Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Redesign of a Client-Server Architecture

0

Hello, Our current client-server architecture is for each client there is a separate AWS account and for the server, one account is there. Each client account has an EC2 instance running a web application which is connected through an AppSync. Each client calls their own AppSync and other AWS services hosted in their individual accounts. Separate accounts are created since these clients have confidential information to be stored in RDSs, etc. Is there a way to use a centralized AppSync but have to navigate to each account depending on the user? Or any other suggestions to improve the architectural design?

Themen
ServerlosFrontend-Web & MobileAnwendungsintegrationSicherheit, Identität & KonformitätAWS Framework mit guter StrukturManagement & Unternehmensführung
Tags
AWS AppSyncSicherheit, Identität & KonformitätAWS Framework mit guter StrukturAWS Kontoverwaltung
Sprache
English
Jehan
gefragt vor 3 Monaten484 Aufrufe
1 Antwort
1

Hello,

  • Utilize AWS Organizations for centralized management of client accounts and enable Single Sign-On (SSO) through either AWS SSO or Cognito. Each client's web application can then assume a role within their respective accounts to initiate API calls to backend services hosted in a centralized "server" account. These services include AppSync, RDS multi-AZ cross-region read replicas, S3, and others.
  • Another suggestion would be to configure AppSync to use IAM roles to authenticate and authorize access to the backend AWS resource

Thanks

Abhinav Chauhan
beantwortet vor 3 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt