Web-Application Architecture: From basics to creating an AWS based architecture

My approach to explain the web-application architecture:
1 — We will understand the basic building blocks of a web-application.
2 — We will translate the basic building blocks of the web-application using AWS services.
3 — We will define a robust AWS based web-application architecture.

Let us start by understanding what is a web-application, the simple explanation is that it is an application program that is stored in a remote server and is delivered over the internet through the browser. Today we use different web-applications in our everyday life, some examples are Linkedin, Netflix, Gmail, Amazon Prime Video, etc..

When we break the above definition into different components and assuming that we are creating a prototype that is not deployed on the internet. We come up with the following basic architecture.

Basic web-application and its components

The explanation for the each component in the architecture is as follows:

1 — The application is hosted on the web-server.
2 — The application queries a database, the database contains data supporting the application.
3 — In order to communicate with the application the users need a public IP address which is applied on the browser [4].

The different components and the flow is described in the above diagram, if one translates the exact architecture using AWS services, one would end up with the below architecture.

Basic AWS web-application and its components

The explanation for the each component in the architecture is as follows:

1 — The application is hosted on the web-server, here this is AWS EC2 service, it is a resizable compute service offered by AWS.
2 — The application queries a database, the database contains the data supporting the application, here this is AWS RDS, a fully manageable Relational Database service offered by AWS.
3 — In order to communicate with the application the users need a public IP address which is applied on the browser [4].

The above architectures can be used to build a Proof of Concept, however this is not ready to be productionized because it lacks security, scalability, high availability, resilience and it does not have a domain name or use the internet. The only objective the above architecture satisfies is to be able to understand the components of a application that communicates using a public IP address.

In the next section we will define some basic requirements which every web-application must satisfy.

• The application must be highly scalable, must be highly available, must be able to recover in case of failure.
• The application must have a domain name.
• The application must provide different content based on geographic location.
• The application must ensure protection in case of DDOS attacks and other cyber attacks in case of web exploits, sql injection, cross site scripting attacks.
• The application must be continuously monitored for performance and developers must be notified in case of changes to the performance of the application.
• The application must allow users to access the application using mobile devices.

The architecture to satisfy the above requirements is as follows:

AWS Based Architecture for the Web-Application

The explanation for the each component in the architecture is as follows:

1 — The application is hosted on EC2 instances, in order to resolve for scalability, the application is hosted in an Autoscaling Group. One can control the traffic to allow/deny in the EC2 instances using Security Groups.

2 — In order to have high availability the application is hosted in multiple availability zones.

3 — Traffic is distributed across availability zones using an Elastic Load Balancer.

4 — In order to recover the application during any unfortunate events, one can store the EC2 and database images using AWS S3.

5 — In order to store the application based data, one can use a fully managed relational database like Amazon RDS.

6 — In order to expose the application with a domain name (application URL) and convert the domain name to a public IP one must use a domain name service. In our case this is AWS Route53. One must also protect the application from Distributed Denial of Service (DDOS) attacks, to satisfy this requirement one can use AWS Shield.

7 — Using AWS Web Access Firewall one can define managed rules in order to protect the application from common web exploits, bots that can affect availability, compromise security, sql injection, cross site scripting and consume excessive resources. The managed rules for waf are defined to control the attacks based on http headers, geo-location and frequency of requests.

8 — Cloudfront is the content delivery network service from AWS, one can use this to deliver content based on region, or one can use it to cache the frequent requests

9 — The mobile users can access the application using API gateway, it is a fully managed service to create, publish and secure APIs at any scale.

10 — AWS Lambda is a serverless compute service from AWS that can be used to apply business logic to the applications data.

11 — AWS Cloudwatch is used for continuously monitoring the application’s webservers if they are down, or if they are restarting. Cloudwatch is used to continuously monitor the performance of the application.

12 — AWS GuardDuty is an intelligent threat detection service, it continuously monitors the servers and notifies if a server, database, s3 is compromised, malware, anomalous behavior.

13 — AWS Simple Notification Service is a fully managed messaging service for communication, allowing messaging between decoupled microservices applications or directly to users with SMS. This can notify users for any performance changes in the application.

Conclusion:

The architecture explained is a basic aws based architecture for web-application, depending on the usecase and user requirements one can add/remove services from the architecture.

The architecture shown above is a fully managed architecture, however one can also deploy serverless architecture for web-application using AWS Elastic Beanstalk.

Other Articles:

If you are interested to learn about aws services please look at my other articles:

1 — Cloud Computing: An Overview. In this section, I will try to explain… | by Shabarish PILKUN RAVI | Towards AWS

2 — Amazon Web Services [AWS]: An Overview | by Shabarish PILKUN RAVI | Towards AWS

3 — Amazon Simple Storage Service S3, an Introduction | by Shabarish PILKUN RAVI | Towards AWS

4 — Route 53 — The highly available and scalable cloud Domain Name System (DNS) web service. | by Shabarish PILKUN RAVI | Towards AWS

5 — AWS architecture for processing real-time and batch processing data and dashboards | by Shabarish PILKUN RAVI | Jul, 2022 | Medium

DevOps and MlOps:

1 — Understanding DevOps and DevOps pipeline | by Shabarish PILKUN RAVI | Jul, 2022 | Medium

2 — Understanding MlOps and MlOps Pipeline | by Shabarish PILKUN RAVI | Aug, 2022 | Medium

If you are interested in deep learning and computer vision, refer below articles:

1 — OpenCV Background Subtraction and Music in Background of Video | by Shabarish PILKUN RAVI | Medium

2 — Artificial Neural Networks Simplified: From Perceptrons to BackPropagation | by Shabarish PILKUN RAVI | The Startup | Medium