Is it possible to deploy a small HTTPS web app on Fargate, internet accessible, without using a load balancer?
We are looking into possibly deploying a small admin panel for our business customers, customized for each customer.
This might end up requiring hundreds of separate web apps. They can all be subdomains of a single domain, using a wildcard certificate from ACM. They are all small and won't have much traffic, hence it seems like Fargate would be a good fit for this. Scaling and routing to multiple instances won't be necessary so a load balancer also seems unnecessary.
The databases would be hosted in Aurora.
The issue is the current quotas on load balancers, unless AWS doesn't have a problem with a service quota increase request for 1000 load balancers. Or am I going about this completely the wrong way?
tl;dr: What's the best way to run possibly a thousand different small web apps in aws?
Have you considered AWS API Gateway->Lambda? You'll find examples of running lightweight web frameworks like Flask and ExpressJS using this architecture. API Gateway would then let you provide authN/Z callouts and then you could use domain name or path as the variable to dynamically render display. CloudFront or ElasticCache could be used for custom content if page load speed is a concern. This is kind of one logical app vs. thousands but you won't need to manage container lifecycles and such so should be much cleaner operationally.
Unfortunately, we have a requirement to use a specific cms as part of the web app at the moment. I don't think we can set this up using lambda functions. At some point in the future we will refactor the infrastructure to use a proper multi-tenancy framework, but it is not possible to do this with our current timeline. We're looking at "quick and dirty" solution that can be quickly deployed per customer in the interim, even though it will mean many web apps.
Given the comment / reply to Clay_B, I'd say, you won't be able to use ACM with "bare containers" but if what you want to avoid is the LB costs (I say that because within a LB you can have rules and redirect to containers based on paths/urls rather easily), maybe something like caddy or traefik could deal with the ingress and certificates for you, and based on similar rules (hostname/url/path) route the traffic to the appropriate service in ECS.
If you still want to use ACM but only 1 LB, then you can still do that with, again, something like Traefik
NLB -> Traefik -> App, similar to https://labs.compose-x.io/apps/traefik_ecs_part1.html
Traefik will use ECS to do services discovery, so, as long as you set the labels correctly on your containers, you can have 100s of services, scale them accordingly, whilst keeping them very small.
Or maybe even better, using appmesh to route the traffic instead of something else, which would get you full AWS Support, and is very powerful.
Thanks John, I will look at Traefik!
Is there a way to Implement WebSockets on AWS’s ELB (Elastic Load Balancer)asked 2 years ago
HTTPS without a custom domain?asked 5 years ago
Is it possible to deploy a small HTTPS web app on Fargate, internet accessible, without using a load balancer?asked 23 days ago
Blue/Green deployments in ECS & Service Mesh for services without ELBAccepted Answerasked 2 years ago
How to use elastic IPs without exposing traffic to the internetasked 3 years ago
Load balancer HTTPS to EC2 instance through HTTPasked 3 years ago
Blue/Green on Fargate Load Balancer swap Target Group after deployasked 2 years ago
Fargate minimum task set to one with load balancerAccepted AnswerMODERATORasked 2 years ago
CVE-2021-23017 issue for services running behind Network load balancerasked 7 months ago
Small Scale VOD Streaming - Am I looking in the right place?asked 3 months ago