I am creating an Angular 6 frontend application. My backend api are created in DotNet. Assume the application is similar to https://www.amazon.com/.
My query is related to frontend portion deployment related only, on AWS. Large number of users with variable count pattern are expected on my portal. I thought of using AWS elastic beanstalk as PAAS web server.
Can AWS S3/ ELB be used instead of PAAS beanstalk without any limitations?
I'm not 100% sure what you mean by combining an Elastic Load Balancer with S3. I think you may be confused as to the purpose of the ELB, which is to distribute requests to multiple servers e.g. NodeJS servers, but cannot be used with S3 which is already highly available.
There are numerous options when serving an Angular app:
You could serve the files using a nodejs app, but unless you are doing server-side rendering (using Angular Universal), then I don't see the point because you are just serving static files (files that don't get stitched together by a server such as when you use PHP). It is more complicated to deploy and maintain a server, even using Elastic Beanstalk, and it is probably difficult to get the same performance as you could do with other setups (see below).
What I suspect most people would do is to configure an S3 bucket to host and serve the static files of your Angular app (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html). You basically configure your domain name to resolve to the S3 bucket's url. This is extremely cheap, as you are not paying for a server which is running constantly, but rather only have to pay the small storage cost and plus a data transfer fee which would be directly proportional to your traffic.
You can further improve on the S3 setup by creating a CloudFront distribution that uses your S3 bucket as it's origin (the location that it get files from). When you configure your domain name to resolve to your CloudFront distribution, then instead of a user's request getting the files from the S3 bucket (which could be in a region on the other side of the world and so slower), the request will be directed to the closest "edge location" which will be much closer to your user, and check if files are cached there first. It is basically a global content delivery network for your files. This is a bit more expensive than S3 on it's own. See https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-serve-static-website/.
Related
I'm basically trying to setup review apps where our CI spins up a review app such as review-app-<tag>.review.ourdomain.com based on push to a git branch.
Our CI spins up a new elastic beanstalk environment per review app. I currently have a wildcard SSL cert hooked up to our domain, which works properly.
Now, I need to figure out how to get https to work for our review apps. One solution would be to leverage Cloudflare's API to add DNS records that point review-app-<tag>.review to the appropriate elastic beanstalk instance's load balancer. However, DNS takes a while to propagate sometimes so it's not a great solution especially for CI workflows.
How can I get this to work without modifying DNS records? Is there a hack that could be put in place by modifying our Nginx config or using a Shared Application Load Balancer?
If I host a website on AWS EC2 with Elastic IP and I want to limit access to this website from US region users only, Is there any easy way to do this? Website is powered by Apache.
According to this link .htaccess could be an option but didn't find a way to exclusively lock down my website to US region users only.
I will limit my answer to Amazon services.
Being able to block access by world location is an important issue today. With all of the various government regulations regarding where content is located / stored, controlling access may be a legal requirement in some situations.
Amazon has three services that support geolocation: Route53, CloudFront, and WAF (Web Application Firewall). No service is completely bulletproof but given the size of Amazon's network, all of the certifications, government compliance, etc. I tend to believe Amazon's geolocation would be better than a homebrew setup.
Your question specifies Elastic IP address. I am not aware of an Amazon service that supports geolocation blocking for your EIP. Instead, you will want to use Route53 and create a resource record set (RRS) or commonly called domain name or sub domain name to that EIP. Then put the server either in a private subnet, or put the front end service (CloudFront and/or ALB) in the same security group to limit who can access the EIP. Note: private subnets do not support EIP and are not required for ALB.
Configure geolocation as part of the setup for Route53, CloudFront or WAF (better a combination of these services). You can select the parts of the world (e.g. United States) to accept traffic from and block everybody else.
If I was building a small setup that did not require auto-scaling, I would use Route53 and CloudFront in front of my server. For higher fault-tolerance and high availability I would put the servers into a private subnet and add a load balancer with ASG (Auto Scaling Group) behind CloudFront and Route53 and add WAF to CloudFront (or the ALB).
Amazon VPCs via NACLs and Security Groups do not support any form of geolocation. Security Groups and NACLs are just very fast firewalls with a specific feature set. A VPN could be used if the customer base is tightly controlled (e.g. a group of developers or business partners) but would be untenable for a publicly accessed web server (e.g. customer portal). One might think that usernames or SSH keys could be used, but this does not control geography just authentication. A user could still access a server in France from Russia. If the requirement is geolocation, then the three Amazon services in the thread are good choices for geolocation based policies.
Route53:
Geolocation Routing
CloudFront:
Restricting the Geographic Distribution of Your Content
Amason WAF:
Working with Geographic Match Conditions
You could use Cloudfront geoblocking. Block all but US. You will not 100% be able to block. You can spoof Ip and locations, but it's a start.
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/georestrictions.html
There several Cloud Native options available in AWS that could be used to restrict users to a particular region.
Using AWS CloudFront Geo Restrictions
Using AWS CloudFront + AWS WAF with Geo Matching Conditions (Where you can do the Geo Restriction and Other IP based Whitelisting).
If you plan to use AutoScaling and Load Balancing (For Application Load Balancer), then you can attach AWS WAF to Load Balancer with Geo Matching Conditions Configured.
How do I host a http server at front, while multiple tomcat server behind it in EC2?
Do we need to do session and cookie management or does EC2 has it inbuild?
Can we stream images and static resources through some other server while dynamic content from tomcat?
Check out the Java support in AWS Elastic Beanstalk. It handles the load balancing, auto scaling, metrics and deployment for you. Deploy your static assets to S3 + CloudFront instead of keeping them inside your application bundle.
There are multiple ways to host a webserver in front and redirect requests to multiple tomcat servers in backend. Assuming you have webserver and multiple tomcat servers deployed over a EC2 and tomcat. Using ajp or mod_proxy or mod_jk, you can redirect requests hitting on your webserver to your backend tomcat servers.
By default, AWS does not provide cookie or session management. You can use AWS Elasticache for session management.
Yes, you can upload your images and other static content on Amazon S3 and deliver it from S3 itself or using CloudFront (CDN) while your dynamic requests are coming to your tomcat servers.
Your questions was too broad. If you provide more details, we can help more.
Thanks
Sanket
Is it possible to use Amazon Simple Storage Service (S3) for folders & files on a .net site?
Background:
I have 200 websites sites and I would like to have a single common code base. Right now they are on a single dedicated server. I plan to move them to an EC2 server.
As you can see, some of the folders & files are not on S3 and some are.
Admin Panel - is a folder that requires authentication - is this an issue?
/Bin/ - contains DLL's - is this an issue?
EC2 is normal Windows Server like your current dedicated server. You remote desktop into it, install whatever you need, setup IIS etc.
S3 on the other hand is just a storage device. Think of it like a big NAS device. So you can use it to serve your static content (possible in conjunction with Cloudfront) but the actual website (Dlls, aspx pages etc) will have to be on EC2 in IIS.
I'm hoping to reach someone with some experience using a service like Amazon's S3 with this question. On my site we have a dedicated image server. And on this server, we have an automatic 404 redirect through Apapche so that, if a user tries to access an image that doesn't exist, they'll see a snazzy "Image Not Available" image.
We're looking to move the hosting of these images to a cloud storage solution (S3 or Rackspace's CloudFiles), and I'm wondering if anyone's had any success replicating this behavior on a cloud storage service and if so how they did it.
THe Amazon instances are just like normal hosted server instances once they are up and running so your Apache configuration could assumedly be identical to what you currently have.
Your only issue will be where to store the images. The new Amazon Elastic Block Store makes it easy to mount a drive based on S3 backed data. You could store all your images on such a volume and use it with your Apache instance.