Architecture overview
Deploying this solution with the required and optional templates, using default parameters, builds the following environment in the AWS Cloud.
The AWS CloudFormation templates deploy the following infrastructure:
-
An Amazon CloudFront
distribution to deliver public API calls for the client. -
Amazon API Gateway
public API resources to process queue requests from the virtual waiting room, track the queue position, and support validation of tokens that allow access to the target website. -
An Amazon Simple Queue Service
(Amazon SQS) queue to regulate traffic to the AWS Lambda function that processes the queue messages. Instead of invoking the Lambda function for each request, the SQS queue batches the incoming bursts of requests. -
API Gateway private API resources to support administrative functions.
-
Lambda functions to validate and process public and private API requests, and return the appropriate responses.
-
Amazon Virtual Private Cloud
(VPC) to host the Lambda functions that interact directly with the Elasticache (Redis OSS) cluster. VPC endpoints allow Lambda functions in the VPC to communicate with services within the solution. Additionally, NAT gateway allows Lambda functions in the VPC to connect CloudFront endpoints and invalidate the cache as required. -
An Amazon CloudWatch
rule to invoke a Lambda function that works with a custom Amazon EventBridge bus to periodically broadcast status updates. -
Amazon DynamoDB
tables to store token, queue position, and serving counter data. -
AWS Secrets Manager
to store keys for token operations and other sensitive data. -
(Optional) Authorizer component consisting of an AWS Identity and Access Management
(IAM) role and a Lambda authorizer function for use with API Gateway. -
(Optional) Amazon Simple Notification Service
(Amazon SNS), CloudWatch, and Lambda functions to support two inlet strategies. -
(Optional) OpenID adaptor component with API Gateway and Lambda functions to allow an OpenID provider to authenticate users to your website. CloudFront distribution with an Amazon Simple Storage Service
(Amazon S3) bucket for the waiting room page for this component. -
(Optional) CloudFront distribution with Amazon S3 origin bucket for the sample waiting room web application.