site-logo

JAWS PANKRATION 2024

site-logo
HomeNewsTimetableCfPCommitteePromotionFollow UpPrivacy Policy

Goodbye server. Refactoring an app to serverless in AWS

Lv300

Lv300

8/24/2024 18:00 (UTC)

Session Info

Refactoring to serverless doesn't have to be just a thousands of lines of code.

This a real live example of refactoring the robust and upgrade-unfriendly application running on EC2 and S3 - to a modern, serverless, containerized, CICD automated and ops ready using AWS Network Firewall, ECS/Fargate and instance store.

Michal  Salanci

Michal Salanci

- AWS Community Builders -

- AWS User Community Leaders -



Session Category
Container
Networking and content distribution
Security
Identity and compliance
Storage


AWS Services
AWS Network Firewall
ECS/Fargate
EC2
S3
CloudWatch

Session Materials


    Session Summary (by Amazon Bedrock)
      Michel Salanci presents a case study on implementing serverless events in a project. The project involves building a forward proxy in AWS to safely release internet access from customer VPCs. The architecture evolved from having NAT and Internet Gateways in each VPC to a centralized outbound VPC connected via Transit Gateway. The presentation explains the concept of forward proxy, distinguishing between explicit and transparent proxies. Explicit proxies terminate TCP sessions and require client configuration, while transparent proxies don't need specific configuration. Initially, in 2019, the project used an EC2 instance with Squid proxy serving as both transparent and explicit proxy. This setup had scaling limitations and became expensive as traffic increased. In 2022, the team decided to refactor the solution to be fully serverless. They considered various options, including EC2-based solutions, containerized tasks, third-party appliances, and AWS native services. For the transparent proxy, they chose AWS Network Firewall due to its managed nature and L3/L4/L7 packet inspection capabilities. For the explicit proxy, they opted for Squid proxy running in a container managed by Fargate, as it met their serverless requirements. The final architecture includes a NAT Gateway, Network Firewall for transparent proxy, and Fargate-managed containers for explicit proxy. The presenter argues that this solution is serverless as it relies entirely on AWS-managed resources or serverless options, eliminating the need for infrastructure management.

    ©JAWS-UG (AWS User Group - Japan). All rights reserved.