Secure architecture with two front-ends and private back-end

0

For a fintech startup, I am looking for a secure "bank-grade", scalable architecture reference, especially for protecting the back-end.

The public web app and mobile apps would use AWS Cognito for authentication (Amplify environment for hosting etc.). Anyone can register/log in and manage their profile info. The public facing setup is relatively straight-forward.

As for the back-end, beside the database (PostgreSQL) and custom logic (.NET on EC2), employees of the company must be able to access a private web-based front-end "dashboard" for managing registered user's data (those who registered on the public app).

For simplicity, narrowing the scope down to the resources only an employee would be able to access, assuming the private deployment of the sample ( https://github.com/aws-samples/aws-netcore-aspnetmvc-amazon-cognito-authentication-authorization-samples ) , with the front-end used as the employee dashboard, what is the best combination of AWS services with a private VPC to allow an employee to access the dashboard only, but without a public IP of the dashboard?

  • What is the most secure architecture to host and entirely hide the back-end, but also host a private web-based dashboard that is only accessible to employees of the company? Which AWS services are the best for this scenario? Are there any templates or samples available?

Thank you in advance!

1 Answer
0

Take a look at this: Fintech Blueprint on AWS. It is using Client VPN connections for the internal employees.

This is another one that is a little more complicated, Compliant Framework for Federal and DoD Workloads in AWS GovCloud (US). You don't have to run this architecture in GovCloud.

profile pictureAWS
EXPERT
kentrad
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions