Skip to content

Latest commit

 

History

History
100 lines (55 loc) · 5.69 KB

architecture.md

File metadata and controls

100 lines (55 loc) · 5.69 KB

Mumble Service Architecture

AWS architecture overview

The following diagram shows the overview of the AWS architecture.

Architecture Overview

(The diagram was made with draw.io desktop.)

The following subsections briefly describe each component.

① Mumble AWS CloudFormation stack

All the resources of the Mumble service are described with AWS Cloud Development Kit (CDK) and deployed as a AWS CloudFormation stack. Please refer to the /cdk folder for more details.

② Amazon CloudFront

The Amazon CloudFront distribution faces the Internet and serves the REST API (Amazon API Gateway) and media files (Amazon S3). What Mumble API clients recognize as the Mumble API is delivered from this distribution. A custom domain name may be associated with this distribution, and its certificate is managed by AWS Certificate Manager.

③ Amazon API Gateway

The REST API on Amazon API Gateway provides the endpoints of the Mumble API. The endpoints include those required for Activity Pub and WebFinger*. Thanks to Redoc, the OpenAPI documentation is available at https://redocly.github.io/redoc/?url=https://raw.githubusercontent.com/codemonger-io/mumble/main/cdk/openapi/api-production.json.

Most of the endpoints are implemented with API integration functions (AWS Lambda).

Some endpoints need user authentication, and a client has to provide an ID token issued by the user pool (Amazon Cognito) to access them.

* WebFinger is required by Mastodon to locate accounts on distributed networks.

④ Amazon S3

The Amazon S3 bucket stores Activity Pub objects and media files.

Changes in the bucket trigger workflows (AWS Step Functions) via Amazon EventBridge.

⑤ Amazon EventBridge

Amazon EventBridge rules fire events when objects are created, updated, or deleted in the Amazon S3 bucket.

⑥ AWS Lambda (API integration)

This group of AWS Lambda functions implements the API integrations of the REST API on Amazon API Gateway.

The Lambda function that receives an Activity Pub object posted to the "inbox" endpoint of the Mumble API is in this group. The function validates the object and saves it in the Amazon S3 bucket.

⑦ AWS Step Functions

State machines on AWS Step Functions implement the workflows to handle inbound and outbound Activity Pub objects.

States of the state machines are implemented with state functions (AWS Lambda).

⑧ AWS Lambda (state)

This group of AWS Lambda functions implements states of the state machines on AWS Step Functions.

⑨ Amazon DynamoDB

There are two Amazon DynamoDB tables.

  1. "user table" manages user information
  2. "object table" manages metadata of Activity Pub activities and objects

DynamoDB Streams of the tables trigger statistics functions (AWS Lambda) when items are created, update, or deleted in the tables.

⑩ AWS Lambda (statistics)

This group of AWS Lambda functions updates statistics, like the number of followers, the number of replies, etc., when items are created, updated, or deleted in the Amazon DynamoDB tables.

⑪ Amazon Cognito

The Amazon Cognito user pool manages authentication and identities of users.

The Amazon Cognito identity pool provides the Amazon IAM role for authenticated users.

⑫ Amazon IAM role

A Mumble API client can exchange an ID token issued by the user pool (Amazon Cognito) for an Amazon IAM role that allows the client to directly upload objects to the Amazon S3 bucket.

⑬ AWS Certificate Manager

AWS Certificate Manager manages the certificate associated with the distribution of the Mumble API (Amazon CloudFront).

⑭ Mumble API client

A Mumble API client provides a user interface to interact with the Mumble API.

⑮ Mumble user

A Mumble user interacts with the Mumble API via a Mumble API client.

⑯ Mastodon (Activity Pub server)

The Mumble API is specifically designed to talk to Mastodon servers. Mastodon adopts HTTP Signature to validate any incoming activities, and the Mumble API supports it.