBD