Network & Security Infrastructure

Overview

In this section, we will establish the foundational network layer and security boundaries for IELTS BandUp.

A robust network architecture is critical for protecting sensitive user data and ensuring high availability. Instead of using the default network settings, we will construct a custom Virtual Private Cloud (VPC) designed for a production-grade environment. This setup allows us to strictly control traffic flow between our application components (Frontend, Backend, Database) and the internet.

Furthermore, we will configure VPC Endpoints to allow our private containers to communicate securely with AWS services (like ECR and S3) without traversing the public internet, enhancing both security and network performance.

Implementation Steps

We will break down the infrastructure setup into the following key tasks:

  1. VPC & Connectivity: Create the isolated network environment, partition it into Public and Private subnets, and configure Internet Gateways (IGW) for external connectivity.
  2. Load Balancing (ALB): Set up the Application Load Balancer and Target Groups to distribute incoming traffic efficiently to our future ECS tasks.
  3. IAM Security: Provision the ecsTaskExecutionRole to grant our Fargate containers the necessary permissions to pull images and push logs.
  4. VPC Endpoints: Establish private connections to AWS services (ECR, CloudWatch, S3) to secure internal traffic.

Content

  1. VPC, Subnets & Routing
  2. Application Load Balancer (ALB)
  3. IAM Roles for ECS
  4. VPC Endpoints Setup