Production Grade microservices architecture in AWS

Question

I have a new web application which in our company we have decided to be like below and i am creating the architecture for the first time so would require some inputs.

1) Front End - React.js

2) Backend - Java (Spring boot)

3) Architecture - Microservices

4) Infra - AWS

5) CI - Jenkins

We have divided the development in three phases

Phase 1 - Create AWS infra, front end service and few backend services using Spring Boot and Spring Cloud. Keep the use of AWS services to as minimum as possible

Phase 2 - Create more backend services and dockerize everything

Phase 3 - Orchestrate previous phase using Kubernetes and use more AWS services if required

I am at phase 1 and after going through lot of resources and study material, need help in creating production grade architecture and AWS environment. There are lot of individual resources but did not find much on how the real system should look like in when it is live.

1) how to isolate environments?

My understanding - create organization which will have 5 accounts - root, security, shared-services ,prod and non-prod aws accounts. Non-prod can have multiple environments if required like test,stage.

Something like this

2) How to create security/network layer?

My understanding - create private and public subnets and create vpc peering between like shared-service and non-prod env and use iam roles.

3) Best way for designing microservices?

my understanding - have a micro frontend and microservices in backend. Client will request webpage in browser the request will come to UI service.

• I am confused what is the order of components.

• Either it should come to react app first and then it would go to api gateway or ELB?

• Do we need ELB?

• Request would come to ELB and then it will go to API gateway and further?

• Answer to all these questions will determine answer to next question

• Option A or B? Or if both are wrong? Or where should be arrows heading from client to backend services?

Option A

Option B

4) Which resources to keep in private and public subnets?

my understanding - in phase 1, follow one instance per service model so each service will have ec2 instance. in later phases we will move to containerization. few things are clear that backend services and persistence like DB will be in private subnet and keep very less resources in public like only bastion hosts etc

- Question is depending on answer for question #3, what others should be public? 

- ELB, api gateway, service discovery? 

- do i need to keep NAT gateway always so as to allow private ones to access internet?

5) What should be the complete release deployment workflow?

my understanding - developer commits code, jenkins should trigger the build, store artifacts and deploy. - how should jenkins server communicate with other machines to deploy services?

- how credentials are managed for communication between jenkins and ec2 instances?

- what is the production grade structure for jenkins project? like does build, deploy and test should be separate items?

I would really appreciate if some experienced architects can help me out if you have configured same in your enterprise/organisations and also let me know if there are any references available online which i could not find for building such production grade systems

Note - Phase 1 should be designed in a way to have as smooth transition as possible to phase 2 and 3

Answer 1

This is a complex question which we cannot do justice to on Stack Overflow.

I would recommend spending some time reading:

• Implementing Microservices on AWS
• Delivering Excellence with Microservices on AWS
• Serverless Application Lens

You could also research content from AWS serverless heroes.