← Back to Portfolio
apurvad.xyz Infrastructure
Multi-Tier AWS Architecture | Enterprise Pattern Testing Ground
Architecture Diagram
INTERNET
│
┌──────────▼──────────┐
│ Route 53 │
│ apurvad.xyz │
│ 6 Routing Policies │
└──────────┬──────────┘
│
┌──────────▼──────────┐
│ CloudFront │◄──── ACM Cert (*.apurvad.xyz)
│ SSL + Edge Cache │
│ DDoS Protection │
└─────┬────────┬─────┘
│ │
Primary Origin│ │Failover Origin
▼ ▼
┌──────────┐ ┌──────────┐
WAF ───────►│ ALB │ │ S3 │
(SQL/XSS) │ + TG │ │ (static) │
└────┬─────┘ └──────────┘
│
┌──────────────▼───────────────┐
│ VPC │
│ ┌─────────────────────────┐ │
│ │ Private Subnet │ │
│ │ ┌───────────────────┐ │ │
│ │ │ EC2 (nginx) │ │ │
│ │ │ IMDSv2 Only │ │ │
│ │ │ SSM Managed │ │ │
│ │ └───────────────────┘ │ │
│ └─────────────────────────┘ │
└──────────────────────────────┘
│
┌────────────▼────────────┐
│ CloudWatch Alarms │
│ + SNS Notifications │
└─────────────────────────┘
Route 53 Routing Policies (All 6 Types)
Failover
Primary/Secondary with health checks
Geolocation
US, FR, IN, CN, ZA + default
Latency
IAD, DUB, SYD, BOM regions
Weighted
1:100 A/B testing ratio
IP-Based
CIDR collection routing
Geoproximity
Coordinate + bias config
Security Layers
IMDSv2 Enforced
Prevents SSRF attacks
Private Subnet
SSM-only, no public IP
WAF Rules
SQL injection, XSS protection
TLS 1.2+
ACM-managed certificates
Observability
CloudWatch Alarms
5xx errors, unhealthy hosts
SNS Notifications
Alert on threshold breach
S3 Failover
Static maintenance page
OAC Access
Secure S3 origin
Monthly Cost
| Service | Cost | Notes |
|---|
| EC2 (t2.micro) | ~$8 | Free tier eligible |
| ALB | ~$16 | $0.0225/hr + LCU |
| NAT Gateway | ~$32 | $0.045/hr + data |
| Route 53 + CloudFront + S3 | ~$3 | Low traffic |
| Total | ~$59/mo | Over-engineered for learning |
Note: Static S3 + CloudFront would cost <$5/month. This architecture exists for hands-on learning.
Technologies
CloudFrontALBEC2Route 53
ACMWAFVPCNAT Gateway
S3CloudWatchSNSSSMnginx
← Back to Portfolio