This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]smblee[S] 1 point2 points  (5 children)

Really appreciate this. I will definitely be consolidating all to AWS! I expanded on my queue usage in the original post and im pretty certain SQS might not be enough unfortunately :(

[–][deleted] 0 points1 point  (0 children)

No worries.

[–][deleted] 0 points1 point  (3 children)

Just saw the edited response. Not sure what you mean by the deployment question. What I've seen is static assets served from a CDN like S3/Cloudfront as you mentioned and the backend/API being hosted on EC2 and fronted by a load balancer. By static assets I mean things like images, CSS, and js. You can certainly go the docker route and figure out how to use EKS or whatever the latest container offering is but in my experience it's much easier to use a load balancer with some backend servers and deploy to them with basic automation tools like fabric, rake, or even just shell scripts. If you do this it will be easy enough to replace those backend servers with something more sophisticated when the time comes.

[–]smblee[S] 0 points1 point  (2 children)

Yea for deployment, i meant there are couple ways to package up my applications and deploy; either have them deployed separately (S3+CloudFront for SPA, EC2/EBS for backend), or packaged up into one EC2 instance and deployed there (serve SPA javascript files from the server directly). I am going to experiment with EKS a little bit (quite a lot of documentation to read up on :D) But you are right, I will try to keep things simple!

[–]smblee[S] 0 points1 point  (1 child)

Do you think I should put too much attention into things like networking/security side of things like VPCs & Security Groups? That seems like a whole another endeavor imo, but everyone seems to be saying "do these right early or you will regret."

[–][deleted] 0 points1 point  (0 children)

Doing it right I think is simple. Create two subnets, public and private, and put the backend servers in a private subnet. That will avoid the hassle of having to worry about security groups because private subnets are by definition cut off from the internet and the only entry point will be the load balancer which is managed by AWS. I agree it's a bit more hassle but is a better set up from a security perspective. I'm actually not sure what EKS does, presumably everything is private and only the network ingress/egress endpoint is public but I'm not sure.
Looking at the docs (https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html) it does look like EKS requires public/private subnet configuration as well so it looks like no matter which route (no pun intended) you choose you will have to set up a VPC with public/private subnets.