Architecture Overview

Nitric allows your team to work together to build an application:

  • Developer: Writes application code with built-in support for APIs, file storage (bucket), secrets, key/value store, and RDS, leveraging the Nitric SDK.
  • Operations: Customize, extend or use Nitric's generated IaC (Terraform or Pulumi) to provision and manage the resources that the developer needs for their application.
  • SRE: Configure environment/region/policy specific details, they also are heavily involved in overseeing that the Terraform modules themselves adhere to governance standards.
  • Nitric: Automatically generates a specification for resource declarations and fulfills them by orchestrating a cloud deployment using IaC modules and container images tailored to the runtime requirements of the application code. While many of examples focus on AWS as the target cloud, Nitric's flexibility allows providers to support any cloud environment or even multiple clouds simultaneously.

The roles above may overlap depending on your organization structure, for example, it is not abnormal Developers to assume all roles, or for Operations and SRE responsibilities to be handled by the same team.

Deployment Config
Code
Extend/Customize IaC Modules
Resource Specification
Build
Exposes REST/HTTP Routes
Stores/Retrieves Files
Manages Sensitive Data
Reads/Writes Data
Executes SQL Queries
1..n
Developer
Operations
Site Reliablility Engineer
Deployed Application
Nitric CLI - 'nitric up'
Nitric Provider
Container Images
API Gateway
Bucket
Secrets
Key/Value Store
Relational Database
Other Resources

Nitric applications can have any number of APIs, Secrets, Buckets etc. Providers can also be extended to further support new resources, many which will work across all cloud providers and some that are cloud specific.

Interact seamlessly with services exposed through HTTP routes in an API gateway, as scheduled tasks, via event subscriptions, through WebSocket handlers, and more.

Example: Handling HTTP requests

Sends HTTP Request
Triggers Service
Triggers Service
Manage/Uploads/Downloads files
Retrieves credentials/config data
Reads/Writes key data
Queries/Updates relational data
Client Browser
HTTP API - API Gateway
GET Route
POST Route
Other Services/APIs
Storage Bucket
Secrets Manager
Key/Value Store
Relational Database Service
  • The Client Browser sends an HTTP request to the API Gateway.
  • The API Gateway acts as a proxy, forwarding the request to the appropriate Services.
  • The Services process the request by coordinating with different resources like buckets, secrets, key/value store etc.

Example: Handling Websockets

Opens/Closes WebSocket Connection
Triggers onConnection event
Sends Message
Triggers onMessage event
Triggers onDisconnect event
Manages/Uploads/Downloads files
Reads/Writes key data
Other services/APIs
Websocket Client
WebSocket API
onConnection Handler
onMessage Handler
onDisconnect Handler
Storage Bucket
Key-Value Store
...
  • The Client Browser opens a WebSocket connection.
  • The WebSocket handles the connection lifecycle:
    • When the connection opens, it triggers the onConnect service.
    • Once the connection is established, messages from the client trigger the onMessage service.
    • When the connection closes, it triggers the onDisconnect service.
  • The onMessage, onConnect and onDisconnect handlers:
    • Interact with other cloud resources e.g. Buckets, KeyValue stores and APIs.

Example: Sharing resources

Deploy multiple APIs and other entrypoints into an application that can access shared resources.

Sends HTTP Request
Sends HTTP Request
Triggers Service
Triggers Service
Retrieves files
Queries data
Uploads files
Updates data
Client Browser
HTTP API - Read API Gateway
HTTP API - Write API Gateway
Other Resources
GET Route
POST Route
AWS S3 Bucket
AWS RDS/Aurora
  • The Client Browser sends HTTP requests to the API Gateways.
  • API Gateways and their respective service handlers are established with least privileges:
    • The Read API Gateway invokes the GET Route Service, which is granted read-only permissions.
    • The Write API Gateway invokes the POST Route Service, which is granted write-only permissions.

Example: Multiple entry points

A Nitric application can have multiple entry points, such as an HTTP API Gateway, a Scheduled Event, and a WebSocket API all sharing the same resources.

HTTP Request
HTTP Request
Bi-directional messages
Triggers
Invokes
Invokes
Invokes
Invokes
Query
Query
Write/Upload
Create/Update
Read
Read/Query
Client Browser
WebSocket Client
Scheduled Event
HTTP API - Read
HTTP API - Write
WebSocket API
GET Route
POST Route
Scheduled Task
AWS S3 Bucket
AWS RDS/Aurora
Other Shared Resources
  • Backend resources (e.g. Key/Value Store, Bucket, RDS) are shared and accessed with least-privilege access from each service.
Edit this page on GitHub
Last updated on Jan 28, 2025