Skip to content

Dev Account

The dev account (686123185567) hosts the live DEV and Demo deployments of the CWIQ Orchestrator platform, the LangFuse LLM observability server, the identity-db server, and the EKS Kubernetes runner cluster.

Account Reference

Attribute Value
Account ID 686123185567
CLI Profile --profile dev
Region us-west-2
VPC cwiq-dev-vpc, 10.1.0.0/16
Availability Zones us-west-2a, us-west-2b
NAT Strategy Single NAT (us-west-2a) — cost optimization
Terraform State S3 cwiq-terraform-states/cwiq-io/dev/, profile shared-services

Orchestrator DEV (orchestrator-dev-cwiq-io)

The primary development server running the full CWIQ Orchestrator platform stack.

Attribute Value
Tailscale IP 100.122.206.4
VPC Private IP 10.1.35.46
Subnet 10.1.35.0/24 (gitlab-1b)
DNS orchestrator.dev.cwiq.io
Docker network cwiq-network
SSH — app operations ssh cwiq@orchestrator-dev-cwiq-io
SSH — Ansible/admin ssh ec2-user@orchestrator-dev-cwiq-io

Volumes

Mount Device Size Backup Contents
/ /dev/sda1 30 GB No OS
/data /dev/sdf 200 GB Daily PostgreSQL, Redis, Redpanda data, app config, SSL certs
/var/lib/containerd /dev/sdg 150 GB No Container images (re-pullable)

Docker storage migration (2026-03-06)

EBS was migrated from /var/lib/docker to /var/lib/containerd on 2026-03-06. All 14 servers follow this pattern. Terraform and Ansible are updated accordingly.

Running Services (Docker Compose)

The stack is managed by GitLab CI/CD. Containers run on the cwiq-network Docker network:

Container Port Purpose
orchestrator-server 8000 Main FastAPI API
orchestrator-ui 3000 React frontend
orchestrator-agent Task execution runner
orchestrator-mcp 8002 MCP tool integration server
orchestrator-postgres 5432 PostgreSQL
orchestrator-redis 6379 Redis
orchestrator-redpanda 9092 Redpanda (Kafka-compatible)
orchestrator-temporal 7233 Temporal workflow engine
runner-api 8003 Runner pool management
Microservices (audit, iam, monitoring, notification, etc.) 8004-8009 Domain microservices

CI/CD Deployment

CI/CD auto-deploys on every push to main. GitLab runner jobs reach the server via VPC private IP (10.1.35.46), not Tailscale IP.

# Variable at GitLab group level (group 9)
DEV_SERVER_IP = 10.1.35.46  # VPC private IP — required by EKS runner pods

Health check: 

curl -f https://orchestrator.dev.cwiq.io/api/health
curl -s "https://orchestrator.dev.cwiq.io/api/health?detailed=true" | python3 -m json.tool

LangFuse (langfuse-dev-cwiq-io)

LLM observability server running the full LangFuse stack.

Attribute Value
Tailscale IP 100.119.26.88
VPC Private IP 10.1.38.95
Instance ID i-0a8018b54c0125f22
Subnet 10.1.38.0/24 (observability-1a)
DNS langfuse.dev.cwiq.io
SSH ssh ec2-user@langfuse-dev-cwiq-io
Tailscale tag tag:cwiq-io
Mount Size Contents
/data (XFS) 100 GiB EBS PostgreSQL, ClickHouse, MinIO, Redis
/var/lib/containerd 50 GiB EBS Container images

Stack: 7 containers (postgres, clickhouse, redis, minio, langfuse-web, langfuse-worker, nginx).

DNS uses Tailscale IP for Docker bridge resolution

langfuse.dev.cwiq.io points to the Tailscale IP (100.119.26.88), not the VPC private IP. This is intentional — Docker containers on the dev server resolve the hostname via Tailscale to avoid timeouts from Docker bridge networks that can't reach VPC private IPs.

Identity-DB (identity-db-dev-cwiq-io)

Backend for sssd-db-identity (POSIX identity provider replacing Active Directory on RHEL 9 hosts).

Attribute Value
VPC Private IP 10.1.35.190
Instance ID i-05f68407315f517dc
SSH ssh ec2-user@identity-db-dev-cwiq-io
Stack PostgreSQL (PgBouncer), sssd-db-identity Rust plugins

Health check: 

docker exec identity-db-pgbouncer pg_isready -h localhost -p 6432

Tailscale Subnet Router (Dev)

EC2 t3.micro in subnet 10.1.40.0/26. Advertises 10.1.0.0/16 to the Tailscale mesh, enabling external (Tailscale) clients to reach any dev server by IP.