I'm working on a three-tier architecture using AWS where I have the following setup:
- A public subnet with an internet-facing load balancer that has an HTTPS listener.
- Private subnet 1 that hosts a containerized React app served by Nginx, deployed with ECS Fargate. This app receives traffic from the Load Balancer.
- Private subnet 2 that has an internal load balancer in front of a Node.js backend API running on port 3000, also deployed with ECS Fargate.
The main issue I'm facing is figuring out how to enable communication between the frontend and the backend. I'm not looking for advice on security group rules or NACLs; I need to know how to properly route traffic from the frontend to the backend.
1 Answer
If your frontend is a Single Page Application and doesn't use server-side rendering, all your API calls to the backend will stem from the user's location (like their home or a café), passing through the application load balancer (ALB) to reach the backend. So, what you need to do is make sure your backend API endpoints are publicly accessible through the ALB, allowing the frontend to fetch data from there.
However, if you're utilizing server-side rendering, it's a bit trickier. You might try calling the backend APIs directly from the ECS tasks running your frontend, but this usually calls for some form of service discovery or an internal load balancer to manage traffic effectively and ensure high availability.
Wait, didn't the OP say the backend ALB is private? How would that work?