For a fintech startup, I am looking for a secure "bank-grade", scalable architecture reference, especially for protecting the back-end.
The public web app and mobile apps would use AWS Cognito for authentication (Amplify environment for hosting etc.). Anyone can register/log in and manage their profile info. The public facing setup is relatively straight-forward.
As for the back-end, beside the database (PostgreSQL) and custom logic (.NET on EC2), employees of the company must be able to access a private web-based front-end "dashboard" for managing registered user's data (those who registered on the public app).
For simplicity, narrowing the scope down to the resources only an employee would be able to access, assuming the private deployment of the sample ( https://github.com/aws-samples/aws-netcore-aspnetmvc-amazon-cognito-authentication-authorization-samples ) , with the front-end used as the employee dashboard, what is the best combination of AWS services with a private VPC to allow an employee to access the dashboard only, but without a public IP of the dashboard?
- What is the most secure architecture to host and entirely hide the back-end, but also host a private web-based dashboard that is only accessible to employees of the company? Which AWS services are the best for this scenario? Are there any templates or samples available?
Thank you in advance!