I'm setting up the architecture for a .gov.in website and have established a production environment with 6 EC2 instances—1 for the web, 2 for the app, 2 for Kafka, and 1 for the database. All of these instances are in a private subnet, and I've implemented an Application Load Balancer (ALB) with the web instances as backend targets. However, I learned that ALBs can't be used directly for apex domains. I'm looking for advice on how to refine this architecture further. Specifically, should I consider using Global Accelerator or CloudFront? What would be the best approach?
2 Answers
You might want to think about using managed services instead of relying on EC2 instances for everything like Kafka or the database. A suggested architecture could be CloudFront (along with a WAF if you want) -> ALB -> ECS with Fargate -> MSK for Kafka -> RDS for your database. While this setup may incur higher costs over time, it can actually save you money by reducing the management overhead for your team.
You can actually use an ALB for your apex domain by utilizing an alias record instead of a CNAME, which isn't allowed at the apex level. Just set it up like this: your DNS -> ALB -> Web -> App -> DB. This should work without needing to modify anything else, even if you're not using Route 53.
Related Questions
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads