@startuml get.gov registrar deployment
!include https://raw.githubusercontent.com/plantuml-stdlib/C4-PlantUML/master/C4_Deployment.puml

LAYOUT_WITH_LEGEND()
title get.gov registrar deployment
skinparam linetype polyline

Person(team, "get.gov developer", "Code Writer")

Deployment_Node(aws, "AWS GovCloud", "Amazon Web Services Region") {
    Deployment_Node(cloudgov, "cloud.gov", "Cloud Foundry PaaS") {
        System_Ext(cloudgov_router, "cloud.gov router", "Cloud Foundry service")
        System_Ext(cloudgov_uaa, "cloud.gov authentication", "Cloud Foundry service")
        System_Ext(cloudgov_controller, "cloud.gov controller", "Cloud Foundry orchestration")
        System_Ext(cloudgov_dashboard, "cloud.gov dashboard", "Cloud Foundry web UI")
        System_Ext(cloudgov_logdrain, "logs.fr.cloud.gov", "ELK")
        Boundary(atob, "ATO boundary") {
            Deployment_Node(organization, "get.gov organization") {
                Deployment_Node(sandbox, "sandbox space") {
                    System_Boundary(dashboard_sandbox, "get.gov registrar") {
                        Container(getgov_app_sandbox, "Registrar Application", "Python, Django", "Delivers static HTML/CSS and forms")
                        ContainerDb(dashboard_db_sandbox, "sandbox PostgreSQL Database", "AWS RDS", "Stores agency information and reports")
                    }
                }
                Deployment_Node(stable, "stable space") {
                    System_Boundary(dashboard_stable, "get.gov registrar") {
                        Container(getgov_app_stable, "Registrar Application", "Python, Django", "Delivers static HTML/CSS and forms")
                        ContainerDb(dashboard_db_stable, "stable PostgreSQL Database", "AWS RDS", "Stores agency information and reports")
                    }
                }
            }
        }
    }
}

' Logs flow
Rel(stable, cloudgov_logdrain, "logs to", "stdout/stderr")
Rel(team, cloudgov_logdrain, "reviews logs", "https (443)")

Rel(team, cloudgov_uaa, "authenticates with", "https (443)")
Rel(team, cloudgov_dashboard, "inspects", "https (443)")
Rel(cloudgov_dashboard, cloudgov_controller, "inspects and manipulates state", "https (443)")

' Deployment
Boundary(deploymentservices, "Deployment services") {
    Deployment_Node(github, "CI/CD Pipeline", "open source"){
        System(github_repo, "cisagov/getgov", "Code repository")
        System_Ext(github_actions_deploy, "github actions", "deploy")
        System_Ext(github_actions_test, "github actions", "test, security check")
    }
}
Rel(github_repo, github_actions_test, "pushes to all branches trigger test suite")
Rel(github_repo, github_actions_deploy, "pushes to main trigger deployment")
Rel(team, github_repo, "commits code, makes pull-request, approves PRs", "https (443)")
Rel(github_actions_deploy, cloudgov_controller, "pushes code, invokes tasks", "https (443)")
Rel(github_actions_deploy, cloudgov_router, "runs smoke tests on URLs", "https (443)")
Rel(cloudgov_controller, stable, "provisions/operates apps and services", "admin access limited")
Rel(cloudgov_controller, sandbox, "provisions/operates apps and services")

Rel(getgov_app_stable, dashboard_db_stable, "reads agency info, reads/writes reports, ", "postgres (5432)")
Rel(getgov_app_sandbox, dashboard_db_sandbox, "reads agency info, reads/writes reports, ", "postgres (5432)")

Rel(cloudgov_router, getgov_app_stable, "proxies to", "https GET/POST (443)")

@enduml