High level architecture
More detailed architecture
On-Prem vs AWS Architecture Mapping
Your original architecture was:
Users (Mobile/Desktop)
│
▼
F5 BIG-IP (ASM + LTM)
│
▼
UI Layer
├─ Product UI (2 Instances)
└─ Order UI (2 Instances)
│
▼
API Gateway
│
▼
Kubernetes Ingress Controller
│
┌──────┴───────┐
▼ ▼
Product Service Order Service
(Java Pods) (Python Pods)
│
▼
PostgreSQL Databases
│
▼
ELK / Monitoring
CI/CD: Jenkins + Helm
Identity: UC (Keycloak)AWS Equivalent Architecture
Users (Mobile/Desktop)
│
▼
CloudFront
│
▼
AWS WAF
│
▼
Application Load Balancer (ALB)
│
▼
Amazon EKS Ingress Controller
(AWS Load Balancer Controller)
│
▼
UI Layer
├─ Product UI Pods (2)
└─ Order UI Pods (2)
│
▼
Amazon API Gateway
│
┌──────┴──────────┐
▼ ▼
Product Service Order Service
(Java Pods) (Python Pods)
3 Pods 3 Pods
│
▼
Amazon RDS PostgreSQL
(Product DB)
Amazon RDS PostgreSQL
(Order DB)
Read ReplicasService Mapping Table
| On-Prem | AWS Equivalent |
|---|---|
| F5 ASM | AWS WAF |
| F5 LTM | Application Load Balancer (ALB) |
| Kubernetes Cluster | Amazon EKS |
| Kubernetes Ingress | AWS Load Balancer Controller |
| API Gateway | Amazon API Gateway |
| Product UI Pods | EKS Deployment |
| Order UI Pods | EKS Deployment |
| Java Product Pods | EKS Deployment |
| Python Order Pods | EKS Deployment |
| PostgreSQL | Amazon RDS PostgreSQL |
| PostgreSQL Replica | RDS Read Replica |
| ELK | OpenSearch Service |
| Prometheus | Amazon Managed Prometheus |
| Grafana | Amazon Managed Grafana |
| Keycloak | Keycloak on EKS or Amazon Cognito |
| Jenkins | Jenkins on EKS / EC2 |
| Harbor/Nexus | Amazon ECR |
| Helm | Helm |
| DNS | Route 53 |
| CDN | CloudFront |
| Backup | AWS Backup |
Detailed AWS Architecture
1. Edge Layer
Amazon CloudFront
Equivalent to:
- CDN
- Edge acceleration
- Static content delivery
Responsibilities
- Global caching
- SSL termination
- DDoS absorption
- Content acceleration
AWS WAF
Equivalent to F5 ASM.
Protects against:
- SQL Injection
- XSS
- OWASP Top 10
- Bots
- Malicious requests
Application Load Balancer
Equivalent to F5 LTM.
Responsibilities:
- Layer 7 routing
- SSL termination
- Health checks
- Load balancing
2. Kubernetes Platform
Amazon Elastic Kubernetes Service
Equivalent to on-prem Kubernetes.
Hosts:
Frontend Namespace
├─ Product UI (2 Pods)
└─ Order UI (2 Pods)
Backend Namespace
├─ Product Service (3 Java Pods)
└─ Order Service (3 Python Pods)Features
- Managed control plane
- Auto-scaling
- Self-healing
- Rolling deployments
3. Kubernetes Ingress Layer
AWS Load Balancer Controller
Equivalent to:
NGINX Ingress ControllerCreates:
- Application Load Balancers
- Target Groups
- Listener Rules
Automatically from Kubernetes Ingress objects.
Example
product.company.com
↓
Product UI
order.company.com
↓
Order UI
api.company.com/products/*
↓
Product Service
api.company.com/orders/*
↓
Order Service4. API Layer
Amazon API Gateway
Responsibilities:
- Authentication
- JWT validation
- Rate limiting
- API analytics
- Request transformation
Flow
Ingress
↓
API Gateway
↓
Microservices5. Product Domain
Product Service (Java)
product-service
├── Pod 1
├── Pod 2
└── Pod 3Responsibilities:
- Catalog
- Inventory
- Pricing
- Search
Uses:
ClusterIP Service
↓
Java PodsNo HAProxy required.
6. Order Domain
Order Service (Python)
order-service
├── Pod 1
├── Pod 2
└── Pod 3Responsibilities:
- Orders
- Checkout
- Fulfillment
- Workflow orchestration
Uses:
ClusterIP Service
↓
Python Pods7. Database Layer
Amazon RDS PostgreSQL
Product Database
Stores:
- Products
- Pricing
- Inventory
Order Database
Stores:
- Orders
- Transactions
- Status
High Availability Design
Primary (Multi-AZ)
│
┌─────┴─────┐
▼ ▼
Read Replica 1
Read Replica 2Benefits:
- Automatic failover
- Read scaling
- Backup
8. Observability
Logging
Amazon OpenSearch Service
Equivalent to ELK.
Fluent Bit
↓
OpenSearch
↓
DashboardsStores:
- Application logs
- Audit logs
- Security logs
Monitoring
Amazon Managed Service for Prometheus
Collects:
- Pod metrics
- Cluster metrics
- Application metrics
Amazon Managed Grafana
Provides:
- Dashboards
- Alerting
- SLO tracking
Distributed Tracing
AWS X-Ray
Tracks:
User
↓
ALB
↓
API Gateway
↓
Product Service
↓
RDS9. Identity / User Center (UC)
Option A (Recommended)
Amazon Cognito
Features:
- OAuth2
- OIDC
- MFA
- SSO
- Social login
Option B
Keycloak on EKS.
Suitable when migrating directly from on-prem Keycloak.
10. CI/CD Pipeline
AWS Native
Developer
↓
CodeCommit / GitHub
↓
CodeBuild
↓
Security Scan
↓
Amazon ECR
↓
Helm Charts
↓
Deploy to EKSServices
- AWS CodePipeline
- AWS CodeBuild
- Amazon Elastic Container Registry
AWS NFR Mapping
| NFR | AWS Services |
|---|---|
| Availability | ALB, EKS, Multi-AZ RDS, Route 53 |
| Scalability | EKS HPA, Cluster Autoscaler, API Gateway |
| Performance | CloudFront, ALB, RDS Read Replicas |
| Security | WAF, Cognito, IAM, Security Groups |
| Reliability | Multi-AZ, Self-healing Pods |
| Observability | OpenSearch, Prometheus, Grafana, X-Ray |
| Recoverability | AWS Backup, Multi-AZ RDS, EKS Backup |
| Maintainability | Helm, EKS, Managed Services |
| Deployability | CodePipeline, CodeBuild, ECR |
| Auditability | CloudTrail, OpenSearch, Cognito Logs |
Recommended Production AWS Architecture
Users
↓
CloudFront
↓
AWS WAF
↓
ALB
↓
EKS Ingress Controller
↓
Product UI (2 Pods)
Order UI (2 Pods)
↓
API Gateway
↓
Product Service (3 Java Pods)
Order Service (3 Python Pods)
↓
Amazon RDS PostgreSQL
(Multi-AZ + Read Replicas)
Observability:
OpenSearch + Prometheus + Grafana + X-Ray
Identity:
Cognito
CI/CD:
GitHub → CodeBuild → ECR → Helm → EKSThis is the closest AWS equivalent to your original on-prem F5 + Kubernetes Ingress architecture while maximizing AWS-managed services and minimizing operational overhead.
Very nice article, its clear my doubts