Aws Architecture 1

Neeraj Singh NegiNeeraj Singh Negi
1 min read

Table of contents

Scenario

As a startup creating coupons for agents, coupon-example.io is collaborating with agent-example.io to find a secure, cost-effective, and resilient method for data transfer between agents (vendor).

Security

  1. Enable root account multi-factor authentication.

  2. All users should have role-based access instead of IAM user access (IAM - Identity Center).

  3. Apply the principle of least privilege to users.

  4. Data should be encrypted using KMS keys with SSL.

  5. The secret manager stores the credentials.

  6. Frontend and backend should be placed in a private subnet.

  7. Use a VPC endpoint to keep VPC and S3 in a secure medium.

  8. VPC peering allows secure communication between different VPCs.

  9. Attach the frontend load balancer so all traffic goes through it, and you can add a security group for extra protection.

  10. If cost is not an issue, AWS Shield Advanced can be used.

Cost

  1. Host the frontend in S3.

  2. Backend use aws lambda and api gateways

Resilience

  1. AWS Aurora DB can automatically scale across multiple availability zones, or if it's in a virtual machine, use a scale set.
0
Subscribe to my newsletter

Read articles from Neeraj Singh Negi directly inside your inbox. Subscribe to the newsletter, and don't miss out.

frontendbackendDatabasesS3vpcAWSarchitecture

Written by

Neeraj Singh Negi
Neeraj Singh Negi