Key components of an AWS web hosting architecture
The following sections outline some of the key components of a web hosting architecture deployed in the AWS Cloud, and explain how they differ from a traditional web hosting architecture.
Network management
In the AWS Cloud, the ability to segment your network from that of other customers
enables a more secure and scalable architecture. While security groups provide host-level
security (see the Host Security section), Amazon Virtual Private Cloud
Amazon VPC is a service that gives you full control over the details of your networking setup in AWS. Examples of this control include creating public-facing subnets for web servers, and private subnets with no internet access for your databases. Additionally, Amazon VPC enables you to create hybrid architectures by using hardware virtual private networks (VPNs), and use the AWS Cloud as an extension of your own data center.
Amazon VPC also includes IPv6
Content delivery
When your web traffic is geo-dispersed, it’s not always feasible and certainly not cost
effective to replicate your entire infrastructure across the globe. A Content Delivery Network
You can use CloudFront to deliver your website, including dynamic, static, and streaming
content, using a global network of edge locations. CloudFront automatically routes requests
for your content to the nearest edge location, so content is delivered with the best
possible performance. CloudFront is optimized to work with other AWS services, like Amazon S3
Like other AWS services, there are no contracts or monthly commitments for using CloudFront – you pay only for as much or as little content as you actually deliver through the service.
Additionally, any existing solutions for edge caching in your web application infrastructure should work well in the AWS Cloud.
Managing public DNS
Moving a web application to the AWS Cloud requires some Domain Name System
Host security
In addition to inbound network traffic filtering at the edge, AWS also recommends web
applications apply network traffic filtering at the host level. Amazon EC2
You can assign one or more security groups to each EC2 instance. Each security group allows appropriate traffic in to each instance. Security groups can be configured so that only specific subnets, IP addresses, and resources have access to an EC2 instance. Alternatively, they can reference other security groups to limit access to EC2 instances that are in specific groups.
In the AWS web hosting architecture in Figure 3, the security group for the web server
cluster might allow access only from the web-layer Load Balancer and only over TCP on ports
80 and 443 (HTTP and HTTPS). The application server security group, on the other hand, might
allow access only from the application-layer Load Balancer. In this model, your support
engineers would also need to access the EC2 instances, what can be achieved with AWS Systems Manager Session Manager. For a deeper discussion on security, see
AWS Cloud Security
Load balancing across clusters
Hardware load balancers are a common network appliance used in traditional web
application architectures. AWS provides this capability through the Elastic Load Balancing
Finding other hosts and services
In the traditional web hosting architecture, most of your hosts have static IP addresses. In the AWS Cloud, most of your hosts have dynamic IP addresses. Although every EC2 instance can have both public and private DNS entries and will be addressable over the internet, the DNS entries and the IP addresses are assigned dynamically when you launch the instance. They cannot be manually assigned. Static IP addresses (Elastic IP addresses in AWS terminology) can be assigned to running instances after they are launched. You should use Elastic IP addresses for instances and services that require consistent endpoints, such as primary databases, central file servers, and EC2-hosted load balancers.
Caching within the web application
In-memory application caches can reduce load on services and improve performance and
scalability on the database tier by caching frequently used information. Amazon ElastiCache