'Connect AWS Amplify React Dashboard to backend services in private VPC

I have created a private subnet in a VPC with a couple of private RDS databases and microservices to retrieve handle request from a react dashboard deployed using AWS amplify.

While I can use security groups to restrict access to different private subnet resources, I am having difficulty creating a secure connection between the Amplify front end and the Private VPC backend.

I have used AWS API gateway service to route requests to the subnet microservice. I have spoken to a solution architect who suggested a VPC endpoint could solve the problem, but it seems that this just helps with internal communication within the private VPC.

I have tried creating a HTTP API VPC link, but I am not sure how to test if it is working.

I have tried creating a REST API VPC link but I am having difficulty setting up a working network load balancer to connect it to.

I would appreciate any suggestions on how set up a secure connection

aws-amplifyamazon-vpc


Solution 1:[1]

The short answer is you can't connect between your front-end, which sits on your user's browser, directly with backend resources on a private subnet. What Amplify does is use Cloudfront to distribute your react front end to user browsers. It's not responsible to help the front-end communicate with other non-Amplify related back-end services.

You could consider the following instead:

  1. You will need to connect to the private service in your private subnet via a public endpoint on a public subnet.
  2. The front end code (from the user browser or mobile app) will send a request to this public endpoint along with authorization token (after user authentication).
  3. This public endpoint, which will receive the request via an Application Load Balancer or API gateway will then relay the user request to the RestFUL services sitting in your private subnet.
  4. I also recommend you develop a RestFUL backend service to handle R/W requests to the database.

For secure communication, you can allow only HTTPS requests to keep user traffic encrypted. Hope this helps.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 saj

Related Questions

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Amazon AWS S3 to Force Download Mp3 File instead of Stream It

How to enable terraform module only with a specific workspace

AWS RDS Postgres: WAL_LEVEL not set to 'logical' after changing rds.logical_replication = 1

Use terraform to set up a lambda function triggered by a scheduled event source

Use terraform to set up a lambda function triggered by a scheduled event source

Self stopping EC2 once task complete?

AWS - SWF - Asynchronous method

Why my cloudformation template is over 1 MB?

AWS elastic beanstalk - WARN install EACCES: permission denied, access '/tmp/.npm'

Aws step functions - Resume from failed step function activity instead of starting a new execution

Redirect Elastic Beanstalk URL to domain name

node-lambda - TypeError: handler is not a function