Let's review a particular project in detail and the cost of infrastructure maintenance. And so, we have an internal WEB application that consists of a static website on React, a backend on Go, and a database DynamoDB. All code is stored on Github and for CI/CD we use Github Actions. The infrastructure code is defined in Terraform.
All traffic from clients is received by CloudFront, which acts as a CDN. With it, we can increase page load speed and reduce the load on the backend and frontend by requests caching.
Further, depending on the requested prefix (all except /api/* goes to the frontend part) requests go to S3 or ALB. S3 has the functionality to serve static websites, so it is fully suitable for this task, it is also possible to implement different types of routing depending on the requests.
At ALB, we authorize clients using AWS Cognito, which has extensive functionality for working with different types of authorization and registration.
Important note: when using the ALB+CloudFront bunch, remember to close your balancers (so that traffic can only go through CloudFront), as this will help you avoid problems with direct attacks on the balancer (DDoS). And for more protection, use WAF and Shield services.
And later we transfer the execution request to AWS ECS (Fargate) cluster. Thanks to this, we get autoscaling basically from the box, the ability to configure access to other resources (IAM), logs and metrics (sent to CloudWatch), and much more.
AWS Docker registry stores Docker images which will be later used in ECS. Thanks to the image tagging policy as well as the image rotation, we have achieved efficient and easy work during deploys and troubleshooting sessions.
Important: Even though Docker Registry is a pretty secure service, you shouldn't insert secret values (passwords, configurations, ssh keys, and so on) into your docker images. You can soon learn about 5 tips for working with docker in our blog.
You are most likely interested in how much it costs to work, I bring the calculations for the current month (the application has been running for more than 1.5 years).
Important: only the basic services shown in the diagram are included in the price.
Let's take the information from the balancer about the number of requests, and see that this month the production environment received about 10k requests, and the dev slightly more than 5k.
Let's take the load of the production environment in 10k ALB requests per month as a basis.
ECS < $20
2 tasks average: 1 at night, 2 at rush hours
0.25 vCPU ~ $15
512 MB Memory ~ $4
ALB < $20
DynamoDB < $10
Cloudfront < $2
Cloudwatch < $1
Cognito
5k users via social = $5.5
5k users via SAML or OIDC = $15
Previously published at https://cloudy.builders/tpost/v8b6i0hgsp-infrastructures-for-web-projects-in-aws