System Diagrams
Current as of November 15th, 2019
FxA universe
stateDiagram
state "RP" as RP
state "Amazon S3" as s3: Profile photo storage
state "Amazon SES" as ses: Amazon email delivery
state "Amazon SNS" as sns: Amazon hosted email/SMS
state "Basket" as basket: Send marketing emails, hosted by Marketing
state "fraud detection pipeline" as fdp: Should an event be blocked? Hosted by SecOps
state "fxa-auth-server" as auth: authn/authz
state "fxa-content-server" as content
state "fxa-customs-server" as customs: Fraud/abuse prevention
state "fxa-event-broker" as eb: Notify RPs of important user events
state "fxa-payments-server" as payments
state "fxa-profile-server" as profile
state "fxa-support-panel" as support_panel: Allow support agents to access user info
state "gcp" as gcp: logging/metrics
state "iprepd" as iprepd: Should an IP be blocked? Hosted by SecOps
state "memcached" as memcached: store blocks, rate limits
state "Mozilla Data Platform (MDP)" as mdp: Send marketing emails, hosted by Marketing
state "mysql" as mysql: auth, oauth, profile CRUD
state "redis" as redis: session/profile info cache
state "Support agent" as support_agent: Fix user problems
state "Zendesk" as zendesk: Hosted support management
User-->RP
RP-->auth
RP-->content
auth-->basket
auth-->customs
auth-->eb
auth-->gcp
auth-->mysql
auth-->profile
auth-->redis
auth-->sns
auth-->ses
auth-->zendesk
content-->auth
content-->gcp
content-->payments
content-->profile
customs-->gcp
customs-->iprepd
customs-->memcached
eb-->RP
fdp-->customs
gcp-->fdp
gcp-->mdp
payments-->auth
payments-->profile
payments-->stripe
payments-->gcp
payments-->RP
profile-->auth
profile-->gcp
profile-->mysql
profile-->s3
support_agent-->support_panel
support_agent-->zendesk
support_panel-->auth
support_panel-->profile
fxa-auth-server
stateDiagram
state "RP" as RP
state "Amazon SES" as ses: Amazon email delivery
state "Amazon SNS" as sns: Amazon hosted email/SMS
state "Basket - Salesforce Marketing Cloud (SFMC)" as basket: Send marketing emails, hosted by Marketing
state "fxa-auth-server" as auth: authn/authz
state "fxa-content-server" as content
state "fxa-customs-server" as customs: Fraud/abuse prevention
state "fxa-event-broker" as eb: Notify RPs of important user events
state "fxa-payments-server" as payments
state "fxa-profile-server" as profile
state "fxa-support-panel" as support_panel: Allow support agents to access user info
state "gcp" as gcp: logging/metrics
state "mysql" as mysql: auth, oauth, profile CRUD
state "redis" as redis: session/profile info cache
state "Zendesk" as zendesk: Hosted support management
RP-->auth : 1
content-->auth : 2
payments-->auth : 3
profile-->auth : 4
support_panel-->auth : 5
auth-->ses : 6
auth-->basket : 7
auth-->customs : 8
auth-->eb : 9
auth-->gcp : 10
auth-->mysql : 11
auth-->redis : 12
auth-->sns : 13
auth-->zendesk : 14
note left of RP
No. Connection Reason
1. RP → auth verify/fetch OAuth tokens
2. content → auth authentication/authorization
3. payments → auth update subscriptions
4. profile → auth canonical profile info
5. support_panel → auth view user info
6. auth → ses send email to users
7. auth → basket notify of user events
8. auth → customs fraud detection
9. auth → event broker notify of user update
10. auth → gcp logging
11. auth → mysql authorization CRUD
12. auth → redis profile/sessionToken cache
13. auth → sns send SMS messages
14. auth → zendesk file support tickets
end note
fxa-content-server
stateDiagram
RP
state "fxa-auth-server" as auth: authn/authz
state "fxa-content-server" as content
state "fxa-payments-server" as payments
state "fxa-profile-server" as profile
state "gcp" as gcp: logging/metrics
RP-->content : 1
content-->auth : 2
content-->payments : 3
content-->profile : 4
content-->gcp : 5
note left of RP
No. Connection Reason
1. RP → content authorization
2. content → auth authentication & authorization
3. content → payments redirect to update subscriptions
4. content → profile fetch subscription info
5. content → gcp send logs
end note
fxa-customs-server
stateDiagram
state "fxa-auth-server" as auth: authn/authz
state "fxa-customs-server" as customs: Fraud/abuse prevention
state "gcp" as gcp: logging/metrics
state "memcached" as memcached: store blocks, rate limits
state "iprepd" as iprepd: Should an IP be blocked? Hosted by SecOps
state "fraud detection pipeline" as fdp: Should an event be blocked? Hosted by SecOps
auth-->customs : 1
customs-->gcp : 2
customs-->iprepd : 3
customs-->memcached : 4
fdp-->customs : 5
gcp-->fdp : 6
note left of auth
No. Connection Reason
1. auth → customs check whether request should be blocked
2. customs → gcp send logs
3. customs → iprepd check ip address
4. customs → memcached store counts & blocks
5. fdp → customs inform of block
6. gcp → fdp notify of user events
end note
fxa-payments-server
stateDiagram
state "fxa-auth-server" as auth: authn/authz
state "fxa-content-server" as content
state "fxa-payments-server" as payments
state "fxa-profile-server" as profile
state "gcp" as gcp: logging/metrics
content-->payments : 1
payments-->auth : 2
payments-->profile : 3
payments-->stripe : 4
payments-->gcp : 5
payments-->RP : 6
note left of content
No. Connection Reason
1. content → payments redirect
2. payments → auth update subscriptions
3. payments → profile get user profile
4. payments → stripe get payment widget
5. payments → gcp send logs & metrics
6. payments → RP redirect after subscription update
end note
fxa-profile-server
stateDiagram
state "fxa-auth-server" as auth: authn/authz
state "fxa-content-server" as content
state "fxa-payments-server" as payments
state "fxa-profile-server" as profile
state "mysql" as mysql: auth, oauth, profile CRUD
state "gcp" as gcp: logging/metrics
state "fxa-support-panel" as support_panel: Allow support agents to access user info
state "S3" as s3: Profile photo storage
content-->profile : 1
payments-->profile : 2
auth-->profile : 3
profile-->auth : 4
support_panel-->profile : 5
profile-->gcp : 6
profile-->mysql : 7
profile-->s3 : 8
note left of gcp
No. Connection Reason
1. content → profile get user profile
2. payments → profile get user profile
3. auth → profile notify of user events
4. profile → auth get canonical profile info
5. support_panel → profile get user profile
6. profile → gcp logging/metrics
7. profile → mysql profile CRUD
8. profile → s3 store profile photos
end note
fxa-support-panel
stateDiagram
state "fxa-auth-server" as auth: authn/authz
state "fxa-content-server" as content
state "fxa-profile-server" as profile
state "fxa-support-panel" as support_panel: Allow support agents to access user info
state "Support agent" as support_agent: Fix user problems
state "Zendesk" as zendesk: Hosted support management
User-->content : 1
content-->auth : 2
auth-->zendesk : 3
support_agent-->support_panel : 4
support_agent-->zendesk : 5
support_panel-->auth : 6
support_panel-->profile : 7
note left of zendesk
No. Connection Reason
1. User → content file support ticket
2. content → auth forward support ticket
3. auth → zendesk forward support ticket
4. support_agent → support_panel check user status
5. support_agent → zendesk get support ticket
6. support_panel → auth get user info
7. support_panel → profile get user info
end note
A few additional diagrams
There are a few more private diagrams maintained by the operations group about how we have our cloud services set up. If you're an employee, you can see them here: