๐ Infrastructure Cost Analysis & Security Investment
๐ Secure Development Policy ยท Classification Framework
๐ Document Owner: CEO | ๐ Version: 1.1 | ๐ Last Updated: 2026-04-21 (UTC) ๐ Review Cycle: Annual | โฐ Next Review: 2027-04-21 ๐ท๏ธ Classification: Public (Frontend-Only Educational Gaming Platform)
๐ ISMS Alignment: This document follows Hack23 Secure Development Policy business continuity and lifecycle documentation requirements.
This document outlines the financial and security implementation plan for the Black Trigram (ํ๊ด) Korean martial arts educational gaming platform. For architectural context, see the Architecture Documentation and End-of-Life Strategy.
The current architecture is a static React SPA deployed on AWS CloudFront + S3, with disaster recovery on GitHub Pages, resulting in minimal infrastructure costs.
| Time Frame | Monthly (USD) | Annual (USD) |
|---|---|---|
| Total Infrastructure | $7.00 | $84.00 |
| Security Tooling | $0.00 | $0.00 |
| Development CI/CD | $0.00 | $0.00 |
| Grand Total | $7.00 | $84.00 |
Note: Black Trigram leverages free-tier and low-cost services for open source projects. The primary recurring costs are AWS CloudFront/S3 hosting, Route 53 DNS with health check failover, CloudWatch monitoring, and domain registration.
| Component | Service | Monthly (USD) | Annual (USD) | Notes |
|---|---|---|---|---|
| Hosting | AWS S3 (Static Site) | $0.50 | $6.00 | Static assets, low-traffic educational site |
| CDN | AWS CloudFront | $2.00 | $24.00 | Global edge distribution, HTTPS termination |
| DNS | AWS Route 53 | $1.50 | $18.00 | Hosted zone + DNS queries + basic health check for DR failover to GitHub Pages |
| Domain | Domain Registration | $1.00 | $12.00 | Annual domain renewal (~$1/mo averaged) |
| SSL/TLS | AWS Certificate Manager | $0.00 | $0.00 | Free TLS certificates for CloudFront |
| DR Hosting | GitHub Pages | $0.00 | $0.00 | Free disaster recovery for public repos |
| Monitoring | AWS CloudWatch (basic) | $2.00 | $24.00 | Basic monitoring and alarms |
| AWS/Infra Total | $7.00 | $84.00 |
| Component | Service | Monthly (USD) | Annual (USD) | Notes |
|---|---|---|---|---|
| CI/CD | GitHub Actions | $0.00 | $0.00 | Free for public repos |
| Code Scanning | GitHub Advanced Security | $0.00 | $0.00 | Free for public repos |
| Dependency Scanning | Dependabot | $0.00 | $0.00 | Free for all repos |
| SAST | SonarCloud | $0.00 | $0.00 | Free for open source |
| SBOM | GitHub SBOM + SLSA | $0.00 | $0.00 | Free for public repos |
| Tooling Total | $0.00 | $0.00 |
%%{
init: {
'theme': 'base',
'themeVariables': {
'primaryColor': '#e8f5e9',
'primaryTextColor': '#2e7d32',
'lineColor': '#4caf50',
'secondaryColor': '#e3f2fd',
'tertiaryColor': '#fff8e1'
}
}
}%%
pie title Monthly Infrastructure Cost Distribution ($7.00/month)
"AWS CloudFront CDN" : 2.00
"AWS CloudWatch" : 2.00
"AWS Route 53 DNS" : 1.50
"Domain Registration" : 1.00
"AWS S3 Hosting" : 0.50
Note: This table covers incremental security tooling costs only. Security-related AWS infrastructure services (e.g., CloudFront, CloudWatch) are accounted for separately under the infrastructure cost breakdown above.
| Security Service | Provider | Annual Cost | ISMS Policy Alignment |
|---|---|---|---|
| SAST Scanning | SonarCloud | $0.00 | Secure Development Policy |
| Dependency Scanning | Dependabot + npm audit | $0.00 | Vulnerability Management |
| Secret Scanning | GitHub Secret Scanning | $0.00 | Cryptography Policy |
| Code Scanning | CodeQL | $0.00 | Secure Development Policy |
| Supply Chain | SLSA Level 3 + Scorecard | $0.00 | Open Source Policy |
| License Compliance | FOSSA | $0.00 | Open Source Policy |
| E2E Testing | Cypress (OSS) | $0.00 | Secure Development Policy |
| Unit Testing | Vitest (OSS) | $0.00 | Secure Development Policy |
| CDN Security | AWS CloudFront (built-in) | Included in infrastructure cost | Network Security Policy |
| TLS Certificates | AWS Certificate Manager | Included in infrastructure cost | Cryptography Policy |
| Total Incremental Security Tooling Cost | (excludes AWS security services costed in infrastructure) | $0.00 | See infrastructure cost breakdown |
Note: ROI figures below cover incremental security tooling and services only (all currently OSS/free). Security-related AWS infrastructure (e.g., CloudFront, CloudWatch, Route 53 health checks) is accounted for separately under infrastructure costs and currently totals โ$54.00/year across ISMS policy areas.
| Metric | Value | Source |
|---|---|---|
| Total Security Tooling Investment | $0/year | Free OSS tooling (excluding AWS infrastructure spend) |
| Vulnerability Detection Rate | >95% | Automated scanning pipeline |
| Mean Time to Detect (MTTD) | <24 hours | Automated CI/CD scanning |
| Code Coverage (Target) | >80% | Vitest + Cypress (target; see UnitTestPlan.md for current coverage) |
| Supply Chain Score | OpenSSF Scorecard | Automated assessment |
| SLSA Level | Level 3 | GitHub Actions attestation |
| CII Best Practices | Passing | Core Infrastructure Initiative |
%%{
init: {
'theme': 'base',
'themeVariables': {
'primaryColor': '#e3f2fd',
'primaryTextColor': '#01579b',
'lineColor': '#2196f3',
'secondaryColor': '#e8f5e9',
'tertiaryColor': '#fff8e1'
}
}
}%%
flowchart LR
subgraph USERS["๐ Users"]
BROWSER["๐ฅ๏ธ Browser<br/>Korean Martial Arts<br/>Education"]
end
subgraph AWS["โ๏ธ AWS Infrastructure ($7.00/month)"]
CF["๐ CloudFront CDN<br/>$2.00/month<br/>Global Edge Distribution<br/>TLS 1.3 Termination"]
S3["๐ฆ S3 Bucket<br/>$0.50/month<br/>Static Site Hosting<br/>Versioning Enabled"]
R53["๐ Route 53<br/>$1.50/month<br/>DNS Management<br/>Health Check Failover"]
CW["๐ CloudWatch<br/>$2.00/month<br/>Basic Monitoring<br/>Alerts"]
ACM["๐ ACM<br/>$0.00/month<br/>TLS Certificates<br/>Auto-Renewal"]
end
subgraph DR["๐ Disaster Recovery ($0/month)"]
GHP["๐ GitHub Pages<br/>Free DR hosting<br/>Automatic failover"]
end
BROWSER --> R53
R53 --> CF
CF --> S3
CF --> ACM
CW --> CF
CW --> S3
R53 -.->|Health Check Failover| GHP
style AWS fill:#e3f2fd
style DR fill:#f3e5f5
style USERS fill:#e8f5e9
| Security Control | AWS Service | Additional Cost | ISMS Alignment |
|---|---|---|---|
| HTTPS Enforcement | CloudFront + ACM | $0.00 | Cryptography Policy |
| DDoS Protection | AWS Shield Standard | $0.00 | Network Security Policy |
| Geo Restriction | CloudFront | $0.00 | Access Control Policy |
| Access Logging | S3 + CloudFront | $0.00 | Information Security Policy |
| Versioning | S3 Versioning | $0.00 | Backup & Recovery Policy |
| Origin Access | CloudFront OAI/OAC | $0.00 | Access Control Policy |
| Security Headers | CloudFront Functions | $0.00* (assumes free-tier usage) | Secure Development Policy |
CloudFront Functions pricing includes a monthly free tier (e.g., first 2 million invocations); this plan assumes usage remains within that free tier. Higher invocation volumes will incur additional per-invocation charges according to AWS regional pricing and will increase the AWS Infrastructure and TCO figures accordingly.
| Cost Category | Year 1 | Year 2 | Year 3 | 3-Year Total |
|---|---|---|---|---|
| AWS Infrastructure | $84.00 | $84.00 | $84.00 | $252.00 |
| Security Tooling | $0.00 | $0.00 | $0.00 | $0.00 |
| CI/CD Pipeline | $0.00 | $0.00 | $0.00 | $0.00 |
| Compliance Tools | $0.00 | $0.00 | $0.00 | $0.00 |
| Development Tools | $0.00 | $0.00 | $0.00 | $0.00 |
| Total | $84.00 | $84.00 | $84.00 | $252.00 |
| Metric | Value | Benchmark |
|---|---|---|
| Monthly cost per user | <$0.01 | Educational gaming platform |
| Security cost per vulnerability found | $0.00 | All automated, free tools |
| Infrastructure cost ratio | Low-cost AWS infra; most security/dev tooling free-tier/OSS | Open source project |
| DR cost overhead | $0.00 | GitHub Pages as free DR |
| Compliance cost | $0.00 | OSS tools (SonarCloud, FOSSA, Scorecard) |
- ๐ Open Source Advantage: All security scanning tools are free for open source projects
- โ๏ธ AWS Free Tier: CloudWatch includes an ongoing Free Tier with fixed quotas for metrics, logs, and alarms; the current cost breakdown and illustrative $84/year TCO assume a low-volume workload with an estimated โ$2/month CloudWatch portion that will increase if usage exceeds those free-tier quotas
- ๐ฆ Static Architecture: No server-side compute costs (no Lambda, EC2, or containers)
- ๐ Built-in Security: AWS Shield Standard and CloudFront security headers at no additional cost
- ๐ GitHub Actions: Unlimited CI/CD minutes for public repositories
- ๐ DR at Zero Cost: GitHub Pages provides automatic disaster recovery hosting
If the platform evolves beyond a static frontend (see FUTURE_ARCHITECTURE.md):
| Evolution Scenario | Estimated Monthly Cost | Key Cost Drivers |
|---|---|---|
| Current (Static SPA) | $7.00 | CloudFront + S3 + Route 53 |
| + API Gateway + Lambda | $15-25 | Serverless compute |
| + DynamoDB | $25-40 | Data persistence |
| + WAF + GuardDuty | $50-75 | Enhanced security services |
| Full AWS Stack | $75-100 | All AWS security services |
| ๐ก๏ธ ISMS Policy | ๐ฐ Current Annual Cost | ๐ง Services Used | ๐ Business Value |
|---|---|---|---|
| Secure Development Policy | $0.00 | SonarCloud, CodeQL, Vitest, Cypress | Automated code quality and security |
| Vulnerability Management | $0.00 | Dependabot, npm audit, Scorecard | Continuous vulnerability detection |
| Cryptography Policy | $0.00 | AWS ACM, GitHub Secret Scanning | TLS certificates and secret protection |
| Network Security Policy | $24.00 | CloudFront, AWS Shield Standard | CDN and DDoS protection |
| Access Control Policy | $0.00 | CloudFront OAC, S3 bucket policies | Origin access control |
| Backup & Recovery Policy | $6.00 | S3 Versioning, GitHub Pages DR, Route 53 health check failover | Multi-layer backup strategy with automatic DR failover |
| Information Security Policy | $24.00 | CloudWatch, Access Logs | Monitoring and audit logging |
| Total | $54.00 |
| Icon | Document | Relationship |
|---|---|---|
| ๐๏ธ | Architecture | System architecture overview |
| ๐ก๏ธ | Security Architecture | Security model details |
| ๐ฏ | Threat Model | Risk-driven security justification |
| ๐ฎ | Future Architecture | Evolution roadmap |
| ๐ | End-of-Life Strategy | Technology lifecycle management |
| ๐ | BCPPlan | Business continuity planning |
| ๐ | README | Project overview |
| ๐ผ | SWOT | Strategic assessment |