Infrastructure provisioning

How Encore provisions infrastructure for you

Encore automatically provisions all necessary infrastructure, in all environments and across all major cloud providers. All you need to do is connect your cloud account and create an environment.

This is powered by the Encore Application Model. It provides a precise definition of the infrastructure primitives each service requires. Encore uses this knowledge, combined with context about the environment type (production/development/preview) and the target cloud provider (GCP/AWS/Azure), to make informed decisions about how to provision the necessary infrastructure. Encore keeps all environments in sync, so you can be confident your changes will work when deployed to production.

Encore CloudGCP / AWS / Azure
Environment types:Preview, DevelopmentDevelopment, Production
Objectives:Provisioning speed, Cost*Reliability, Security, Scalability

*Encore Cloud is free to use, subject to Fair Use guidelines and usage limits. Learn more

Configuration

With Encore you express cloud infrastructure as logical statements directly in your application code. After deploying to your own cloud account, you can safely use your cloud provider's console to modify the provisioned resources according to your application's scaling requirements. See more details below for each cloud provider and infrastructure resource.

Development Infrastructure

Encore provisions infrastructure resources differently for each type of development environment.

LocalPreview / Development (Encore Cloud)GCP / AWS / Azure
SQL Databases:DockerEncore Managed (Kubernetes)See production
Pub/Sub:In-memory (NSQ)GCP Pub/SubSee production
Caches:In-memory (Redis)In-memory (Redis)See production
Cron Jobs:DisabledEncore ManagedSee production

Local Development

For local development Encore provisions a combination of Docker and in-memory infrastructure components. SQL Databases are provisioned using Docker. For Pub/Sub and Caching the infrastructure is run in-memory.

When running tests, a separate SQL Database cluster is provisioned that is optimized for high performance (using an in-memory filesystem and fsync disabled) at the expense of reduced reliability.

To avoid surprises during development, Cron Jobs are not triggered in local environments. They can always be triggered manually by calling the API directly from the development dashboard.

The application code itself is compiled and run natively on your machine (without Docker).

Preview Environments

When you've connected your application to GitHub, Encore automatically provisions a temporary Preview Environment for each Pull Request.

Preview Environments are created in Encore Cloud, and are optimized for provisioning speed and cost-effectiveness. The Preview Environment is automatically destroyed when the Pull Request is merged or closed.

Preview Environments are named after the pull request, so PR #72 will create an environment named pr:72.

Encore Cloud

Encore Cloud is a simple, zero-configuration hosting solution provided by Encore. It's perfect for development environments and small-scale hobby use. It's also a great way to evaluate Encore without having to connect your cloud account.

Encore Cloud is not designed for production use and does not offer reliability guarantees for persistent storage like SQL Databases. Other infrastructure primitives like Pub/Sub and Caching are provisioned with small-scale use in mind.

Production Infrastructure

Encore provisions production infrastructure resources using best-practice guidelines and services for each respective cloud provider.

GCPAWSAzure
Networking:VPCVPCVPC
Compute:Cloud RunFargate ECSApp Service & App Service Plan
SQL Databases:GCP Cloud SQLAmazon RDSAzure Database
Pub/Sub:GCP Pub/SubAmazon SQS & Amazon SNSAzure Service Bus
Caches:GCP Memorystore (Redis)Amazon ElastiCache (Redis)Azure Cache (Redis)
Cron Jobs:Encore ManagedEncore ManagedEncore Managed
Secrets:Secret ManagerAWS Secrets ManagerApp Service App

Google Cloud Platform (GCP)

Encore provisions a single GCP Project for each environment, containing a single Virtual Private Cloud (VPC). Within the VPC Encore provisions a Cloud Run service to run the application, storing secret values using Secret Manager.

SQL Databases

When using SQL Databases, Encore provisions a single GCP Cloud SQL cluster, and separate databases within that cluster. The cluster is configured with the latest PostgreSQL version available at the time of provisioning.

The machine type is chosen as the smallest available that supports auto-scaling (1 vCPU / 3.75GiB memory). You can freely increase the machine type yourself to handle larger scales.

Additionally, Encore sets up:

  • Automatic daily backups (retained for 7 days) with point-in-time recovery
  • Private networking, ensuring the database is only accessible from the VPC
  • Mutual TLS encryption for additional security
  • High availability mode with automatic failover (via disk replication to multiple zones)

Pub/Sub

When using Pub/Sub, Encore provisions GCP Pub/Sub topics and subscriptions. Additionally, Encore automatically creates and configures dead-letter topics.

Caching

When using Caching, Encore provisions GCP Memorystore for Redis clusters.

The machine type is chosen as the smallest available that supports auto-scaling (5GiB memory, with one read replica). You can freely change the machine type yourself to handle larger scales.

Additionally, Encore sets up:

  • Redis authentication
  • Transit encryption with TLS for additional security
  • A 10% memory buffer to better memory fragmentation, and active defragmentation

Cron Jobs

When using Cron Jobs, Encore's Cloud Platform triggers the execution of cron jobs by calling the corresponding API using a signed request so the application can verify the source of the request as coming from Encore's cron functionality. No infrastructure is provisioned for this to work.

Amazon Web Services (AWS)

Encore provisions a dedicated Virtual Private Cloud (VPC) for each environment. The VPC contains a Fargate ECS cluster to run the application, an Elastic Container Registry to host Docker images, and a whole slew of miscellaneous resources (IAM roles, policies, subnets, security groups, route tables, and so on). Secrets are stored using Secrets Manager.

SQL Databases

When using SQL Databases, Encore provisions a single Amazon RDS cluster, and separate databases within that cluster. The cluster is configured with the latest PostgreSQL version available at the time of provisioning.

The instance type is chosen as the smallest available latest-generation type that supports auto-scaling (currently db.m5.large, with 2 vCPU / 8GiB memory). You can freely change the instance type yourself to handle larger scales.

Additionally, Encore sets up:

  • Automatic daily backups (retained for 7 days) with point-in-time recovery
  • Private networking, ensuring the database is only accessible from the VPC
  • Dedicated subnets for the database instances, with security group rules to secure them

Pub/Sub

When using Pub/Sub, Encore provisions a combination of Amazon SQS and Amazon SNS topics and subscriptions. Additionally, Encore automatically creates and configures dead-letter topics.

Caching

When using Caching, Encore provisions Amazon ElastiCache for Redis clusters.

The machine type is chosen as the smallest available that supports auto-scaling (currently cache.m6g.large, with one read replica). You can freely change the machine type yourself to handle larger scales.

Additionally, Encore sets up:

  • Redis ACL authentication
  • A replication group, with multi-AZ replication and automatic failover for high availability
  • Transit encryption with TLS for additional security
  • A 10% memory buffer to better memory fragmentation, and active defragmentation

Cron Jobs

When using Cron Jobs, Encore's Cloud Platform triggers the execution of cron jobs by calling the corresponding API using a signed request so the application can verify the source of the request as coming from Encore's cron functionality. No infrastructure is provisioned for this to work.

Microsoft Azure

Encore provisions a dedicated Virtual Private Cloud (VPC) for each environment, containing an App Service and App Service Plan to run the application. Secrets are stored as part of the App Service App.

SQL Databases

When using SQL Databases, Encore provisions a single Azure Database for PostgreSQL cluster, and separate databases within that cluster. The cluster is configured with the latest PostgreSQL version available at the time of provisioning.

The instance type is chosen as the smallest available latest-generation type that supports auto-scaling (currently D2s_v3, with 2 vCPU / 8GiB memory). You can freely change the instance type yourself to handle larger scales.

Additionally, Encore sets up:

  • Automatic daily backups (retained for 7 days) with point-in-time recovery
  • Private networking, ensuring the database is only accessible from the VPC
  • Dedicated subnets for the database instances, with security group rules to secure them

Pub/Sub

When using Pub/Sub, Encore provisions Azure Service Bus topics and subscriptions. Additionally, Encore automatically creates and configures dead-letter topics.

Caching

When using Caching, Encore provisions Azure Cache for Redis clusters.

The machine type is chosen as the smallest available that supports auto-scaling (currently C1 with 1GiB memory). You can freely change the machine type yourself to handle larger scales.

Additionally, Encore sets up:

  • Redis authentication
  • Transit encryption with TLS for additional security
  • A 10% memory buffer to better memory fragmentation, and active defragmentation
  • An Azure Private Link connection for secure connectivity from the VPC

Cron Jobs

When using Cron Jobs, Encore's Cloud Platform triggers the execution of cron jobs by calling the corresponding API using a signed request so the application can verify the source of the request as coming from Encore's cron functionality. No infrastructure is provisioned for this to work.