Promoted Network Diagrams: SOC2 - AWS-AWS

Suggest Edits

  • Promoted engineers operate and maintain all systems via VPN to access any other VPC.
  • A transit gateway manages connections between client-specific deployments and limited shared resource access.
  • Some services in the Regional Shared VPC are publicly available for calling by Clients. For example, Manager is accessed via HTTPS over the Internet.
  • Each Client has a separate deployment in its own VPC for core services (Delivery, Metrics).
  • Each Client VPC contains these customer-specific elements for isolating customer data and customer-end-user-facing-critical systems.
  • In an alternative configuration, Customer VPCs may connect via an optional VPC endpoint rather than the Internet.

All APIs are available to the internet or via a VPC endpoint via HTTPS only. Public internet and VPC endpoints are set up similarly.

  • Customer Servers connect with Promoted Servers. Promoted does not directly interact with Customer end-user-clients in our standard configurations for Delivery API, Metrics API, and Content Management System (CMS).
    • Delivery API: the Customer end-user may instigate an API by first making a request to Customer’s web or app controller services for listings to show. Customer’s controller server calls Promoted’s API.
    • Metrics API: user engagement events are sent from the Customer end user client device (web or mobile) to Customer’s event routing servers. Then, Customer servers route the engagement signals via Promoted’s
    • Metrics API. Depending on the event, these signals may be mini-batched for efficiency or sent via a daily pipeline reading from a data warehouse in a regular batch.
    • CMS API: Customer servers initiate calls by combinations of entity update hooks or regular batching systems.
  • All network calls from Customer servers to Promoted are by HTTPS through AWS PrivateLink as routed through an AWS ARN. Promoted also supports gRPC.
  • Promoted servers receive and process the HTTPS API request from Customer’s servers and may send back a response by the same connection. Promoted’s servers do not send API requests to Customer’s servers.

Updated about 2 months ago