Infrastructure Architecture
3-VPC Design
Access VPC (10.0.0.0/16)
├── Bastion host (t3.micro)
└── Public subnet with IGW
Application VPC (10.2.0.0/16)
├── ALB (HTTPS/443)
├── ASG with EC2 instances
└── Public subnets (2 AZs)
Database VPC (10.1.0.0/16)
├── RDS PostgreSQL (Multi-AZ)
└── Private subnets (no internet)
VPC Peering
- Access VPC ↔ Database VPC (bastion access)
- Application VPC ↔ Database VPC (API access)
Key Resources
| Resource | Purpose |
|---|---|
| ALB | HTTPS termination, routing |
| ASG | Auto-scaling API instances |
| RDS | PostgreSQL database |
| S3 | Static web hosting |
| CloudFront | CDN for web sites |
| Cognito | User authentication |