By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Redesign of a Client-Server Architecture

0

Hello, Our current client-server architecture is for each client there is a separate AWS account and for the server, one account is there. Each client account has an EC2 instance running a web application which is connected through an AppSync. Each client calls their own AppSync and other AWS services hosted in their individual accounts. Separate accounts are created since these clients have confidential information to be stored in RDSs, etc. Is there a way to use a centralized AppSync but have to navigate to each account depending on the user? Or any other suggestions to improve the architectural design?

Topics
ServerlessFront-End Web & MobileApplication IntegrationSecurity, Identity, & ComplianceAWS Well-Architected FrameworkManagement & Governance
Tags
AWS AppSyncSecurity, Identity, & ComplianceAWS Well-Architected FrameworkAWS Account Management
Language
English
Jehan
asked 2 months ago472 views
1 Answer
1

Hello,

  • Utilize AWS Organizations for centralized management of client accounts and enable Single Sign-On (SSO) through either AWS SSO or Cognito. Each client's web application can then assume a role within their respective accounts to initiate API calls to backend services hosted in a centralized "server" account. These services include AppSync, RDS multi-AZ cross-region read replicas, S3, and others.
  • Another suggestion would be to configure AppSync to use IAM roles to authenticate and authorize access to the backend AWS resource

Thanks

Abhinav Chauhan
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content