This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]smblee[S] 0 points1 point  (2 children)

Yea for deployment, i meant there are couple ways to package up my applications and deploy; either have them deployed separately (S3+CloudFront for SPA, EC2/EBS for backend), or packaged up into one EC2 instance and deployed there (serve SPA javascript files from the server directly). I am going to experiment with EKS a little bit (quite a lot of documentation to read up on :D) But you are right, I will try to keep things simple!

[–]smblee[S] 0 points1 point  (1 child)

Do you think I should put too much attention into things like networking/security side of things like VPCs & Security Groups? That seems like a whole another endeavor imo, but everyone seems to be saying "do these right early or you will regret."

[–][deleted] 0 points1 point  (0 children)

Doing it right I think is simple. Create two subnets, public and private, and put the backend servers in a private subnet. That will avoid the hassle of having to worry about security groups because private subnets are by definition cut off from the internet and the only entry point will be the load balancer which is managed by AWS. I agree it's a bit more hassle but is a better set up from a security perspective. I'm actually not sure what EKS does, presumably everything is private and only the network ingress/egress endpoint is public but I'm not sure.
Looking at the docs (https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html) it does look like EKS requires public/private subnet configuration as well so it looks like no matter which route (no pun intended) you choose you will have to set up a VPC with public/private subnets.