Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
Need some serious help here, thanks a lot in advance !
I put out a similar question the other day, didn't get the answer I was looking for. So refactored the entire question
I need to deploy a scalable 3 tier web application on AWS and I am having some doubts/trouble understanding the best practice to design the architecture.
NOTE: As per my understanding, all the backend requests are requested through the browser, after the Frontend server serves html/css/js to the user.
This is the solution I found online :
Question
Doesn't it kill all the logic that 'all the requests to the backend api is made through the client's web browser (since the frontend servers serve html/js code to the user's browser)'? WHICH MEANS, the request should go from the browser --> externalLoadbalancer --> backend API
Considering this, how would the routing in this work? Because, we cannot use frontend for routing, can we?
Right solution IMO (But it doesn't provide restriction to the backend API from the external world):
This definitely does not break any logic/concept but gives access to the world to access the backend api like <domain_name/api>
I am stuck with this design for days and I need to take the web app in production. I would REALLY APPRECIATE the help.
I think you should consider using the AWS API Gateway for access to private EC2 endpoints, and run react from S3 and CloudFront. I don't see those services called out in your architecture.
Here is a description of how the API Gateway supports private EC2 backends.
At re:Invent 2017, we announced endpoint integrations inside a private VPC. With this capability, you can now have your backend running on EC2 be private inside your VPC without the need for a publicly accessible IP address or load balancer.
See https://aws.amazon.com/blogs/compute/introducing-amazon-api-gateway-private-endpoints/
See also https://aws.amazon.com/api-gateway/
Unless you need React rendering on the server, you can just run it as a static website from S3, and call all your application functions from the API Gateway. This is a common way to architect React apps on AWS.
Related
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 days ago.
Improve this question
Frontend and backend service seem to be working fine separately on its own, but when I try to communicate between frontend and backend I keep getting ERR_NAME_NOT_RESOLVED error.
Service discovery are all connected
All security groups are open
I think our architecture is very similar to this if that helps.
(https://mohamedwaelbenismail.medium.com/microservices-architecture-deployed-on-ecs-fargate-based-cluster-using-cloudformation-878cb6f90571)
It only works if we change the internal load balancer to public load balancer allow internet traffic and allow 0.0.0.0/0.
Status of health check are all 'healthy'
Based on your schematic illustration, your React web application front end will never be able to reach your backend. Your front end executes on a client side in their browsers/mobiles. This means that the only way to reach backend is through internet. So your backend can't be in a private subnet behind an internal load balancer.
You have to re-architect your application. Both frontend and backund must be accessible from the internet, for your front end to be able to query the backend.
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 months ago.
Improve this question
Working for a Findata company, we have strict requirements in terms of compliance to be considered "safe" to work with us.
I took some time reading about Serverless VPC connector specifically and it raised mainly two questions.
Here's an architecture diagram that may help answering question 2.
Question 1
I understand that when creating a Serverless VPC connector, you can connect to any private IP present in the same VPC. For instance, a Cloud Run app that connects to a Cloud SQL instance through it's private IP.
What I am still wondering, is how it works when using Google Cloud APIs. For instance, let's take a Cloud Run app that consumes data from BigQuery.
Knowing that we can configure egress traffic to be routed like so:
If we route all traffic through the VPC connector, from my tests, it will reach BigQuery API only if the subnet associated to the connector activated Private Google Access
So here it's going through the VPC for sure. The downside (big?) is that it consumes bandwidth of your connector, right? Also, if the app is scaling up, bandwidth consumption will increase.
My question there is:
To avoid this overhead, does Route only requests to private IPs through the VPC connector option use also the private network? Or does it go to Internet to reach Google APIs?
Question 2
For us, connectors are expensive. We were thinking on how to deploy them (if required, it actually depends on the answer of the question 1)
From what I know, for expensive network setup (like sharing an Cloud Interconnect link), people tends to create a Host Project that manage all the networking and share it using Shared VPC
My question there is:
Is it something to consider as well for Serverless VPC connector? Is it better to create few big ones and share them to multiple serverless service or create a lot of small ones?
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 3 years ago.
Improve this question
I am trying to find a simple solution using either software based vpn or proxy solution. I have an AWS account in which I host multiple web based application. I dont want to expose the URL of stage/UAT environment. So I want to use some software proxy or software based VPN solutions. The solution should be simple - team should connect to vpn or proxy and should be able to access the URLs. I tried with openVPN server, but I have multiple aws accounts where configuration gets complicated.
Any software based, paid or company managed solution should be fine.
I would suggest using OpenVPN market place AMI so they provide a beautiful and manageable interface for admin plus user.
Plus feature
Have an option for Two factors Authenticator by default which provides an extra layer of security
You do not need to manage or generate any keys
So you will need to allow traffic from open VPN in your private staging server and the user will only be able to connect if they are connected with the VPN server.
I have multiple aws accounts where configuration gets complicated.
Do not make think complicated and risky by using one VPN server for all accounts. It's better to use individual VPN access certificates for each account instead of using a single common one.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 2 years ago.
Improve this question
I've been developing a small Slack application for my team. It's a very simple app to help organizing projects. I've written it in Python and used AWS Lambda (one of the Slack API hosting recommendations) to host it. As the usage of this app will be very incidental, I thought that AWS Free Tier could handle it for a while. But I was surprised to discover that, while Lambda has a free tier, I need to configure a NAT Gateway that costs $0.045 per hour to get anything useful out of it.
I'm very disappointed by this. I can't justify the costs of this NAT Gateway for such a small and simple application (that will be used by 5-10 people maximum, and only sometimes). Is there are workaround that I could use (I've heard about NAT instances)?
EDIT: I've created a NAT instance and tried using it with my app. Thing is, now Slack is throwing me a Timeout Reached error (since Slack expects a response within 3000ms before throwing this error). So, are NAT instances slower than NAT Gateways?
NAT instances provide Internet connectivity for EC2 instances located in private subnets. NAT instances provide network address translation. NAT instances are not related to API Gateway nor Lambda functions.
NAT Instances
API Gateway does not have a cost per hour unless you configure caching, which probably is not necessary for your use case. More details are needed to be sure.
API Caching
Note: You can call you Lambda functions directly from your Python code if you do not need all of the features of API Gateway.
Boto3 Lambda.Client
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
We need to create an API interface for a client, so as to avoid having the client connect directly to the vendor. The interface could serve mostly as a passthrough for the various API calls. The vendor requires a VPN connection, and I am not quite clear if this can be accomplished with AWS API Gateway, as my reading shows the backend must be publicly available.
We are in no way married to AWS, so if there is a simpler solution for this, I am all ears.
At the moment, you cannot directly connect to a VPN through API Gateway Proxy but you can place your Lambda's in a VPC and connect your VPN to the VPC where Lambda will be able to work as a proxy and connect to your backend.
Alternative option is to use client certificates at API Gateway to securely connect to your backends.