Redesign of a Client-Server Architecture


Hello, Our current client-server architecture is for each client there is a separate AWS account and for the server, one account is there. Each client account has an EC2 instance running a web application which is connected through an AppSync. Each client calls their own AppSync and other AWS services hosted in their individual accounts. Separate accounts are created since these clients have confidential information to be stored in RDSs, etc. Is there a way to use a centralized AppSync but have to navigate to each account depending on the user? Or any other suggestions to improve the architectural design?

1 Answer


  • Utilize AWS Organizations for centralized management of client accounts and enable Single Sign-On (SSO) through either AWS SSO or Cognito. Each client's web application can then assume a role within their respective accounts to initiate API calls to backend services hosted in a centralized "server" account. These services include AppSync, RDS multi-AZ cross-region read replicas, S3, and others.
  • Another suggestion would be to configure AppSync to use IAM roles to authenticate and authorize access to the backend AWS resource


answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions