AWS Projects

Hybrid Cloud Network Architecture

A hybrid cloud design aimed for high availability, redundancy, and security. This architecture is influenced by cybersecurity secure design principles such as Defense in Depth, Zero Trust, and Network Segmentation

US-West-2 Oregon Region

US-East-1 Northern Virginia Region

EC2 instances and Launch Templates

My EC2 specification: T2 instance family, HTTPS-only security group, public subnet, and RSA login key pair. Launch Templates helped me streamline EC2 instance creation, it mainly standardized configurations. When launching an instance through an Auto Scaling Group, utilizing a Launch Template ensures a consistent setup across multiple instances, reducing manual configuration errors.

Autoscaling

ASG, alongside Launch Template, makes it effortless when it comes to creating and removing EC2 instances based on demand. ASG health checks through AWS CloudWatch, “Target tracking scaling policy” ensures instances are marked healthy/unhealthy for whether instances should receive requests. Specifying minimum, maximum, and desired number of instances in ASG policy helps optimize cost, improve performance, and increase scalability in our AWS cloud infrastructure.

Application Load Balancer

AWS Application Load Balancer (ALB) and Network Load Balancer (NLB) is a crucial element in my architecture, they balance incoming HTTP/HTTPS traffic across multiple EC2 instances to enhance scalability and reliability. It routes traffic to healthy EC2 instances via target groups based on defined rules.

Public/Private Subnet

Public subnets, connected to the internet via an Internet Gateway, host resources like web servers and load balancers that need external access, enabling user-facing applications with controlled security. Private subnets are isolated from direct internet access. It protects sensitive resources like databases, ensuring compliance and security while allowing outbound traffic via a NAT Gateway for updates or API calls. By combining both, we can create a multi-tier architecture, public subnets for external-facing services, and private subnets for internal workloads. This will ultimately minimize attack surfaces and optimize flexibility for application needs.

Transit Gateway

A transit gateway enables efficient routing of network traffic between VPCs, eliminating the need for complex VPC peering configurations. It also supports connectivity to on-premises networks via AWS Direct Connect or VPNs. By using a hub-and-spoke model, Transit Gateway reduces operational overhead, enhances security through centralized route management, and supports advanced features like inter-region peering. These attributes make Transit Gateway ideal for large-scale, distributed architectures.

Amazon RDS

Configured and set up in multi-AZ mode to achieve redundancy, synchronized replication and enhanced performance. Read replicas in Amazon RDS are crucial for managing read-heavy workloads from the primary database, improving performance and scalability for applications with high read demands. Asynchronous replication ensures read replicas stay nearly in sync with the primary database, enabling efficient data distribution across regions with minimal latency. Together, they enhance application availability, support disaster recovery, and allow for better load balancing in high-traffic environments. 

Amazon Athena – Amazon S3 Buckets

Amazon Athena and S3 work together to enable serverless, interactive querying of data stored in S3 buckets using standard SQL. We store raw data (CSV or JSON) in S3, and Athena uses metadata from the AWS Glue Data Catalog to understand the data’s structure, allowing us to run SQL queries directly on the data without moving or transforming it. Athena processes these queries in a serverless environment, retrieving results from S3 and storing the output back in a designated S3 bucket, making it an efficient, scalable solution for analyzing large datasets.