AWS Architecture
Production ve Staging ortamlarinin AWS altyapi mimarisi - ECS, RDS, ALB, VPC.
Multi-Account Architecture Overview
Architecture2 AWS Account (Production + Staging), ayni region'da (eu-central-1) izole VPC'ler. Her ortamda ECS Fargate cluster, PostgreSQL RDS, ve ALB.
flowchart TB
subgraph INTERNET["Internet"]
CF["Cloudflare
DNS + CDN + WAF"] USERS["Users"] end subgraph PROD["Production Account (957976799355)"] subgraph PROD_VPC["VPC 10.55.0.0/20"] subgraph PROD_PUBLIC["Public Subnets"] PROD_ALB_PUB["Public ALB
internet-facing"] end subgraph PROD_PRIVATE["Private Subnets"] PROD_ALB_PRIV["Private ALB
internal"] subgraph PROD_ECS["ECS Cluster: nickelodeon"] PROD_FE["Frontend Service
Next.js"] PROD_BE["Backend Service
NestJS"] end PROD_RDS[("RDS PostgreSQL
nickelodeon")] end end PROD_ECR["ECR
nickelodeon/frontend
nickelodeon/backend"] PROD_S3["S3
terraform-957..."] end subgraph STAGING["Staging Account (123644281811)"] subgraph STG_VPC["VPC 10.99.0.0/20"] subgraph STG_PRIVATE["Private Subnets"] STG_ALB["Private ALB
internal"] subgraph STG_ECS["ECS Cluster: nickelodeon"] STG_FE["Frontend Service
Next.js"] STG_BE["Backend Service
NestJS"] STG_ADMIN["Admin Service
React"] end STG_RDS[("RDS PostgreSQL
nickelodeon")] end end STG_ECR["ECR
nickelodeon/frontend
nickelodeon/backend
legendsdxp/admin"] STG_S3["S3
terraform-123..."] end USERS --> CF CF --> PROD_ALB_PUB CF --> STG_ALB PROD_ALB_PUB --> PROD_FE PROD_ALB_PRIV --> PROD_BE PROD_FE --> PROD_ALB_PRIV PROD_BE --> PROD_RDS PROD_ECR -.-> PROD_ECS STG_ALB --> STG_FE STG_ALB --> STG_BE STG_ALB --> STG_ADMIN STG_BE --> STG_RDS STG_ECR -.-> STG_ECS
DNS + CDN + WAF"] USERS["Users"] end subgraph PROD["Production Account (957976799355)"] subgraph PROD_VPC["VPC 10.55.0.0/20"] subgraph PROD_PUBLIC["Public Subnets"] PROD_ALB_PUB["Public ALB
internet-facing"] end subgraph PROD_PRIVATE["Private Subnets"] PROD_ALB_PRIV["Private ALB
internal"] subgraph PROD_ECS["ECS Cluster: nickelodeon"] PROD_FE["Frontend Service
Next.js"] PROD_BE["Backend Service
NestJS"] end PROD_RDS[("RDS PostgreSQL
nickelodeon")] end end PROD_ECR["ECR
nickelodeon/frontend
nickelodeon/backend"] PROD_S3["S3
terraform-957..."] end subgraph STAGING["Staging Account (123644281811)"] subgraph STG_VPC["VPC 10.99.0.0/20"] subgraph STG_PRIVATE["Private Subnets"] STG_ALB["Private ALB
internal"] subgraph STG_ECS["ECS Cluster: nickelodeon"] STG_FE["Frontend Service
Next.js"] STG_BE["Backend Service
NestJS"] STG_ADMIN["Admin Service
React"] end STG_RDS[("RDS PostgreSQL
nickelodeon")] end end STG_ECR["ECR
nickelodeon/frontend
nickelodeon/backend
legendsdxp/admin"] STG_S3["S3
terraform-123..."] end USERS --> CF CF --> PROD_ALB_PUB CF --> STG_ALB PROD_ALB_PUB --> PROD_FE PROD_ALB_PRIV --> PROD_BE PROD_FE --> PROD_ALB_PRIV PROD_BE --> PROD_RDS PROD_ECR -.-> PROD_ECS STG_ALB --> STG_FE STG_ALB --> STG_BE STG_ALB --> STG_ADMIN STG_BE --> STG_RDS STG_ECR -.-> STG_ECS
AWS Accounts
2 (Prod + Staging)
Region
eu-central-1 (Frankfurt)
Compute
ECS Fargate
Database
RDS PostgreSQL
Load Balancer
ALB (Public + Private)
Container Registry
ECR
AWS Account Details
ConfigProduction Account
| Account ID | 957976799355 |
| Region | eu-central-1 (Frankfurt) |
| VPC CIDR | 10.55.0.0/20 |
| ECS Cluster | nickelodeon |
| Services | frontend, backend |
| RDS Endpoint | nickelodeon.c9i6s6wokosh.eu-central-1.rds.amazonaws.com |
| Public ALB | public-53526620.eu-central-1.elb.amazonaws.com |
| Private ALB | internal-private-197488464.eu-central-1.elb.amazonaws.com |
Staging Account
| Account ID | 123644281811 |
| Region | eu-central-1 (Frankfurt) |
| VPC CIDR | 10.99.0.0/20 |
| ECS Cluster | nickelodeon |
| Services | frontend, backend, admin |
| RDS Endpoint | nickelodeon.cti4a2u0yl0w.eu-central-1.rds.amazonaws.com |
| Private ALB | internal-private-1565865697.eu-central-1.elb.amazonaws.com |
| Note | Cloudflare tunnel uzerinden erisim |
ECR Container Repositories
Config| Environment | Repository | URI |
|---|---|---|
| PROD | nickelodeon/frontend | 957976799355.dkr.ecr.eu-central-1.amazonaws.com/nickelodeon/frontend |
| PROD | nickelodeon/backend | 957976799355.dkr.ecr.eu-central-1.amazonaws.com/nickelodeon/backend |
| STG | nickelodeon/frontend | 123644281811.dkr.ecr.eu-central-1.amazonaws.com/nickelodeon/frontend |
| STG | nickelodeon/backend | 123644281811.dkr.ecr.eu-central-1.amazonaws.com/nickelodeon/backend |
| STG | legendsdxp/admin | 123644281811.dkr.ecr.eu-central-1.amazonaws.com/legendsdxp/admin |
Network Architecture
NetworkHer environment izole VPC icinde. Subnets 2 AZ'ye dagilmis (eu-central-1a, eu-central-1b).
flowchart TB
subgraph PROD_VPC["Production VPC (10.55.0.0/20)"]
subgraph PROD_AZ_A["eu-central-1a"]
PROD_SUB_A1["10.55.0.0/24
Private"] PROD_SUB_A2["10.55.2.0/24
Private"] end subgraph PROD_AZ_B["eu-central-1b"] PROD_SUB_B1["10.55.1.0/24
Private"] PROD_SUB_B2["10.55.3.0/24
Private"] end end subgraph STG_VPC["Staging VPC (10.99.0.0/20)"] subgraph STG_AZ_A["eu-central-1a"] STG_SUB_A["Subnets"] end subgraph STG_AZ_B["eu-central-1b"] STG_SUB_B["Subnets"] end end IGW["Internet Gateway"] --> PROD_VPC CFT["Cloudflare Tunnel"] --> STG_VPC
Private"] PROD_SUB_A2["10.55.2.0/24
Private"] end subgraph PROD_AZ_B["eu-central-1b"] PROD_SUB_B1["10.55.1.0/24
Private"] PROD_SUB_B2["10.55.3.0/24
Private"] end end subgraph STG_VPC["Staging VPC (10.99.0.0/20)"] subgraph STG_AZ_A["eu-central-1a"] STG_SUB_A["Subnets"] end subgraph STG_AZ_B["eu-central-1b"] STG_SUB_B["Subnets"] end end IGW["Internet Gateway"] --> PROD_VPC CFT["Cloudflare Tunnel"] --> STG_VPC
Production Subnets
| Availability Zone | CIDR Block | Type |
|---|---|---|
| eu-central-1a | 10.55.0.0/24 |
Private |
| eu-central-1b | 10.55.1.0/24 |
Private |
| eu-central-1a | 10.55.2.0/24 |
Private |
| eu-central-1b | 10.55.3.0/24 |
Private |
Request Flow
FlowKullanici isteklerinin Cloudflare'den AWS'e nasil ulastigi.
sequenceDiagram
autonumber
participant U as User
participant CF as Cloudflare
participant ALB as AWS ALB
participant FE as Frontend (ECS)
participant BE as Backend (ECS)
participant RDS as PostgreSQL
U->>CF: HTTPS Request
Note over CF: DNS Resolution
SSL Termination
WAF Rules alt Frontend Request CF->>ALB: Forward to Public ALB ALB->>FE: Route to Frontend Service FE->>BE: API Call (Internal ALB) BE->>RDS: Database Query RDS-->>BE: Query Result BE-->>FE: API Response FE-->>ALB: HTML/JSON ALB-->>CF: Response else API Request CF->>ALB: Forward to Public ALB ALB->>BE: Route to Backend Service BE->>RDS: Database Query RDS-->>BE: Query Result BE-->>ALB: JSON Response ALB-->>CF: Response end CF-->>U: HTTPS Response
SSL Termination
WAF Rules alt Frontend Request CF->>ALB: Forward to Public ALB ALB->>FE: Route to Frontend Service FE->>BE: API Call (Internal ALB) BE->>RDS: Database Query RDS-->>BE: Query Result BE-->>FE: API Response FE-->>ALB: HTML/JSON ALB-->>CF: Response else API Request CF->>ALB: Forward to Public ALB ALB->>BE: Route to Backend Service BE->>RDS: Database Query RDS-->>BE: Query Result BE-->>ALB: JSON Response ALB-->>CF: Response end CF-->>U: HTTPS Response