By using AWS re:Post, you agree to the Terms of Use
/Is it possible to deploy a small HTTPS web app on Fargate, internet accessible, without using a load balancer?/

Is it possible to deploy a small HTTPS web app on Fargate, internet accessible, without using a load balancer?


We are looking into possibly deploying a small admin panel for our business customers, customized for each customer.

This might end up requiring hundreds of separate web apps. They can all be subdomains of a single domain, using a wildcard certificate from ACM. They are all small and won't have much traffic, hence it seems like Fargate would be a good fit for this. Scaling and routing to multiple instances won't be necessary so a load balancer also seems unnecessary.

The databases would be hosted in Aurora.

The issue is the current quotas on load balancers, unless AWS doesn't have a problem with a service quota increase request for 1000 load balancers. Or am I going about this completely the wrong way?

tl;dr: What's the best way to run possibly a thousand different small web apps in aws?

2 Answers

Have you considered AWS API Gateway->Lambda? You'll find examples of running lightweight web frameworks like Flask and ExpressJS using this architecture. API Gateway would then let you provide authN/Z callouts and then you could use domain name or path as the variable to dynamically render display. CloudFront or ElasticCache could be used for custom content if page load speed is a concern. This is kind of one logical app vs. thousands but you won't need to manage container lifecycles and such so should be much cleaner operationally.

answered 23 days ago
  • Unfortunately, we have a requirement to use a specific cms as part of the web app at the moment. I don't think we can set this up using lambda functions. At some point in the future we will refactor the infrastructure to use a proper multi-tenancy framework, but it is not possible to do this with our current timeline. We're looking at "quick and dirty" solution that can be quickly deployed per customer in the interim, even though it will mean many web apps.


Given the comment / reply to Clay_B, I'd say, you won't be able to use ACM with "bare containers" but if what you want to avoid is the LB costs (I say that because within a LB you can have rules and redirect to containers based on paths/urls rather easily), maybe something like caddy or traefik could deal with the ingress and certificates for you, and based on similar rules (hostname/url/path) route the traffic to the appropriate service in ECS.

If you still want to use ACM but only 1 LB, then you can still do that with, again, something like Traefik

NLB -> Traefik -> App, similar to

Traefik will use ECS to do services discovery, so, as long as you set the labels correctly on your containers, you can have 100s of services, scale them accordingly, whilst keeping them very small.

Or maybe even better, using appmesh to route the traffic instead of something else, which would get you full AWS Support, and is very powerful.

answered 23 days ago
  • Thanks John, I will look at Traefik!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions