Documentation
Infrastructure

Infrastructure

Introduction

Airbase helps project teams to deploy web applications quickly by providing secure, scalable, and serverless infrastructure.

Application Hosting Platform

Applications hosted on Airbase are deployed into a GCC AWS account.

There are two hosting models available:

  • Shared Cluster (available by default)
  • Dedicated Cluster (available on request)

Architecture Diagram

💡

This diagram is simplified, because of information sensitivity.

Architecture Diagram for Airbase Infrastructure

Environment Variables

AIRBASE_URL points to the branch URL. It is composed of the project name and branch name.

E.g. If your project name is agency-test and branch name is feat-new-thing, the AIRBASE_URL will be auto-generated as https://agency-test-feat-new-thing.app.airbase.sg

Compute

Airbase applications are deployed into a serverless application runtime based on AWS Lambda.

Since the file-system is read-only and the runtime is ephemeral, applications benefit from a significantly reduced blast radius and an enhanced security posture by default. Applications built in NextJS

In addition, the following Airbase-specific limits apply:

  • CPU cores: ~ 0.5 vCPUs (approximate)
  • Memory: 1024 MB
  • Timeout: 10 seconds
  • File descriptor limit: 1024

More information about the underlying platform can be found (here (opens in a new tab)).

Networking

All network resources on Airbase are segregated by Security Groups (SGs) and Network Access Control Lists (NACLs).

Ingress

Inbound connections can only be made through the specified URL endpoint.

For example, if your application name is my-app and the environment name is default, and it is hosted on cluster .app.airbase.sg, its URL will be https://my-app.app.airbase.sg.

Restrictions

The standard limits apply on requests submitted through API Gateway:

Egress

Egress connections are established through a Network Address Translation (NAT) Gateway.

These forms of outbound traffic are allowed:

  • HTTPS API requests are allowed using port 443 (HTTPS) only.
  • Outbound TCP connections to PostgreSQL services on port 5432 (PostgreSQL) and 26257 (CockroachDB).
  • Have a request? Let us know (here (opens in a new tab))

Restrictions

In addition, these forms of traffic are not allowed:

  • any other traffic not listed above
  • HTTP (insecure) API requests
  • outbound traffic on port 80 (HTTP)

More information

If there's something you need to know, let us know and we'll be in touch!

LoginMigrating To...