Hey guys! Data engineer by trade, self taught on full stack and working on some freelancing to improve my skills.
I recently deployed a frontend website that isn’t expecting a heavy traffic load (maybe a few hundred to thousand of users per month). Wondering if folks would be willing to review the approach and provide feedback where you see fit.
Description of image:
Frontend is written in Angular and deployed using Cloudfront. Cloudfront distribution setup to pull files from S3. I made use of AWS Certificate Manager to ensure that the connection to the site is being forced to HTTPS.
Lightsail was chosen to deploy the API because of the low cost associated and predictable bandwidth and resources that come with the $5 a month package (1gb ram, 1vcpu, 40gb ssd). Within the lightsail instance, I have dockerized Apache and the Python based Flask application. Requests are served to the API over HTTPS (https://api.domain.com) and proxied to the container running Python which is not accessible directly to the public. The Flask container is running Gunicorn application server with 3 workers to ensure that multiple requests can be handled at the same time. Questions I have here: 1) is it safe to terminate the HTTPS at the Apache container? Basically saying that Apache receives the request but forwards it to the Flask container not in HTTPS. Is that standard practice? 2) I had to enable CORS for domain.com to request to api.domain.com although domain.com is TLD is the same here. Is that safe and common to do, or is there a better approach here?
RDS Aurora for MySQL compatible. Data in this project is the most important part, and I think the features that come out of the box with Aurora ensure HA and resiliency. The DB sits within a VPC and peering is enabled between lightsail and rds to allow the private connection.