Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.provisionr.io/llms.txt

Use this file to discover all available pages before exploring further.

You choose one of our managed GCP or AWS regions or deploy Provisionr in your own AWS account to choose any region around the world. Your data stays in the region that you deploy in, including backups that use a secondary region in the same jurisdiction where possible. This gives you direct control over data residency for compliance with regional regulations.

Google Cloud Platform (GCP)

Provisionr’s infrastructure for Baseline and Growth plans runs on Google Cloud Platform (GCP) using Cloud Run and Postgres on Cloud SQL. Each region has an independent control plane for data residency and data sovereignty compliance. Each workspace has its own isolated compute, database, secrets management, and encryption keys. GCP was selected for its global presence, strong security controls, and multi-tenant compute and data tenant isolation capabilities with scale-to-zero compute that enable cost-efficient scaling.

GCP Regions

You can deploy your workspace in any of our eight GCP regions around the world. Each region has its own independent control plane and infrastructure to meet data residency and sovereignty requirements, and allows us to optimize latency and availability for customers around the world.
  • United States - *.us.provisionr.app - gcp/us-central1 (Iowa)
  • European Union - *.eu.provisionr.app - gcp/europe-west1 (Belgium)
  • Canada - *.ca.provisionr.app - gcp/northamerica-northeast1 (Montreal)
  • Australia - *.au.provisionr.app - gcp/australia-southeast1 (Sydney)
  • Mexico - *.mx.provisionr.app - gcp/northamerica-south1 (Mexico City)
  • Japan - *.jp.provisionr.app - gcp/asia-northeast1 (Tokyo)
  • Brazil - *.br.provisionr.app - gcp/southamerica-east1 (São Paulo)
  • India - *.in.provisionr.app - gcp/asia-south1 (Mumbai)

GCP Data Isolation

GCP Isolation Diagram
Every tenant workspace on shared infrastructure receives:
  • Dedicated Cloud Run service — Per-workspace container with its own process space, memory, and environment variables. No workspace shares compute with another workspace.
  • Dedicated Cloud SQL PostgreSQL database — Separate database on a shared Cloud SQL instance. One workspace cannot query another workspaces’s database.
  • Dedicated Encryption Key per Tenant — Per-workspace encryption key stored in GCP Secret Manager, injected at runtime. Each workspaces’s encrypted data can only be decrypted by their own key.
  • Dedicated Subdomain per Workspace{workspaceId}.{region}.provisionr.app routed at the edge by Cloudflare Worker.
  • Regional Data Residency and Data Sovereignty - The control plane and workspace data are contained within your selected region. Backup and Disaster Recovery is in a second region in the same country or compliance framework geography.
  • Release Channel and Updates - Each workspace uses tagged version images from the Provisionr container registry. Each workspace administrator can choose their preferred upgrade schedule. Updates are mandatory, however feature flags for major changes can be enabled or disabled at your discretion.
The word “shared” refers to the GCP project for that region’s workspaces and Cloud SQL instances (compute) that are shared across tenants. Each tenant’s workload is fully isolated with it’s own app container, Postgres database, secret management, and encryption key level. All of the workspace services run with a GCP service account dedicated to that tenant that provides Workload Identity isolation per workspace.

Cloudflare Edge Routing

All tenant traffic passes through Cloudflare before reaching Cloud Run. The Cloudflare Worker handles subdomain extraction, JWT session validation at the edge, tenant-to-service URL lookup via Workers KV, and cold start handling with a loading page. DDoS mitigation and TLS termination are handled by Cloudflare.

Cloud Run Serverless Compute

Each tenant’s Cloud Run service runs in a gVisor sandbox providing container-level isolation. Each tenant’s service scales independently so one tenant under heavy load does not affect another tenant’s available capacity.

Database Connections

Each GCP project contains one or more Cloud SQL PostgreSQL instances. Every tenant has its own database within the instance. Cloud Run services connect via Cloud SQL Auth Proxy sidecar (built into Cloud Run’s native Cloud SQL integration). Each tenant service connects only to its own database. The Cloud SQL Auth Proxy provides secure passwordless authentication using Workload Identity service accounts and encrypted connections to the database, and ensures that one tenant cannot access another tenant’s database.

GCP Environment Variables Secrets

Each tenant’s application encryption key (APP_KEY) and other secrets are stored in GCP Secret Manager within the region’s GCP project.
  • One secret per tenant, one active version
  • Mounted into the tenant’s Cloud Run service as an environment variable at deploy time
  • IAM policy restricts access to the tenant’s own Cloud Run service identity
  • Not accessible to other tenants or other services within the project

Managed AWS Account

Provisionr’s infrastructure for the Scale plan runs on Amazon Web Services (AWS) using ECS Fargate for compute and RDS for PostgreSQL database. Scale workspaces are managed by Provisionr’s internal orchestration system, which provides similar isolation and multi-tenancy controls as the GCP architecture. Each Scale workspace is provisioned in an AWS account shared with other tenants, however each workspace has dedicated ECS compute, RDS database server, secrets management, and encryption keys. Similar to GCP, each region has an independent control plane for data residency and data sovereignty compliance. You can deploy your workspace in a Provisionr-managed AWS account in the United States or European Union.
  • United States - *.usa.provisionr.app - aws/us-east-2 (Ohio)
  • European Union - *.eur.provisionr.app - aws/eu-central-1 (Frankfurt)

Self-Hosted AWS Account

The Sovereign plan is available on the AWS Marketplace and is deployed in the customer’s own AWS account using CloudFormation template, allowing customer’s to have complete control over the infrastructure, data, and security. The Provisionr team does not have access to your workspace, and updates are provided using the Amazon Container Registry (ECR). The deployed workload architecture is similar to Scale plans with dedicated ECS Fargate compute, RDS database server, secrets management, and encryption keys.
Region NameAWS Identifier
US East (Ohio)us-east-2
US East (N. Virginia)us-east-1
US West (N. California)us-west-1 (usw1-az1 & usw1-az3 only)
US West (Oregon)us-west-2
Canada (Central)ca-central-1
Canada West (Calgary)ca-west-1
Mexico (Central)mx-central-1
Africa (Cape Town)af-south-1
Asia Pacific (Hong Kong)ap-east-1
Asia Pacific (Mumbai)ap-south-1
Asia Pacific (Tokyo)ap-northeast-1 (apne1-az1, apne1-az2, & apne1-az4 only)
Asia Pacific (Seoul)ap-northeast-2
Asia Pacific (Osaka)ap-northeast-3
Asia Pacific (Hyderabad)ap-south-2
Asia Pacific (Singapore)ap-southeast-1
Asia Pacific (Sydney)ap-southeast-2
Asia Pacific (Thailand)ap-southeast-7
Asia Pacific (Jakarta)ap-southeast-3
Asia Pacific (Melbourne)ap-southeast-4
Asia Pacific (Malaysia)ap-southeast-5
China (Beijing)cn-north-1 (cnn1-az1 & cnn1-az2 only)
China (Ningxia)cn-northwest-1
Europe (Frankfurt)eu-central-1
Europe (Zurich)eu-central-2
Europe (Ireland)eu-west-1
Europe (London)eu-west-2
Europe (Paris)eu-west-3
Europe (Milan)eu-south-1
Europe (Spain)eu-south-2
Europe (Stockholm)eu-north-1
South America (São Paulo)sa-east-1
Israel (Tel Aviv)il-central-1
Middle East (Bahrain)me-south-1
Middle East (UAE)me-central-1
AWS GovCloud (US-East)us-gov-east-1
AWS GovCloud (US-West)us-gov-west-1