Redesign of a Client-Server Architecture

0

Hello, Our current client-server architecture is for each client there is a separate AWS account and for the server, one account is there. Each client account has an EC2 instance running a web application which is connected through an AppSync. Each client calls their own AppSync and other AWS services hosted in their individual accounts. Separate accounts are created since these clients have confidential information to be stored in RDSs, etc. Is there a way to use a centralized AppSync but have to navigate to each account depending on the user? Or any other suggestions to improve the architectural design?

1개 답변
1

Hello,

  • Utilize AWS Organizations for centralized management of client accounts and enable Single Sign-On (SSO) through either AWS SSO or Cognito. Each client's web application can then assume a role within their respective accounts to initiate API calls to backend services hosted in a centralized "server" account. These services include AppSync, RDS multi-AZ cross-region read replicas, S3, and others.
  • Another suggestion would be to configure AppSync to use IAM roles to authenticate and authorize access to the backend AWS resource

Thanks

답변함 3달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠