Web Architectures on AWS - AWS Community Day Athens 2026

Transcript

1. ATHENS Web Architectures on AWS A Reference Implementation Julio Faerman

   + Descomplicando AWS

2. ATHENS How to deliver reliable webapps As cheaply as possible

   In plain language

3. ATHENS AWS Well-Architected Operational Excellence Security Reliability Performance Efficiency Cost

   Optimization Sustainability https://docs.aws.amazon.com/wellarchitected/latest/framework/welcome.html Security

4. ATHENS AWS Well-Architected SEC 2: How do you manage identities

   for people and machines? There are two types of identities you need to manage when approaching operating secure AWS workloads. Understanding the type of identity you need to manage and grant access helps you verify the right identities have access to the right resources under the right conditions. …

5. ATHENS References for everyone, Practice for LinuxTips.io https://github.com/DAWS25

6. ATHENS https://presence.daws25.com

7. ATHENS Web Delivery with Amazon CloudFront ✅ DDoS Protection ✅

   Web Application Firewall ✅ Lower Latency ✅ Lower Utilization ✅ Lower Cost ✅ Higher Sustainability 🚫🧠 ❓Cache Invalidation ❓Compute Mix ❓Gateway vs Balancer ❓Operations and Observability ❓Local Development 🎁 A gift

8. ATHENS https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html

9. ATHENS https://builder.aws.com/content/2iC3xT2M2VsB8FT2wLQ7qt93wK4/deploy-an-amazon-cloudfront-distribution-for-a-web-application-with-static-and-dynamic-content /app/* /fn/* /edge/*

10. ATHENS

11. ATHENS

12. ATHENS Compute Mix ❤ Hundreds of instance types 💔 Self-managed

    ❤ ECS, EKS and Fargate ❤ Container Tooling 💔 Scale to zero is hard ❤ Most efficient and sustainable ❤ Little administration 💔 Tight coupling 💔 NAT GW + CW Logs

13. ATHENS AWS Lambda Lambda@Edge CloudFront Functions Best Use Online Transaction

    Processing, Image Generation, … Request authentication, authorization, … Request security, redirection, … Supported Runtimes Node.js, Python, Java, Go, Ruby, C#, PowerShell, Custom… Node.js, Python JavaScript (ECMAScript 5.1) Security Restrictions VPC Support Full IAM /tmp access No VPC, No Viewer-side Network, Restricted HTTP Target and Headers No Network/File System Access, No dynamic code evaluation, Isolated Process Max Timeout 15 minutes + durable resume 30s (Origin Req/Resp) / 5s (Viewer Req/Resp) Less than 1 millisecond Functions Mix

14. ATHENS

15. ATHENS Data Grid, Cache, Queue, …

16. ATHENS REST API HTTP API ALB Best Use API management

    Serverless APIs High-throughput ingress Latency Higher Low Very low Cost $$$ $ (cheapest API GW) $ (best at scale) Routing Advanced Basic host/path Auth IAM, Cognito, custom IAM, JWT (OIDC) OIDC (limited) Transformations Full (VTL) Limited None Throttling Fine-grained Basic None Timeout Throttle quota per account, per Region across HTTP APIs, REST APIs, WebSocket APIs, and WebSocket callback APIs Up to 4k secs (+-1h) When to Choose API routing All you need is Lambda No “middle man”

17. ATHENS Authentication…

18. ATHENS Observability • Logs • Health • Metrics • Alarms

    • Traces 🦞 Agents

19. ATHENS Local Development

20. ATHENS SAM + NGINX 🤷

21. ATHENS Quarkus ❤⇔❤⇔ ❤

22. ATHENS “GitOps” with … CloudFormation Git Sync 🙈 https://github.com/DAWS25/GitOps Define

    your resource classification :) We use.. TenantId: GitOps, Presence, … EnvId: Main, Blue, Green, …

23. ATHENS

24. ATHENS

25. ATHENS

26. ATHENS Still Missing… https://github.com/DAWS25 • Local CloudFront Proxy with SAM

    Integration • Smart Infrastructure as Code, able to perform CloudFront Continuous Deployment and Multi-Tenant Distributions • Simple authentication and authorization for common OIDC Providers and Frameworks

27. ATHENS Many more projects coming along, join us! https://github.com/DAWS25

28. ATHENS 🎁 20 % OFF

29. ATHENS ATHENS Thank You! Questions? Julio Faerman https://nu01.com