It assumes a closed network scenario and is a template for deploying applications and batch systems accessible from that environment to AWS. It consists of AWS CDK and Web server sample applications that via CI/CD (AWS CodePipelie) will be deployed to private networks.
In local government systems that require a high level security and network restrictions, we need to configure our architecture with characteristics from on-premise, like "Closed area networks" and "Allow NW access routes from AWS to on-premise network". We designed the template so that these type of systems can be deployed on AWS.
We will adopt REPLATFORM, one of the 6Rs, which is AWS's migration strategy, and aims to migrate from an existing on-premise environment to computing and managed DB using containers. REPLATFORM has advantages such as improving performance and reducing costs. The template uses several AWS managed services that will help us to reduce cost and operational workload. (Ref:Migrating to AWS Best Practices and Strategies
And we added serverless application version of infra that uses AWS Lambda and React application instead of container. Please see here you want to know how to deploy serverless application version.
-
Container execution environment for running Java applications (Spring boot) on Amazon ECS/Fargate
- In addition to this, a sample application using Spring Boot
- A sample Dockerfile to turn that sample application into a container image
- For sample applications, see
Webapp-java/readme.md
-
Serverless application environment for running React application hosted on Amazon S3 and REST API on API Gateway and AWS Lambda.(*)
- A sample application using React
- For sample react application, see
Webapp-react/readme.md. - Sample REST APIs code is in
functions/
-
CI/CD environment for continuous application development
- Pipeline for building and deploying the above sample applications using CodePipeline, CodeCommit, and CodeBuild
- A job execution platform combining Step Functions and Amazon ECS/Fargate that can execute simple job flows
-
In addition to this, a Python sample job script
- A sample Dockerfile for turning the sample job script into a container image
- For a sample job script, see
batch/README.md
-
Maintenance environment for checking application operation and managing RDB
- A secure access where you can test applications and manage databases combining SystemsManager and EC2
- Provides remote desktop connections (Windows Server Instances) and SSH connections (Amazon Linux Instances)
- Settings and implementation on the AWS side involved in on-premise connections such as AWS Direct Connect (DX) and AWS Site-to-Site VPN (VPN)
- Please design and implement DX and VPN, which are likely to be necessary for actual use on the user's side
- Application authentication function
- Since this application is a sample, it does not have authentication or authorization functions such as login/logout
- DNS settings for applications
- To check the operation of this template, we will use an endpoint that AWS automatically creates for the ALB
- Operation features
- It does not have integrated management of application and AWS resource logs or the ability to alert and monitor applications
This is the directory tree and its overview.
| Directory | Sub directory | Description |
|---|---|---|
| batch | Creates a batch container application with Dockerfile | |
| src | python scripts sample app | |
| infra | CDK source code for provisioning the following AWS resources - Network (VPC and subnet) - DB (Aurora) - Compute resources for containers (Amazon ECS, Fargate) - CI/CD tools (CodePipeline, CodeCommit, CodeDeploy) - Batch Job Management ( Step Functions, DynamoDB, SNS) |
|
| bin | CDK app source code | |
| lib/constructs | Constructs used to build AWS resources The Core concept explains about what is the difference between Stack and Construct. |
|
| webapp-java | Source code of SpringBoot web app with Dockerfile |
Node.js>=16.13.0npm>=9.2.0aws-cdk>=2.65.0aws-cdk-lib>=2.65.0OpenSSL>=3.0.8Docker
It is assumed that the on-premise NW (on the right side of the image bellow) exists and the AWS network will be connected via Direct Connect or VPN.
This template will deploy AWS resources in the application NW connected by AWS Direct Connect (DX) or AWS Site-to-Site VPN (VPN).
Is important to mention that in addition to configuring NW routes on DX and VPNs, please have a look at using private links for better network desing in this blog post: an AWS Transit Gateway that can also be used with a “shared” AWS DirectConnect.
The template, optionally allows you to provision the architecture by using Private Links. It is recommended for an extra layer of security when designing applications that are deployed in Private networks.
This is the architecture diagram that is slightly modified by using private links for the services:
Please see the following document: infra/README.md If you want to deploy serverless application version, please see the following document: infra/README_serverless.md
See CONTRIBUTING for more information.
This library is licensed under the MIT-0 License. See the LICENSE file.