Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Please help to confirm this architecture diagram is meet the best practice and cost optimization, security wise

0

Enter image description here

Topics
Security, Identity, & ComplianceAWS Well-Architected Framework
Tags
Cost OptimizationSecurity, Identity, & Compliance
Language
English
asked 2 months ago64 views
2 Answers
1

Hello.

This is unrelated to security, but is there any reason you are considering hosting your database on EC2?
Hosting it on RDS allows you to automate the application of security patches, etc.
Below is a comparison table to see whether it is better to host it on RDS or EC2, so please take a look.
https://docs.aws.amazon.com/prescriptive-guidance/latest/migration-sql-server/comparison.html

Does your load balancer use an ALB?
If you do, you can increase the security of your web application by configuring AWS WAF.
https://aws.amazon.com/waf/

From the perspective of cost optimization, introducing CloudFront may be useful.
Caching static files and other data on CloudFront reduces the load on the origin, potentially reducing the need to scale out using ECS ​​and other services.
https://builder.aws.com/content/2wLsBJyOoDFkreZSDJ1AJXkucgF/aws-edge-services-cost-optimization

EXPERT
answered 2 months ago
AWS
EXPERT
reviewed 2 months ago
0

Based on the architecture diagram you've shared, I can provide some insights on how it aligns with AWS best practices, cost optimization, and security considerations.

From a Well-Architected perspective, your architecture appears to incorporate several best practices:

Cost Optimization:

  • The use of serverless components like Lambda functions is beneficial as they scale automatically to meet demand and you only pay for what you use, which is ideal for workloads with variable demand patterns.
  • Amazon S3 provides low-cost, scalable storage. Consider implementing S3 lifecycle policies to automatically transition objects to lower-cost storage classes based on access patterns.
  • DynamoDB's auto-scaling capabilities can help manage costs effectively by adjusting capacity based on actual usage.

Security:

  • The architecture appears to have some security components in place, but I would recommend ensuring you have proper IAM roles and policies configured for each service.
  • Consider implementing encryption for data at rest (using AWS KMS) and in transit.
  • For API Gateway, ensure you have appropriate authentication and authorization mechanisms.

Sustainability:

  • The serverless nature of Lambda helps minimize energy consumption by dynamically allocating compute resources based on demand, eliminating over-provisioning.
  • S3 and DynamoDB also contribute to sustainability through their automatic scaling capabilities.

Recommendations for improvement:

  1. Consider adding CloudWatch for comprehensive monitoring and alerting.
  2. Implement AWS WAF with API Gateway for additional security against web exploits.
  3. Consider using the AWS Well-Architected Tool to perform a detailed assessment of your architecture against all six pillars of the framework.
  4. Evaluate if you need backup and recovery mechanisms for your data stores.

The architecture appears to follow many AWS best practices, particularly in leveraging serverless technologies that can help optimize costs while maintaining performance and scalability.
Sources
Guidance for Digital Concierges for Hospitality on AWS
Guidance for Media Extraction and Dynamic Content Policy Framework on AWS
Guidance for Streamlining Meetings and Boosting Productivity Using Amazon Bedrock

answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content