AWS - deployment & security for a PHP + ReactJS frontend & backend app

Question

Hoping to get some guidance here and I will present the scenario as best as I can given I am relatively new to AWS.

I have an app built in PHP (Yii2) and ReactJS. The PHP app is to run simply as a RESTful service. The app is split into a frontend and a backend, which each sharing common ORM/models, controllers etc with this as the general idea: -

/models
    /frontend
    /backend
    /common

A standard enough pattern, as the same would be done from for the controllers.

My aim is to run the app as www.thewebsite.com and admin.thewebsite.com. The frontend will offer the user the ability to log into their account but this will not allow any access to admin.thewebsite.com. I am looking to use AWS Cognito and DynamoDB sessions for this.

My intention is to have the admin site entirely protected so as to render nothing other than a logon page unless the user has been authenticated. If possible, I do not wish to have the app.js exposed until the user has logged in.

Can I ask if there is a certain strategy that can be used in AWS to achieve this? I would again be looking to use Cognito and DynamoDB sessions but I am wondering if there is a specific paradigm in AWS for this type of scenario? This is not a lazy question and I am not expecting others to do the work for me... it's just that AWS offers so many different services I really don't know where to start.

If someone could give me some advice here/point me in the right direction, that would be great. I've had a look at the AWS forums but they seem to be fairly dead.

Answer 1

From what I understand, your main priority is to allow users to log into the www subdomain but not into the admin portal.

AWS' services are mainly around hosting and networking, there are some services that help with security like cognito as you mentioned and aws signature but it would be your code's role to maintain that security and control between the two applications.