ICT Role in 21st Century Education & its Challenges.pptx
ecs-networking-best-practices-diagrams.pptx
1. Public subnet
EC2 instance
Private IP address:
172.31.16.1
Public IP address:
3.221.88.186
VPC
Internet
gateway
Application
Container
172.31.0.0/20
Public subnet, public IP, internet gateway
2. Private subnet
Public subnet
EC2 instance
Private IP address:
172.31.16.1
No public IP
VPC
172.31.0.0/20
Internet
gateway
Application
Container
172.31.16.0/20
NAT gateway
Private subnet, NAT gateway for internet access
3. Private subnet
Public subnet
EC2 instance
Private IP address:
172.31.16.1
No public IP
VPC
172.31.0.0/20
Internet
gateway
Application
Container
172.31.16.0/20
Application
load balancer
ALB ingress
4. Private subnet
Public subnet
EC2 instance
Private IP address:
172.31.16.1
No public IP
VPC
172.31.0.0/20
Internet
gateway
Application
Container
172.31.16.0/20
Network
load balancer
NLB ingress
5. Private subnet
EC2 instance
Private IP address:
172.31.16.1
No public IP
VPC
Internet
gateway
Application
Container
172.31.16.0/20
Amazon API
Gateway
VPC Link
API gateway ingress
6. Private subnet
172.31.16.0/20
EC2 instance
Container
ENI:
172.31.16.1
Port 3000
Port 3000
172.31.16.1:3000
EC2 instance
Container
ENI:
172.31.16.2
Port 3000
Port 3000
172.31.16.2:3000
Private subnet
172.31.16.0/20
EC2 instance
ENI:
172.31.16.1
Container
Port 3000
Port 80
172.31.16.1:80
EC2 instance
ENI:
172.31.16.2
Port 80
172.31.16.2:80
Host networking mode Bridge mode with static
mapping
Network
Bridge
Container
Port 3000
Network
Bridge
7. Private subnet
172.31.16.0/20
EC2 instance
Container
ENI:
172.31.16.1
Port 3000
Port 47760
172.31.16.1:47760
Bridge networking mode
with dynamic mapping
Container
Port 3000
Port 45283
172.31.16.1:45283
EC2 instance
Container
ENI:
172.31.16.2
Port 3000
Port 50077
172.31.16.2:50077
Container
Port 3000
Port 52330
172.31.16.2:52330
10. Private subnet
172.31.16.0/20
EC2 instance
Container
Port 80
Port 80
AWS VPC ENI Trunking, secondary IP address range
ENI
Container
Port 80
Port 80
ENI
EC2 IP: 172.31.16.0 EC2 host
primary ENI
Trunk ENI
Private subnet
100.64.0.0/19
100.64.0.1:80
100.64.0.2:80
11. Private subnet
Public subnet
EC2 instance
Private IP address:
172.31.16.1
No public IP
VPC
172.31.0.0/20
Internet
gateway Application
Container
172.31.16.0/20
NAT gateway
NAT gateway access to other services
Amazon Simple
Storage Service (S3)
Amazon Elastic
Container Service
Amazon Elastic
Container Registry
16. Private subnet
172.31.16.0/20
Private subnet
172.31.32.0/20
AWS App Mesh
Container A
ENI
172.31.16.1
Container B
ENI
172.31.16.2
Container B
ENI
172.31.32.1
Container C
ENI
172.31.32.2
AWS Cloud Map
service-a.local:
172.31.16.1
service-b.local:
172.31.16.2
172.31.32.1
service-c.local:
172.31.32.2
AWS App Mesh
18. Client
application
Authentication Task
Authentication
Container
Password Task
Password
Container
mTLS
secured
mTLS
secured
Service Mesh
Gateway
TLS
secured
Amazon Elastic
File System
File system
gateway-certs/
authentication-certs/
password-certs/
EFS access
point
EFS access
point
EFS access
point
Each service is configured to
be able to connect to a
specific access point in EFS
and fetch its certificates
from that path. The access
point limits it to read only
the certificates in that path
of the filesystem.
Certificate
renewal task
The certificate renewal task
has root access to the
filesystem. It runs
periodically on a schedule to
regenerate the certificates
before they expire.