About This Architecture

Multi-AZ sovereign and hybrid cloud architecture on OVHcloud FR with two VPCs (Ligne 1 Souverain and Ligne 2 Hybride) connected via Transit Gateway, each spanning eu-west-1a and eu-west-1b availability zones. Traffic flows from Users through WAF and ALB to presentation-layer applications (Metabase, OpenProject), while backend services (Flowise, Apache Hop, n8n) communicate via API Gateway to data layer components (Baserow, S3). Secrets Manager and KMS provide encryption and credential management across both VPCs, with CloudWatch and CloudTrail enabling monitoring and compliance auditing. This architecture demonstrates data residency compliance, high availability, and secure multi-tenant isolation for regulated workloads requiring French data sovereignty. Fork and customize this diagram on Diagrams.so to adapt VPC CIDR ranges, add additional AZs, or integrate your own SaaS connectors like Make.

People also ask

How do I design a multi-AZ AWS architecture on OVHcloud FR that meets French data sovereignty requirements while supporting both sovereign and hybrid workloads?

This diagram shows a two-VPC architecture (Ligne 1 Souverain and Ligne 2 Hybride) connected via Transit Gateway, each with public subnets (WAF, ALB), private app subnets (Metabase, OpenProject, Flowise, Apache Hop, n8n), and private data subnets (Baserow, S3). Secrets Manager and KMS encrypt credentials and TLS keys, while CloudWatch and CloudTrail provide monitoring and audit trails for complianc