Cloud infrastructure on AWS
Cleared runs on Amazon Web Services (AWS) in the US East region with disaster recovery in US West. AWS gives us strong security, high availability, managed encryption, and compliance artefacts that support Jamaica\'s Data Protection Act and international standards.
AWS services we use
Compute: EC2 and Lambda
Core services run on EC2 instances inside private subnets. Serverless functions (Lambda) handle file processing, OCR, and biometric matching with automatic scaling.
Storage: S3 and EBS
Documents and images are stored in encrypted S3 buckets with versioning enabled. EC2 volumes use encrypted EBS with snapshots retained for 30 days.
Databases: RDS (PostgreSQL) and MongoDB Atlas
Structured data lives in RDS PostgreSQL with automated backups, read replicas, and Multi-AZ deployment. Unstructured verification logs use MongoDB Atlas with encryption at rest.
Networking: VPC, Security Groups, NACLs
Each tier (web, app, database) runs in separate subnets with Security Groups and Network ACLs controlling traffic flow. Internal services cannot reach the internet directly.
Identity and access: IAM roles and policies
Services use IAM roles with least-privilege policies. Users authenticate via AWS SSO with MFA enforced. CloudTrail logs every IAM action.
Compliance and auditing: CloudTrail, Config, GuardDuty
CloudTrail logs API calls. AWS Config monitors configuration changes. GuardDuty detects threats. Logs feed into our SIEM for correlation and alerting.
Data residency and compliance
Cleared data is stored in AWS US East (Virginia) with disaster recovery replication to US West (Oregon). We do not store data in the European Union or Asia Pacific regions.
AWS provides SOC 2 Type II, ISO 27001, and PCI DSS compliance artefacts that support our own audits and client due diligence requests. We can share AWS compliance summaries with regulated clients upon request.