본문으로 건너뛰기

Part 3: Backend Infrastructure Architecture

ItemContent
Document NamePart 3: Backend Infrastructure Architecture
Product NameDTA Wide Sleep Management Platform
Date2026-02-10
ScopePart 3 (Backend/Infrastructure)

1. Infrastructure Overview

  • Cloud Provider: Google Cloud Platform (GCP)
  • Region: europe-west3 (Frankfurt, Germany) - GDPR/DiGA compliant
  • Deployment Model: Serverless (Cloud Run) + Managed Services

2. Network Architecture and Trust Boundaries

3. GCP Service Configuration

3.1 Compute

ServicePurposeSecurity Controls
Cloud Run (dta-wide-api)NestJS API serverService Account, VPC Connector, Private IP

Auto-scaling:

  • Minimum instances: 1 (prevent cold start)
  • Maximum instances: 100
  • Concurrency: 80 req/instance

3.2 Databases

ServicePurposeBackupEncryption
Cloud SQL PostgreSQLUsers, sleep logs, questionnairesAutomatic daily backup (02:00), 30-day retentionAES-256-GCM (Cloud KMS)
Memorystore RedisSessions, cache, rate limitAutomatic backupAES-256 (Google managed)
FirestoreAnalysis logs, event streamAutomatic backupAES-256 (Google managed)

High Availability:

  • Cloud SQL: Multi-zone HA (Failover < 60 seconds)
  • Memorystore: Standard Tier (automatic replication)
  • Firestore: Multi-region replication

3.3 Networking

ComponentConfigurationSecurity Controls
VPC NetworkPrivate IP range: 10.0.0.0/16Firewall rules, Private Google Access
Serverless VPC ConnectorCloud Run → VPC connectionCloud Run access only
Cloud NATOutbound traffic (external API)Static IP, logging
Private Service ConnectCloud SQL Private IPVPC internal access only

Firewall Rules:

  • Inbound: HTTPS (443) only
  • Outbound: Whitelist (PostgreSQL 5432, Redis 6379)
  • SSH/RDP: Blocked (unnecessary for Cloud Run)

3.4 Security

ServicePurposeConfiguration
Cloud KMSEncryption key managementRoot Key: HSM-backed, 90-day auto rotation
Secret ManagerAPI keys, DB passwordsVersion Control, IAM access control
Cloud ArmorWAF, DDoS protectionOWASP Top 10 ruleset, IP whitelist [TODO: implementation verification needed]
VPC Service ControlsData exfiltration preventionEnforce europe-west3 region only

4. Infrastructure Security Controls

4.1 IAM Role-Based Access Control

Service AccountRolePermission Scope
dta-wide-api@...Cloud Run API serviceCloud SQL Client, Secret Manager Accessor, Cloud Logging Writer
db-admin@...DB administratorCloud SQL Admin (read-only, approval required)
ci-cd@...CI/CD pipelineCloud Run Deployer, Container Registry Writer

Least Privilege Principle:

  • Each Service Account has only necessary minimum permissions
  • Production DB write permission: API service only
  • Developers: read-only

4.2 Secret Management

Secret Manager Usage:

secrets/
├── DATABASE_URL              # PostgreSQL connection string
├── REDIS_URL                 # Redis connection string
├── JWT_SECRET                # JWT signing key
├── OPENAI_API_KEY            # OpenAI API key
└── MAILGUN_API_KEY           # Email sending key

Access Control:

  • Cloud Run Service Account access only
  • Version management (keep latest 3 versions)
  • Audit logging (secret access records)

5. Backup and Disaster Recovery (Backup & DR)

5.1 Backup Policy

Data TypeBackup FrequencyRetention PeriodStorage Location
PostgreSQL Main DBDaily 02:00 (automatic)30 daysCloud SQL automatic backup (europe-west3)
FirestoreReal-time replicationUnlimited (automatic)Firestore Managed
Cloud Storage (logs)Weekly archive1 yearCloud Storage (Nearline)

5.2 Disaster Recovery Plan

RPO (Recovery Point Objective): 1 hour

  • Cloud SQL Point-in-Time Recovery supported
  • Transaction logs retained 7 days

RTO (Recovery Time Objective): 4 hours

  • Cloud SQL HA Failover: < 60 seconds
  • Complete infrastructure rebuild: < 4 hours (Terraform automation)

DR Procedure:

  1. Cloud SQL Failover (automatic, < 60 seconds)
  2. Cloud Run auto-redeploy (new Zone)
  3. DNS update (Cloud DNS, TTL 60 seconds)
  4. Data integrity validation
  5. Service normalization confirmation

6. CI/CD Pipeline

6.1 Deployment Flow

6.2 Deployment Security Controls

StageSecurity CheckBlock Condition
Code ReviewSecurity team review (Critical changes)Unapproved
SASTSonarCloud, SemgrepCritical/High vulnerabilities
Container ScanGCP Vulnerability ScanningCritical CVE
Staging DeployE2E testsTest failure
Production DeployTech Lead approvalUnapproved

7. Monitoring and Alerting

7.1 Key Metrics

MetricThresholdAlert RecipientAction
API Response Time (P95)> 2 secondsOperationsPerformance investigation
Error Rate> 5%Operations + DevelopmentImmediate investigation
DB Connection Pool> 80%DBAScale Up review
Redis Memory> 90%OperationsCache cleanup or Scale Up
SSL Certificate Expiration< 30 daysSecurityCertificate renewal

7.2 Alert Channels (TODO: Improvement)

  • Critical: Slack
  • High: Slack
  • Medium: Slack
  • Low: Slack

Evidence and References (Artifacts)

  1. Infrastructure Diagram (Section 2 of this document)
  2. GCP Project Structure Export - artifacts/gcp-project-structure.json
  3. Cloud Run Configuration - cloudrun-deploy/service.yaml
  4. Cloud SQL Configuration - artifacts/cloudsql-config.json
  5. IAM Role Definitions - artifacts/iam-roles.json
  6. VPC Firewall Rules - artifacts/vpc-firewall-rules.json
  7. Secret Manager Keys List - artifacts/secret-manager-keys.json
  8. CI/CD Pipeline - .github/workflows/deployment-ci-europe.yml
  9. Backup Policy Evidence - Cloud SQL backup configuration screenshot
  10. Monitoring Dashboard - Cloud Monitoring dashboard export
RegulationRequirementImplementationEvidence
BSI TR-03161 Part 3Secure infrastructureVPC, Private IP, WAFGCP configuration export
GDPR Article 32Appropriate technical measuresEncryption, access control, audit loggingThis document
DiGA (BfArM)German data residencyeurope-west3 region enforcementVPC Service Controls