Data Storage
Last updated
Last updated
This document describes how data is stored and managed in our solution, including the flow of information from the web and Unity (client) to the server, and how various technologies and services are used to ensure efficient and secure storage.
Our data is stored in a relational database on Amazon Relational Database Service (RDS). RDS is a cloud service that simplifies the management of relational databases, offering scalability, security, and ease of use.
Data flows from the web and Unity (client) to the server, passing through an API that acts as a bridge between them. The API is responsible for handling data requests, processing them, and communicating with the RDS database to perform queries and updates. TAll APIs are protected by JWT Token identification.. This token is necessary for the API to respond to calls, it will be unique for each user and session. So each user can only access data they have permissions for. These permissions are determined by the roles each user has on the space.
We use AWS QuickSight to create charts and visualizations of the data stored in RDS. These representations are displayed on the web according to the logged-in user, allowing each user to consume the data from their virtual space. QuickSight consumes data through datasets created within the AWS architecture, ensuring the secure transmission of data by not leaving the platform, except for the final visualization by the client. This section of the website is also protected by a JWT token.
Data is queried through the API using specific endpoints. The API, in turn, performs SQL queries on the RDS database to retrieve and process the requested information. The APIs are on an EC2 server and contain the credentials to communicate with the database. The servers are password protected and have private key .ppk files, as a requirement to access them. Access to the APIs on this server is only possible by providing a JWT token.
Images and videos are encrypted and stored in Amazon Simple Storage Service (S3). S3 is a cloud object storage service that offers durability, availability, and scalability for storing and managing files of various types, including images and videos.
All files sent to the server are encrypted, following the protocol:SSEC-S3(Server-Side Encryption with Customer Provided Keys for Amazon S3)
This means that when an object is stored in Amazon S3 object storage service, the object is encrypted on the server-side using an encryption key provided by the customer. The encryption key is generated and managed outside of AWS, and provided through an API request or an AWS Key Management service.