Infrastructure Overview
MenoTime is a HIPAA-compliant health technology platform built on AWS, designed to deliver secure, scalable, and compliant menopause care solutions. This document provides a high-level overview of the infrastructure architecture that powers the platform.
Architecture Diagram
┌─────────────────────────────────────────────────────────────────┐
│ MENOTIME ARCHITECTURE │
└─────────────────────────────────────────────────────────────────┘
┌──────────────┐
│ CloudFront │
│ (CDN/Cache) │
└──────┬───────┘
│
┌────────────┴────────────┐
│ │
┌─────▼────┐ ┌────────▼──────┐
│ Route 53 │ │ Static Assets │
│ (DNS) │ │ (S3) │
└─────┬────┘ └───────────────┘
│
│ menotime.ai
│
┌───────▼─────────┐
│ ALB (Layer 7) │
│ Load Balancer │
└───────┬─────────┘
│
┌───────────┼───────────┐
│ │ │
┌───▼──┐ ┌───▼──┐ ┌───▼──┐
│ ECS │ │ ECS │ │ ECS │
│Dev │ │Staging│ │ Prod │
└───┬──┘ └───┬──┘ └───┬──┘
│ │ │
└──────────┼──────────┘
│
┌──────────▼──────────┐
│ RDS PostgreSQL │
│ (db.m7g.large) │
│ 3 instances │
│ Dev/Staging/Prod │
└─────────────────────┘
┌─────────────────────────────────────┐
│ SUPPORTING SERVICES │
├─────────────────────────────────────┤
│ • Secrets Manager (Credentials) │
│ • KMS (Encryption) │
│ • S3 (Logs & File Storage) │
│ • ECR (Container Registry) │
│ • CloudWatch (Monitoring) │
│ • GuardDuty (Threat Detection) │
│ • SES (Transactional Email) │
│ • WAF (Web Application Firewall) │
└─────────────────────────────────────┘
Quick Facts
| Aspect | Details |
|---|---|
| Cloud Provider | Amazon Web Services (AWS) |
| Primary Region | us-west-1 (N. California) |
| Compliance | HIPAA-compliant architecture |
| Environments | 3 (Development, Staging, Production) |
| Domain | menotime.ai |
| Backend Framework | Python FastAPI |
| Container Orchestration | ECS Fargate |
| Primary Database | RDS PostgreSQL |
| DNS Provider | Route 53 |
Environment Summary
Development Environment
- Purpose: Rapid iteration, feature development, testing
- Compute: ECS Fargate with 0.5 vCPU, 1GB RAM
- Database: RDS PostgreSQL (db.m7g.large, Single-AZ)
- Scale: Single container task per service
- Cost Optimization: Lower instance sizes, manual scaling
Staging Environment
- Purpose: Pre-production validation, performance testing, client demos
- Compute: ECS Fargate with 0.5 vCPU, 1GB RAM
- Database: RDS PostgreSQL (db.m7g.large, Single-AZ)
- Scale: Mirrors production configuration
- Testing: Load testing, security validation
Production Environment
- Purpose: Live patient data, real-world traffic
- Compute: ECS Fargate with 1 vCPU, 2GB RAM
- Database: RDS PostgreSQL (db.m7g.large, Single-AZ)
- Scale: Auto-scaling enabled (2-4 tasks depending on load)
- Monitoring: Enhanced monitoring, alerting, GuardDuty
- Backup: Automated 7-day retention with point-in-time recovery
Key Services
Compute
- ECS Fargate: Serverless container compute, eliminating the need to manage underlying EC2 instances
- Container images stored in ECR (Elastic Container Registry)
- Auto-scaling policies respond to CPU and memory metrics
Networking
- Application Load Balancer (ALB) routes traffic across container tasks
- Route 53 manages DNS records for menotime.ai
- VPC with public and private subnets
- NAT Gateway enables private subnet egress to the internet
- Security Groups enforce network isolation and access control
Data
- RDS PostgreSQL for relational data (patient records, appointments, clinical data)
- S3 for audit logs, backups, and static content
- Secrets Manager for database credentials and API keys
- KMS for encryption at rest and in transit
Security & Compliance
- GuardDuty for threat detection and monitoring
- WAF (recommended) for web application protection
- CloudWatch Logs with encryption for audit trails
- IAM Roles & Policies following least-privilege principle
Monitoring & Observability
- CloudWatch dashboards for real-time metrics
- CloudWatch Alarms for anomaly detection
- Performance Insights for database performance analysis
- SNS for alerting (Slack, email)
Email & Communication
- SES for transactional emails via timelessbiotech.com
- Used for notifications, password resets, clinic communication
Cost Profile
The platform scales cost with patient volume:
| Metric | Cost | Primary Drivers |
|---|---|---|
| 250 Patients | ~$616/month | Fixed infrastructure |
| 1,000 Patients | ~$896/month | RDS still ~70% of spend |
Cost Optimization Focus: RDS represents the largest operational expense. Opportunities exist for Reserved Instances, downscaling non-production environments, and right-sizing instance types.
Compliance & Security Posture
- HIPAA Compliance: All services configured with BAAs; encryption at rest and in transit
- Data Encryption: KMS-managed keys for sensitive data
- Access Control: IAM roles enforce least-privilege access
- Audit Logging: CloudWatch Logs with CloudTrail for API calls
- Threat Detection: GuardDuty actively monitoring for anomalies
- Network Isolation: Private subnets for sensitive resources
Scalability & Performance
The architecture supports the MenoTime growth roadmap:
- Horizontal Scaling: ECS auto-scaling adds/removes tasks based on demand
- Database Optimization: Performance Insights identifies bottlenecks; migration path to db.m7g.xlarge available
- Content Delivery: CloudFront caches static assets, reducing latency globally
- Load Balancing: ALB intelligently distributes traffic across healthy tasks
Next Steps
For detailed configuration and management guidance, see: - AWS Architecture — Service integrations and IAM policies - Environments — Environment-specific configurations - Database — RDS setup, backups, and migrations - ECS Fargate — Container management and deployments - Networking — VPC, subnets, and security groups - Monitoring — CloudWatch, alarms, and alerting - Cost Management — Budgets and optimization strategies