CODEWITHSUNDEEP
javaspringamazon-web-servicesspring-bootmicroservices
SCoder
SCoder

Reputation: 969

How to isolate environments in AWS?

I have a new web application which in our company we have decided to be like below and i am creating the architecture for the first time so would require some inputs.

1) Front End - React.js

2) Backend - Java (Spring boot)

3) Architecture - Microservices

4) Infra - AWS

5) CI - Jenkins

We have divided the development in three phases

Phase 1 - Create AWS infra, front end service and few backend services using Spring Boot and Spring Cloud. Keep the use of AWS services to as minimum as possible

Phase 2 - Create more backend services and dockerize everything

Phase 3 - Orchestrate previous phase using Kubernetes and use more AWS services if required

I am at phase 1 and after going through lot of resources and study material, need help in creating production grade architecture and AWS environment. There are lot of individual resources but did not find much on how the real system should look like in when it is live.

how to isolate environments?

My understanding - create organization which will have 5 accounts - root, security, shared-services ,prod and non-prod aws accounts. Non-prod can have multiple environments if required like test,stage.

Something like this

enter image description here

Is this a good approach? will it cause any issues/complexities in deployment or other activities given multiple accounts?

Detailed information what I am trying to achieve is mentioned in question: Production Grade microservices architecture in AWS

I am not sure if there are any resources available on web which i can refer which explains it. if anyone has i would be happy to go through them.

Upvotes: 3

Views: 1316

Answers (1)

Arun Kamalanathan
Arun Kamalanathan

Reputation: 8603

Yes, In my work, we are using the same mechanism where all the users are stored in an AWS accounts, Each product gets their very own Dev, Staging and prod AWS sub accounts. The developers assumes roles in to their own accounts.

We are doing this for the last 3 years.

The benefits I can think of,

  1. easy to add or remove developers and give accounts to specific accounts
  2. Resources are isolated by environment
  3. You can avoid naming conflicts, for e.g we can name a lambda Pricing-calculate on all three environments

The only difficulty that i can remember with this set up is, when we use some cli commands such as serverless, it was asking MFA code every single time. I had to set the environment variables for the the credentials in the current terminal shell to avoid it instead of using profiles.

Hope this helps.

Upvotes: 1

Related Questions