5

Introduction

I've got the following architecture deployed on Amazon AWS.

High level architecture

The goal is to expose a web application (single page application) acting as an entrypoint at https://app.acmecorp.com. This is a single page application that :

  • serves static resources (html / js / css)
  • needs to access the REST backend via javascript

Backend

The idea is to have the backends deployed in an Elastic Container Service Cluster (via docker). These are then spawned / auto-scaled into target groups that are being served by a loadbalancer. The backend is exposed via https://backend.acmecorp.com. (a DNS CNAME pointing to the AWS loadbalancer)

Frontend

The single page application is deployed in an Amazon S3 Bucket, and exposed via the S3 static site hosting. (http://frontend.s3-website-us-west-2.amazonaws.com). This could also be exposed via a DNS CNAME at http://frontend.acmecorp.com

Reverse Proxy

What I would like to have is the following. Users access the application via https://app.acmecorp.com. This should serve the static content. To avoid CORS setup, I would like the single page app to be able to make API calls from that domain calls to /api, so calls to https://app.acmecorp.com/api/** should map to the backend.

Obviously this can be done with something like Nginx, but I was wondering if there was something that Amazon offers for this, and what kind of building blocks would be required to have this functionality

ddewaele
  • 333
  • 1
  • 4
  • 12
  • I initially thought ALB would do it, but it seems to only accept EC2 endpoints. I wonder if a CloudFront distribution can do it, but I haven't tested that. I think Nginx or HAProxy are your safe bet here (I believe is what runs ELB and probably ALB), but I'd look into CF first. – Tim Feb 20 '17 at 18:45
  • CloudFoundry can front both S3 buckets and ELB instances, but not both. Its not meant to be setup as a reverse proxy I think but more as a pure content delivery system for either S3 / ELB. – ddewaele Feb 21 '17 at 11:05
  • If you can't create different origins that go to different locations, I wonder if you can create multiple distributions that match different path strings that would do a similar job. – Tim Feb 21 '17 at 17:59

1 Answers1

3

You may accomplish your goal with Cloudfront and a reverse proxy approach:

  1. First create your distribution with app.acmecorp.com as allomed CNAME and upload a custom SSL certificate for this subdomain.

  2. Create two origins, one pointing to your bucket and another pointing to your API Load Balancer. These two origins will be used later when you configure your CDN behaviors.

  3. Create a behavior for /api that has your balancer as origin, passing all of the headers to origin (which effectively disables the edge caches)

  4. Configure the default behavior to point to your S3 bucket.

  5. Finally, point your app.acmecorp.com to the CDN endpoint in DNS.

Cloudfront origins and behaviors have many more options you must take care, but the basics to fulfill your needs are there.

ma.tome
  • 1,169
  • 8
  • 15
  • Of course, You may also simply use Cloudfron+SSL certificate in front of your S3 bucket to keep using separate subdomains. The point here is that S3 does not support custom certificates and Cloudfront does. – ma.tome Mar 09 '17 at 00:09