Ingress Path
CloudFront
CDN + WAF
TLS 1.3 termination
DDoS protection
TLS 1.3 termination
DDoS protection
ALB
Application LB
SSL offload
Health checks
SSL offload
Health checks
Istio Gateway
mTLS mesh
Traffic routing
Rate limiting
Traffic routing
Rate limiting
Istio VirtualSvc
Path routing
Canary splits
Fault injection
Canary splits
Fault injection
→ Service Pods
HTTPS/443
gRPC + REST
WebSocket
mTLS internal
gRPC + REST
WebSocket
mTLS internal
Amazon EKS Cluster — byld-prod
Kubernetes 1.29 | Istio 1.21 | ap-south-1a/b/c
namespace: byld-core — Critical Business Services
🛡
byld-identity
3 replicas
CPU 500m
MEM 512Mi
HPA min:3 max:8
🛡
byld-advisory
2 replicas
CPU 500m
MEM 512Mi
HPA min:2 max:6
🛡
byld-portfolio
3 replicas
CPU 750m
MEM 768Mi
HPA min:3 max:10
🛡
byld-mia
4 replicas
CPU 1000m
MEM 1Gi
HPA min:4 max:16
🛡
byld-payments
2 replicas
CPU 500m
MEM 512Mi
HPA min:2 max:6
namespace: byld-supporting — Supporting Services
🛡
byld-distribution
2 replicas
CPU 500m
MEM 512Mi
HPA min:2 max:6
🛡
byld-markets
3 replicas
CPU 750m
MEM 768Mi
HPA min:3 max:12
🛡
byld-estate
1 replica
CPU 250m
MEM 256Mi
HPA min:1 max:3
🛡
byld-notification
2 replicas
CPU 250m
MEM 256Mi
HPA min:2 max:8
namespace: byld-infra — Infrastructure & Mesh Control Plane
🛡
api-gateway
3 replicas
CPU 500m
MEM 512Mi
HPA min:3 max:12
istiod
2 replicas
CPU 500m
MEM 2Gi
HPA min:2 max:4
prometheus
2 replicas (HA)
CPU 500m
MEM 4Gi
grafana
1 replica
CPU 250m
MEM 512Mi
jaeger
1 replica
CPU 250m
MEM 1Gi
~$3,328/month at 10K users
EKS cluster + managed nodes + AWS services | ap-south-1 pricing
$892
EKS + EC2
$1,140
Aurora + Redis
$580
MSK Kafka
$716
Other AWS
$0.33/user/month
Scales to 100K users at ~$0.12/user
AWS Managed Services
Amazon MSK
Apache Kafka 3.7
3 brokers | m5.large | 1TB EBS
38 topics | CloudEvents + Avro
38 topics | CloudEvents + Avro
Aurora PostgreSQL
Per-service databases
db.r6g.large | Multi-AZ
10 databases | Automated backups
IAM auth | Encryption at rest
10 databases | Automated backups
IAM auth | Encryption at rest
ElastiCache Redis
Session + CQRS read models
cache.r6g.large | Cluster mode
3 shards | 1 replica each
3 shards | 1 replica each
Amazon S3
Documents, reports, KYC docs
AES-256 encryption | Versioned
Lifecycle: IA after 90d, Glacier 1y
Lifecycle: IA after 90d, Glacier 1y
Cognito + KMS
Auth + Encryption keys
JWT tokens | MFA enforced
Customer-managed CMKs
Customer-managed CMKs
SES + SNS
Email + SMS / Push
Transactional emails via SES
Push via SNS + FCM/APNs
Push via SNS + FCM/APNs
ArgoCD GitOps Pipeline
Developer pushes to main
↓
GitHub Actions CI: test + build
↓
Push image to ECR
↓
Update k8s manifests in gitops repo
↓
ArgoCD detects drift, syncs cluster
↓
Canary rollout via Istio (10% → 100%)