By using AWS re:Post, you agree to the Terms of Use

Questions tagged with VPC Virtual Private Gateway

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Secure architecture with two front-ends and private back-end

For a fintech startup, I am looking for a secure "bank-grade", scalable architecture reference, especially for protecting the back-end. The public web app and mobile apps would use AWS Cognito for authentication (Amplify environment for hosting etc.). Anyone can register/log in and manage their profile info. The public facing setup is relatively straight-forward. As for the back-end, beside the database (PostgreSQL) and custom logic (.NET on EC2), employees of the company must be able to access a private web-based front-end "dashboard" for managing registered user's data (those who registered on the public app). For simplicity, narrowing the scope down to the resources only an employee would be able to access, assuming the private deployment of the sample ( https://github.com/aws-samples/aws-netcore-aspnetmvc-amazon-cognito-authentication-authorization-samples ) , with the front-end used as the employee dashboard, what is the best combination of AWS services with a private VPC to allow an employee to access the dashboard only, but without a public IP of the dashboard? - What is the most secure architecture to host and entirely hide the back-end, but also host a private web-based dashboard that is only accessible to employees of the company? Which AWS services are the best for this scenario? Are there any templates or samples available? Thank you in advance!
1
answers
0
votes
45
views
asked 3 months ago

In CDK, how do you enable `associatePublicIpAddress` in an AutoScalingGroup that has a `mixedInstancesPolicy`?

I'm using AWS CDK and am trying to enable the associatePublicIpAddress property for an AutoScalingGroup that's using a launch template. My first attempt was to just set `associatePublicIpAddress: true`, but I get this error (https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-autoscaling/lib/auto-scaling-group.ts#L1526-L1528) ```typescript // first attempt new asg.AutoScalingGroup(this, 'ASG', { associatePublicIpAddress: true, // here minCapacity: 1, maxCapacity: 1, vpc, vpcSubnets: { subnetType: SubnetType.PUBLIC, onePerAz: true, availabilityZones: [availabilityZone], }, mixedInstancesPolicy: { instancesDistribution: { spotMaxPrice: '1.00', onDemandPercentageAboveBaseCapacity: 0, }, launchTemplate: new LaunchTemplate(this, 'LaunchTemplate', { securityGroup: this._securityGroup, role, instanceType machineImage, userData: UserData.forLinux(), }), launchTemplateOverrides: [ { instanceType: InstanceType.of( InstanceClass.T4G, InstanceSize.NANO ), }, ], }, keyName, }) ``` ```typescript // I hit this error from the CDK if (props.associatePublicIpAddress) { throw new Error('Setting \'associatePublicIpAddress\' must not be set when \'launchTemplate\' or \'mixedInstancesPolicy\' is set'); } ``` My second attempt was to not set `associatePublicIpAddress` and see if it gets set automatically because the AutoScalingGroup is in a public availablity zone with an internet gateway. However, it still doesn't provision a public ip address. Has anyone been able to create an autoscaling group with a mix instance policy and an associated public ip?
1
answers
0
votes
49
views
asked 3 months ago