While we manage your AWS infrastructure, your teams benefit from the self-managed services and enabling solutions
Stance Platform gives you centralized control over your applications and their resources. Seamlessly integrated with AWS, Stance Platform makes deploying and hosting your applications in the cloud significantly easier. Platform provides a fully managed account architecture, including runtime, network, and permission management. This enables you to leverage the cloud without the need to build and maintain custom tools, standards, procedures, and DevSecOps expertise. Stance Platform helps developers use AWS services more efficiently by centrally managing standards and security configurations, either removing complexity completely or simplifying it with an easy-to-use interface.
We offer a Developer Portal that centralizes the governance of your applications and their resources. Use it to store vital information about your software entities, including ownership details. Built-in mechanisms ensure data accuracy, which is invaluable during audits or certifications. The Developer Portal allows you to navigate your infrastructure, analyze costs, and provision temporary elevated access to your production environment.
Interact with Stance Platform through the Developer Portal, REST API, or infrastructure-as-code frameworks for a seamless experience.
DEVELOPER PORTAL
The Developer Portal is the central hub of information about your applications and their resources. At the core of the Stance Platform is the Catalog, where you can register your applications, their details, and ownership information. This ownership data is integrated throughout the platform, ensuring that only authorized application owners can manage their respective applications. Regular prompts to review and confirm data accuracy further enhance governance. These mechanisms are invaluable during audits, significantly simplifying the audit process and ensuring strong governance over your software landscape.
You can also leverage the Developer Portal to analyse your applications, including:
browse all resources owned by a given application
review the costs generated by the application and its resources
generate temporary elevated access to your application resources
review the audit log of all changes done in the Developer Portal
The Developer Portal is provided to you and only to you on an isolated instance, ensuring your data stays safe. The Developer Portal is integrated with your company SSO.
FULLY MANAGED ACCOUNT ARCHITECTURE
Stance Platform creates and manages infrastructure on your AWS accounts for you. The comprehensive account architecture includes:
Network Management: Provides dedicated access channels for developers and clients through separated network ingress and egress, ensuring secure and efficient connectivity.
Managed Services: Ensures dedicated and secure connectivity with on-premises infrastructure, seamlessly integrating your existing systems.
Fully Managed Clusters: Hosts your applications with features like automatic rebalancing, autoscaling, cost-efficiency, and transparent security updates.
Isolated Permission Scopes: Establishes isolated permission scopes and security groups for each application, ensuring resource isolation and enhanced security.
To utilise the managed network and runtime, your application must meet a minimal set of requirements:
Be provided as a Docker image or package of one of the supported runtimes (docker, java, node.js, python)
Listen on the 8080 port and respond to /health-check with 200 code
Be stateless, capable of running multiple concurrent instances behind a load-balancer
Start up within timeout configured during deployment
MANAGED PERMISSIONS AND CREDENTIALS
To utilize AWS, your application needs properly configured permissions. With Stance Platform, you can provision an application role without needing to become an IAM expert. Choose from predefined permission scopes or create a custom one tailored to your needs. By default, applications running on Stance-managed infrastructure have isolated access to:
Fully-Managed Services: Access to DynamoDB, SQS, SNS, and S3.
Database Services: Integration with RDS and/or ElastiCache.
Data Encryption: Use AWS KMS for encryption of data at rest.
Stance Platform can also create IAM credentials for accessing AWS resources from outside the cloud. Additionally, it can generate temporary IAM credentials for your application in a dedicated development environment, simplifying the process of building and testing your application from CI servers or local machines.
Stance Platform makes managing AWS permissions straightforward, ensuring secure and efficient access to the resources your applications need.
DEPLOYMENT SERVICE
With Stance Platform, you can deploy your code to the cloud without needing to master AWS complexities. Stance Platform provides a simple deployment interface that can be used via REST API or through IaC tools, allowing you to easily configure:
Runtime Environment: Choose from Docker, Java, Node.js, or Python.
Deployment Strategy: Select from options like in-place, highlander, or rolling deployments.
Resource Allocation: Specify the CPU and memory your application requires.
Auto-Scaling: Define how and when to automatically provision or remove instances based on demand.
The Deployment Service also lets you provision RDS databases or ElastiCache instances, with Stance Platform ensuring these resources are securely configured and accessible only to the relevant applications.
Integrated with platform's Account Architecture and AWS, the Deployment Service works seamlessly with managed accounts, handling runtime, network, and permissions out of the box. Stance Platform makes cloud deployment straightforward, enabling you to focus on developing your applications while we manage the infrastructure.
TEMPORARY EVELATED PERMISSIONS
With Stance Platform, you can request temporarily elevated permissions, simplifying maintenance and troubleshooting tasks. Supported resources include:
AWS Resources: Temporarily log in as the application to use and inspect resources like DynamoDB, SQS, SNS, and more.
RDS: Browse and edit data inside your database.
ElastiCache (Redis): Inspect the state of your cache.
Stance Platform provides temporary access only after approval from the appropriate individual. This access is fully auditable, making it easier to meet audit and certification requirements. Moreover, platform ensures that elevated permissions are managed securely and transparently, enabling efficient and compliant troubleshooting.
IMMUTABLE BACKUPS
When using DynamoDB or RDS to store data on accounts managed by Stance Platform, backups are enabled out of the box. Stance Platform provides two types of backups:
Point-in-Time Recovery: Roll back the state of the database to a specific moment in time.
Snapshots: Capture and store the entire state of the database for safekeeping.
Stance Platform stores snapshot backups in secured vaults, ensuring they cannot be modified or removed, even if malicious actors gain administrative access to your infrastructure. This effectively protects you from ransomware attacks. Using the Developer Portal or API, you can restore backups anytime.
EXTERNALISATION
By default, Stance Platform only exposes hosted apps to developers. When your app is ready for client use, it needs to be made externally available. With Stance Platform, you can externalise your application using two methods:
Friendly URL: Externalise your entire app under your chosen DNS records. Use the Developer Portal, REST API, or your IaC tool of choice to set this up.
API Gateway: If you prefer to expose only the API, leverage AWS API Gateway through Stance Platform to externalise selected API endpoints.
Both methods are integrated with our Account Architecture and AWS, ensuring a secure and straightforward process to make your applications available to clients.
