I have deployed nodejs app on ec2 instance. I have used atlas for mongoDB, load balancer, Aws ssl to secure the connection and pm2. As iam already using aws load balancer should i need to use nginx. What is the best practice of deploying nodejs app on ec2. if i need to use ngnix where to configure http to https redirect?
Looks like you need a web application to be developed. I would suggest below architecture. enter image description here. This will eliminate pain of hosting/maintaining servers.
All AWS components can be programmatically integrated using AWS SDK and Amplify is a wrapper on top of this.
Develop your UI in any JavaScript framework and host it in AWS S3. Using CloudFront you can cache the UI layer. Put an API gateway layer which will intercept all the traffic from your UI. Using AWS Amplify can very much simplify your UI development with a lot of built-in wrapper components. It comes with CLI which can be used for deployment as well.
Host your Spring Boot+DB Driver (or NodeJS/C#/PHP/Python/etc.) Application with Rest API in AWS Beanstalk. BeanStalk can be configured with Load Balancing, Auto Scaling Group, etc. If AWS Beanstalk seems complicated for you, consider using AWS Lambda (Serverless, microservices) architecture.
AWS DocumentDB is a MongoDB extension and maybe you can leverage it. Which is again a highly scalable, very flexible NoSQL in this case.
You can leverage AWS Cognito (https://www.slideshare.net/awsugkochi/acdkochi19-enterprise-grade-security-for-web-and-mobile-applications-on-aws)to store User credentials in groups and add permissions and authenticate/authorise the users.
In API Gateway you can configure AWS Cognito Authoriser and protect the APIs from un-authorised calls.
Some of the auxiliary services can be used to integrate email/SMS etc. AWS SNS (Pub/Sub) + SQS (Queue) -> If you want to decouple any process, you can use SNS + SQS. You can send e-mails using AWS SES. AWS Route53 is the DNS and your domain can be hosted here.
If you have to upload any files to cloud and store it for users, leverage AWS S3.
You need to protect internet-facing components like API Gateway and Cloudfront using AWS WAF.
All these systems generate logs and it can be accessed from AWS cloudwatch. Your APIs can be monitored for performance and errors using AWS X-Ray.
Related
I am trying to create a Node.js based service which will run in AWS EKS.
I have created A docker image with Node.js and installed my Node.js application in it.
My application currently supports one test REST API path.
I have below questions:
I am not able to find any useful example of this case, so I posted this question.
How my REST API which is in the service called from the outside, do I need to create a API Gateway and then link to this service > REST API?
Is there a SDK/Library that AWS provides which we need to implement where we get the incoming REST requests in the service and then call the appropriate REST API? Just like what we have in the AWS Lambda the exports.handler.
OR I need to expose REST APIs directly from the service and outside world will consume it based on the configuration?
Also How do I access AWS services from the service, when docker Image is running locally?
I created a Node server that receives events through webhooks, handles them, and posts their data to one API endpoint. Currently I'm deploying it using AWS Elastic Beanstalk, but I don't know if it's the best option.
I don't need load balancers.
I don't need web servers like Apache/Nginx.
My Node server does not have any ports to receive requests, since it's a simple server that only handles webhooks events. So the EBS service will always be without metrics for requests (severe health status - because doesn't handle any of the health requests).
Should I use another type of AWS service? Docker?
Finally, I went for it with the App Runner AWS service for running containers. No load balancers, just elastic sizing. No web servers.
I have a node.js RESTful API application. There is no web interface (at least as of now) and it is just used as an API endpoint which is called by other services.
I want to host it on Amazon's AWS cloud. I am confused between two options
Use normal EC2 hosting and just provide the hosting url as the API endpoint
OR
Use Amazon's API Gateway and run my code on AWS Lambda
Or can I just run my code on EC2 and use API Gateway?
I am confused on how EC2 and API Gateway are different when it comes to a node.js RESTful api application
Think of API Gateway as an API management service. It doesn't host your application code, it does provide a centralized interface for all your APIs and allows you to configure things like access restrictions, response caching, rate limiting, and version management for your APIs.
When you use API Gateway you still have to host your API's back-end application code somewhere like Lambda or EC2. You should compare Lambda and EC2 to determine which best suits your needs. EC2 provides a virtual Linux or Windows server that you can install anything on, but you pay for every second that the server is running. With EC2 you also have to think about scaling your application across multiple servers and load balancing the requests. AWS Lambda hosts your functions and executes them on demand, scales out the number of function containers automatically, and you only pay for the number of executions (and it includes a large number of free executions every month). Lambda is going to cost much less unless you have a very large number of API requests every month.
I am looking to deploy my nodejs React web application on AWS. Currently I deployed my application on Microsoft's Azure and there is was pretty simple. I just had to add an App Service and give my git repository as the source to it. That took care of hosting my application. I am not getting a way like to do it on AWS. I am looking for something like that. How should I do it in AWS?
You can use AWS Elastic Beanstalk for this. Elastic Beanstalk is the PaaS offering which is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. It is similar to Microsoft Azure App services.
You can simply upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring. At the same time, you retain full control over the AWS resources powering your application and can access the underlying resources at any time.
You can go through the tutorial for deploying your node.js app here- Deploying an Express Application to Elastic Beanstalk
One of the easy ways to do this in a Serverless manner is to use the new AWS Mobile CLI:
npm install -g awsmobile-cli
Then initialize and publish:
cd ./myproj
awsmobile init #answer some questions
awsmobile publish
This will setup an S3 bucket with CloudFront configured as your CDN to host your web assets. Your NodeJS app can be hosted in a Lambda function which is protected by API Gateway. A good way to configure the connection and authorzation from the client is to use AWS Amplify in your React application:
npm install aws-amplify --save
npm install aws-amplify-react --save
Then after doing an Amplify.configure(your_config_object you can connect to API gateway which calls your Lambda:
let apiName = 'MyApiName';
let path = '/path';
let myInit = { // OPTIONAL
headers: {} // OPTIONAL
}
API.get(apiName, path, myInit).then(response => {
// Add your code here
});
This will be a signed request to your AWS resources.
More here:
http://docs.aws.amazon.com/aws-mobile/latest/developerguide/web-getting-started.html
I want to host a RESTful API on AWS Beanstalk or EC2 so a client server in an on-premise data center can use it.
Is it secure to host a RESTful API server on AWS Beanstalk or EC2 without authentication and secure them only with security group ?
I put the client IP address into the security group which Beanstalk or EC2 instance uses. So only the client with this IP address can connect to the RESTful API server.
The client is located outside the AWS in a on-premise data center.
Is there any better solutions to handle this problem? I know it is possible to connect AWS VPC with on-premise network, but that seems to be a too expensive for us in such small use case.
Is it secure to host a RESTful API server on AWS Beanstalk or EC2 without authentication and secure them only with security group ?
No authentication is not a recommended method for securing RESTful API but security provided by AWS security groups is rock solid.
Another suggestion will be implementing HTTPS instead of HTTP. Please go through this article. http://aws.amazon.com/articles/1928