Skip to content
GenMedia Creative Studio

Architecture & Solution Design

Solution Design

Section titled “Solution Design”

There are two way to deploy this solution. One using a custom domain with a load balancer and IAP integration. The other is using Cloud Run’s default URL and integrating IAP with Cloud Run. The below diagrams depict the components used for each option.

Custom Domain Using Identity Aware Proxy w/Load Balancer

Section titled “Custom Domain Using Identity Aware Proxy w/Load Balancer”

Solution Design - LB IAP

Cloud Run Domain Using Identity Aware Proxy w/Cloud Run

Section titled “Cloud Run Domain Using Identity Aware Proxy w/Cloud Run”

Solution Design - Cloud Run IAP

The above diagram depicts the components that make up the Creative Studio solution. Items of note:

  • DNS entry is not deployed as part of the provided Terraform configuration files. You will need to create a DNS A record that resolves to the IP address of the provisioned load balancer so that certificate provisioning succeeds.
  • Users are authenticated with Google Accounts and access is managed through Identity Aware Proxy (IAP). IAP does support external identities and you can learn more here.

Solution Components

Section titled “Solution Components”

Runtime Components

Section titled “Runtime Components”

  • Load Balancer - Provides the HTTPS access to the Cloud Run hosted application, ensuring end-to-end encryption.

  • Identity Aware Proxy - Limits access to web application for only authenticated users or groups

  • Cloud Run - Serverless container runtime used to host Mesop application

  • Cloud Firestore - Data store for the image / video / audio metadata. If you’re new to Firebase, a great starting point is here.

  • Cloud Storage - A bucket is used to store the image / video / audio files

Build time Components

Section titled “Build time Components”

  • Cloud Build - Uses build packs to create the container images, push them to Artifact Registry and update the Cloud Run service to use the latest image version. To simplify deployment, connections to a GitHub project and triggers are not deployed w/Terraform. The source code that was cloned locally is compressed and pushed to Cloud Storage. It is this snapshot of the source that is used to build the container image.

  • Artifact Registry - Used to store the container images for the web aplication

  • Cloud Storage - A bucket is used to store a compressed file of the source used for the build