Score:0

How to design a frontend service in AWS?

ec flag

In AWS, we deployed a backend service - API in the internal ALB. For frontend(Web UI), it call the API and also needs to be accessed from internal enterprise network. It should be bind to Route53.

We are using VPN in our enterprise. We use DirectConnect to connect AWS VPC. So we can use private IP to access internal ALB resource in AWS.

Now we want to bind the original internal ALB's DNS name to Route 53 with a domain. Is it possible to do if use the use the internal ALB only?

Maybe the current internal ALB can't realize the purpose. So we will add a second ALB - internet facing. Use it to bind the Route53.

If set both 2 kinds of ALB for it, deploy with ECS, how to do the blue/green deployment for 2 kinds of different target security groups?

Tim avatar
gp flag
Tim
Your question is quite confusing. Can you please edit your question to include a diagram, and ideally edit your question to be a bit more precise. Can your enterprise network access the system using public facing ALB? Do you have VPN / DirectConnect in place. We will need more information to help you
ec flag
@Tim Thank you. I added a diagram link to the question. My enterprise network can access the system under public ALB. We are using DirectConnect between on-premise and AWS. Also, we have VPN, so we want to access the system under VPN. The green items are what I want to add this time. Do I need them? That's why I asked the best design.
Tim avatar
gp flag
Tim
You are stating what you think you need to do. A better way to write a question is to say current state in words, with a diagram, and your target state. You haven't done that, you've given a design without clearly explaining current / target states. I think Currently you have a system that you access over DirectConnect with a VPN, where you hit an ALB using private IPs. I think you want another set of servers behind another ALB that is public facing. Why would you want another target group? That would make this independent of the original solution. Please revise your question for clarity.
ec flag
@Tim Thank you for your comment again. I edited the question above. In a short word, now we are using internal ALB, we want to bind to Route53, do we need to create a internet facing ALB to do? If necessary, we will use both 2. If the 2 ALBs can use the same target groups will be great.
Tim avatar
gp flag
Tim
The easiest option is probably a second ALB using the same target group. I suspect there's probably a way to use the same ALB for both public and private but I haven't tried to do that, maybe associating the ALB with both public and private subnets. I'd have to experiment a bit to work that out. How you do blue / green could be tricky with two ALBs.
ec flag
@Tim Yes, I agree with you. That's why I want to confirm the solution for this purpose. If one ALB can associate with both public and private subnets, its feature is great. But the blue/green deployment is indeed difficult. However, the goal of this question is, for designing, can I use public ALB only? Then I can remove the current private one and create a new one.
Tim avatar
gp flag
Tim
I'm pretty sure you can create a new public facing ALB, route enterprise traffic over DirectConnect (double check that), and use standard processes. If you have DirectConnect you should have an AWS account manager / technical architect who can answer these questions for you, if not get yourself onto invoiced billing and get one allocated.
ec flag
@Tim Okay. Thank you very much for your help and advice.
Score:0
gp flag
Tim

My initial suggestion is to:

  • Create a new public facing ALB
  • Route enterprise traffic over DirectConnect using a public VIF to the ALB
  • Use the existing target group
  • Use standard green / blue techniques

There may be better ways to do this, I'd have to give it a bit of thought. Others might have better ideas.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.