Let’s review a particular project in detail and the cost of infrastructure maintenance. And so, we have an internal WEB application that consists of a static website on React, a backend on Go, and a database DynamoDB. All code is stored on Github and for CI/CD we use Github Actions. The infrastructure code is defined in Terraform.

Infrastructure

All traffic from clients is received by CloudFront, which acts as a CDN. With it, we can increase page load speed and reduce the load on the backend and frontend by requests caching.

Further, depending on the requested prefix (all except /api/* goes to the frontend part) requests go to S3 or ALB. S3 has the functionality to serve static websites, so it is fully suitable for this task, it is also possible to implement different types of routing depending on the requests.

At ALB, we authorize clients using AWS Cognito, which has extensive functionality for working with different types of authorization and registration.

Important note: when using the ALB+CloudFront bunch, remember to close your balancers (so that traffic can only go through CloudFront), as this will help you avoid problems with direct attacks on the balancer (DDoS). And for more protection, use WAF and Shield services.

And later we transfer the execution request to AWS ECS (Fargate) cluster. Thanks to this, we get autoscaling basically from the box, the ability to configure access to other resources (IAM), logs and metrics (sent to CloudWatch), and much more.

AWS Docker registry stores Docker images which will be later used in ECS. Thanks to the image tagging policy as well as the image rotation, we have achieved efficient and easy work during deploys and troubleshooting sessions.

#web-development #aws #devops #failure #amazon-web-services #aws-services #aws-blogs #amazonwebservices