Skip to content

Overview

CookieHub is a cookie consent management platform. The system spans AWS (ECS, RDS, CloudFront), Scaleway (edge PHP servers), and Cloudflare (Pages, CDN).

System Diagram

flowchart TB
    subgraph Users
        Customer[Customer dashboard]
        EndUser[End user browser]
    end

    subgraph Edge["Edge Layer"]
        CF[CloudFront + Lambda@Edge]
        Scaleway[Scaleway PHP servers]
    end

    subgraph AWS["AWS (eu-central-1)"]
        subgraph Public["Public ALB"]
            CoreAPI[Core API v3]
            AtraxAPI[Atrax API]
        end

        subgraph Internal["Internal ALB"]
            VaultAPI[Vault API]
        end

        subgraph Data
            MariaDB[(MariaDB)]
            Postgres[(PostgreSQL)]
            CH[(ClickHouse)]
        end

        subgraph Workers
            AtraxNode[Atrax Node<br/>headless browser]
            ETL[Vault ETL]
        end

        SQS[SQS Queue]
        S3[S3 Buckets]
        Grafana[Grafana]
    end

    Customer --> CoreAPI
    EndUser --> CF
    EndUser --> Scaleway

    CF -->|consent events| SQS
    SQS --> VaultAPI
    Scaleway --> CoreAPI

    CoreAPI --> MariaDB
    CoreAPI -->|analytics| VaultAPI
    CoreAPI -->|trigger scan| AtraxAPI

    AtraxAPI --> Postgres
    AtraxAPI --> AtraxNode
    AtraxNode -->|results| AtraxAPI
    AtraxNode --> S3

    VaultAPI --> CH
    VaultAPI --> Postgres
    ETL --> CH
    Grafana --> CH

Services

Service Purpose Tech Status
Core API Dashboard API — domains, consent settings, subscriptions Hono (TypeScript) Stage live, prod on Laravel
Vault Analytics pipeline — consent events, session data TypeScript + ClickHouse Prod
Atrax Web scanner — discovers cookies and tracking tech Node.js + headless browser Stage ECS, prod migrating
Edge Widget serving + consent event logging PHP (Scaleway) + Lambda@Edge Hybrid
Widget Client-side consent banner JavaScript Prod

AWS Accounts

Account ID Purpose
Stage 258618559895 Development and testing
Production 759286286879 Live traffic

Both accounts are in eu-central-1. Infrastructure is managed with Terraform — see Terraform docs.

Key Architectural Decisions

  • ECS on EC2 (not Fargate) — used for all containerized services
  • Internal ALB for production — vault services are not publicly accessible
  • SSM Parameter Store for secrets — no Secrets Manager, see Secrets docs
  • ClickHouse for analytics — replaced earlier Trino/Iceberg and Portainer/Swarm setups
  • Bare metal being phased out — all infrastructure moving to AWS