Lexio runs in the us-east-1 region
Subnets:
- All parts of the application run in a VPC subnet if possible
- For each group, we provision 4 subnets to cover 4 availability zones in the region. Services run in all available zones for high-availability.
- The application load balancer (Layer 7) is deployed in the public subnet group and accepts traffic from the internet
- Application services run in the private subnet group and only accept traffic from the public load balancer or each other
- Databases and caches run in the secure subnet group
Application services assume IAM roles with the minimum required permissions to access customer data
