MOW Delivery Platform - Master Technology Inventory¶
Scope: Backend platform technologies, hosting, developer tooling, CI/CD, observability, and security. Other components coming soon.
Master Table¶
| Category | Sub-Category | Technology / Value | Notes |
|---|---|---|---|
| Hosting / Infra | Code Hosting | GitHub | Repo + GitHub Projects |
| Cloud Provider | AWS | Primary hosting | |
| Instance | AWS EC2 t4g.medium (ARM64) | Low/steady load | |
| AMI | ubuntu 24.04 arm64 (noble) ami-01b9f1e7dc427266e |
Canonical | |
| Storage | EBS gp3: root=12GB, postgres-data=8GB | ||
| Scaling | None | Not required | |
| Container Registry | AWS ECR | Multi-arch | |
| Deployment Transport | AWS SSM Run Command | Executes deploy scripts | |
| Human Access | AWS IAM Identity Center (SSO) | ||
| CI/CD Access | AWS OIDC | No long-lived keys | |
| Tagging | Prefix-based mow: |
Automated JSON | |
| Cost | 25/mo EC2 + 15/yr domain | AWS Budgets alerts | |
| Staging Domains | admin.stage.mow.codejim.com / portal.admin.stage.mow.codejim.com | ||
| Production Domains | admin.mow.codejim.com / portal.mow.codejim.com | ||
| Compute Runtime | Containerization | Docker + Docker Compose | Base, dev, prod, deploy |
| Images | Multi-stage | base, dev, prod | |
| Arch Support | Multi-platform buildx | amd64 + arm64 | |
| Entrypoint | entrypoint.sh | One-shot migration/static | |
| Reboot Policy | Systemd + Docker restart | ||
| Networking | Multi-network compose | frontend/backend/monitoring | |
| Security | Non-root containers | appuser, cronuser | |
| Django Stack | Language | Python 3.13 | Slim Bookworm |
| Backend | Django 5.2.6 (LTS) | Core | |
| REST | Django REST Framework | Also versioning | |
| Auth | Session + JWT | simplejwt | |
| API Docs | OpenAPI (Swagger) | Generated JSON files | |
| WSGI Server | Gunicorn 23.0 | 3 workers | |
| ASGI | None | Not required | |
| Frontend | Django Templates | ||
| Recurrence | django-recurrence | ||
| Rate Limiting | DRF | ||
| PDF Generation | WeasyPrint | via OS libs | |
| File Storage | None | Not required | |
| Static Files | Caddy + ManifestStaticFilesStorage | ||
| Startup tasks | One-shot containers | migrate + collectstatic + bootstrap admin | |
| Database & Caching | Database | PostgreSQL 17.6 | |
| Metrics Exporter | postgres-exporter | Prom scrape | |
| Backups | pg_dump β S3 nightly (30d) | AWS backup weekly snapshot (8w) | |
| PITR | None | ||
| Local DB GUI | pgAdmin | Dev only | |
| Cache / Broker | Redis 8.2 | ||
| Metrics Exporter | redis-exporter | ||
| Reverse Proxy / TLS | Web Server | Caddy 2.10.2 | TLS, routing, web, static |
| TLS | Letβs Encrypt (prod), internal CA (local) | via Caddy | |
| TLS Email | REDACTED | ||
| Security Headers | CSP + HSTS + others | Caddy snippet | |
| Secrets / Config | Secrets | SSM Parameter Store | hierarchical |
| Local Env | .env + django-environ | Never committed | |
| Config Pattern | docker-compose overlays | base + dev + prod + deploy | |
| Environment Mgmt | Tooling | makefile, .env, django-environ, config.py, overlays | prod uses SSM |
| Scheduling & Workers | Scheduled Jobs | Supercronic | container-based |
| Background Jobs | None | ||
| Async | None | ||
| Observability | Collector | OpenTelemetry Collector | Central |
| Metrics | Prometheus | ||
| Logs | Loki | ||
| Traces | Tempo | ||
| Visualization | Grafana | dashboards/alerts | |
| Dashboards | Grafana | ||
| Health Checks | Docker + endpoints | ||
| Uptime Monitoring | CloudWatch | ||
| Infra Monitoring | CloudWatch + OTel + Prom + Tempo + Loki + Grafana | ||
| Biz Metrics | OTel + Prom + Grafana | ||
| Correlation | LogsβTraces linked in Grafana | ||
| Provisioning | Code-provisioned dashboards + datasources | ||
| CI/CD | PR Quality | pr-quality-gate.yml | tests + ruff + commits |
| Build | build-images.yml | multi-arch β ECR | |
| Versioning | Conventional Commits | ||
| Release Automation | release-please | makes GH releases + changelog | |
| Deploy (Stage) | deploy-stage.yml | Pre-release triggers | |
| Deploy (Prod) | deploy-prod.yml | Full release triggers | |
| Testing | Unit | Django TestCase | |
| Integration | Django TestCase | ||
| E2E | Artillery | ||
| Load | Artillery | ||
| Coverage | coverage.py 7.10.6 | ||
| Restore Testing | Manual | ||
| Emails | Sender | Gmail | |
| Local Dev Email | Mailpit | Dev only | |
| Bounces | TBD | ||
| Third-Party Services | Address Lookup | Google Maps | |
| Routing | Google Maps | ||
| Maps Provider | Google Maps | ||
| Documentation | Docs | GitHub READMEs + MkDocs | Static site |
| Webhook Rebuild | FastAPI | auto rebuild | |
| API Docs | OpenAPI | ||
| Changelog | release-please | ||
| Dev Tooling | Linter/Formatter | Ruff | enforced in CI |
| Extras | django-extensions, graphviz | ||
| Dep Management | pip-tools | requirements pinning | |
| Security | Container User | Non-root | |
| Security Headers | Caddy | CSP + HSTS | |
| Secrets | SSM Parameter Store | ||
| Project Mgmt | PM | GitHub Issues + Projects | |
| Bug Tracking | GitHub Issues + Projects |
β Backend Summary¶
π Platform¶
AWS EC2 (ARM64) + Docker Compose + Caddy + PostgreSQL + Redis
𧩠Application¶
Python 3.13 / Django 5.2.6 LTS / DRF + JWT + Multifile OpenAPI
π Security¶
Non-root containers, SSM Parameter Store, CSP/HSTS, no long-lived CI keys
π CI/CD¶
GitHub Actions β Build (ECR) β Release-Please β SSM Deploy
π Observability¶
OTel Collector β Prometheus + Loki + Tempo + Grafana Full traceβlog correlation + code-provision dashboards
πΎ Data & Backup¶
PostgreSQL 17.6 / Redis 8.2 Nightly pg_dump + weekly EBS snapshot
π§ͺ Testing¶
Unit/integration via Django E2E + Load via Artillery coverage.py
Next: Architecture >