Data being handled/stored

1. Customer data that is potentially sensitive (contents of the uploaded files). This is stored in the private s3 bucket.
2. Customer PII such as emails are used for sharing/unsharing. This is stored in the DB.
3. Other metadata such as the s3 location of an uploaded file. This is stored in the DB.

Credentials used/introduced

1. The session tokens used for authentication. → Browser, EC2 instance, ALB
2. The pre-signed URLs used to download/upload files to s3 should be treated as credentials as they allow access to customer data. → Browser, EC2 instance, ALB, DB
3. The AWS credentials used by EC2 instances to call the s3 service to create the pre-signed URLs. Let’s assume we are using an instance profile role. → EC2
4. The DB credentials used by the EC2 instances to call the RDS MySQL database. → EC2

Other Assets

• N/A

New libraries/frameworks/dependencies introduced

• Django Framework used for the backend.
• React used for the UI.

Data sources accessed (read/write)

• RDS Database.
• S3 bucket used for public assets.
• S3 bucket used for customer files.

Cloud services used/introduced

• ALB