Serverless Portal | Architecture on AWS
Serverless Architecture for Portal: Secure Data Management in the Cloud
It is no secret that companies need robust solutions to manage large volumes of telemetry data securely and efficiently. At Tucanbit, we have developed a modern demonstrative portal that allows organizations to manage the upload, download and visualization of files that collect IoT device metrics; using a completely serverless architecture on AWS. This article explores how we integrated technologies like Angular, AWS Cognito, CloudFront, APIGateway, AWS Lambda, DynamoDB and S3 to create a scalable, secure solution and cost-optimized for file management.
Serverless Architecture:
The portal’s architecture follows serverless principles, eliminating the need to manage traditional servers, allowing automatic scalability and optimizing costs.
Technological components involved in the solution:
1. Frontend
The portal is developed in Angular and deployed as static content on Amazon S3. This choice eliminates the need for dedicated web servers and integrates naturally with Amazon CloudFront. Thanks to the global content distribution network, the application is delivered with low latency and high availability, even for users in remote locations.
2. Authentication and Authorization
Access security is managed with Amazon Cognito, which allows handling user identities without needing to implement an own authentication system. With features like registration, login, password recovery and access control by groups, Cognito offers a complete scheme for user management. In addition, its compatibility with OIDC flows facilitates integration with external providers, enabling federated authentication simply and securely.
3. Backend
The portal’s logic is implemented through AWS Lambda using .NET Core as runtime. Each Lambda function acts as a specialized microservice in a specific operation, including the generation of presigned URLs for file upload and signed URLs through CloudFront for download. These functions integrate with DynamoDB and S3, following Clean Architecture and Clean Code principles, ensuring clear separation of responsibilities, greater maintainability and the ability to scale independently. In addition, development aligns with the 12 factors for cloud-native applications, ensuring portability, scalability and ease of deployment.
4. APIs
RESTful APIs are exposed through AWS APIGateway which acts as an API Proxy for integration between endpoints and lambda functions. For API security, it is done by creating an authorizer with integration to AWS Cognito, adding a robust access control layer that allows access to APIs only to authorized users. Additionally, AWS APIGateway has traffic limit configuration including rate and burst policies, which ensures protection of microservices against possible abuses or unexpected loads.
5. Database
Data persistence is resolved with a combination of Amazon DynamoDB and Amazon S3. DynamoDB, as a NoSQL database, stores file metadata with consistent response times and automatic scalability. In parallel, Amazon S3 manages massive file storage, offering virtually unlimited durability, lifecycle policies for cost optimization and native security in object access.
6. Security
Sensitive configuration management is centralized with AWS Secrets Manager, which securely stores credentials and critical configurations, including the private keys necessary for generating signed URLs.
CORS is configured in CloudFront and API Gateway as a preventive mechanism, restricting the use of these resources on unauthorized or not explicitly allowed websites.
It is relevant to mention that by integrating CloudFront + AWS WAF and APIGateway + AWS WAF, which adds additional protection such as malicious traffic filtering, blocking common attacks, SQL injections or automated bot patterns.
7. Monitoring
The system’s operation is monitored through Amazon CloudWatch, which collects metrics, logs and alarms from all involved services. This complete visibility allows quick reaction to failures and, at the same time, analyze usage patterns to anticipate improvements. In this way, it is guaranteed that the solution not only works stably, but can also evolve as user needs increase.
Infrastructure as Code
The portal’s infrastructure was provisioned using Infrastructure as Code (IaC), which allows defining and managing AWS resources declaratively and versionably. For this project, two main tools were used:
- Terraform/Terragrunt: Used for infrastructure provisioning, allowing modular and reusable management of resources across multiple environments.
- CloudFormation: Used to create specific AWS resource templates, facilitating automation and consistent infrastructure deployment.
Benefits of Serverless Architecture
1. Automatic Scalability
The solution’s ability to adapt to demand is inherent to the use of services like AWS Lambda, DynamoDB and S3. This allows the system to scale transparently, from a few requests to thousands of simultaneous interactions, without needing to provision additional servers or manually adjust configurations. In practice, the portal can grow at the pace of users and their workloads, maximizing the likelihood of maintaining a smooth experience even in high-demand scenarios.
2. Cost Optimization
The architecture eliminates fixed costs associated with traditional servers. With Lambda, billing is done per milliseconds of execution and consumed resources; with S3 and DynamoDB, charging is linked to the actual volume of storage and operations. Costs tend to align with actual usage, as long as consumption models are properly configured, reducing unnecessary expenditure.
3. High Availability and Reliability
AWS infrastructure is designed to be resilient from the start, although it is important to consider resilience patterns. By deploying in multiple availability zones, services can automatically recover from failures without interrupting portal operation. In addition, global distribution through CloudFront ensures low latency in any location, improving the end-user experience even in remote access scenarios.
4. Security
Serverless architecture improves security by delegating infrastructure management to providers like AWS, who implement automatic security updates, data encryption in transit and at rest, and compliance with global standards. This reduces the risk of human vulnerabilities and allows focusing on business logic instead of patches and security configurations.
5. Agility in Development and Operation
Serverless architecture fosters simplifying application development by allowing the team to focus on business evolution and not infrastructure administration. New versions can be deployed without generating downtime, and the use of CI/CD ensures a constant flow of updates.
In Operation
- Frontend + Authentication and Authorization
- Integration with AWS Cognito for secure login
- Access control based on Cognito groups (RBAC by organization)
- OIDC flow for federated authentication
- Backend + APIs + Security
- Integration of APIGateway (Authorizer, CORS) + Lambda
- Database
- File upload via presigned URLs
- File download with signed URLs
- Monitoring
- Visualization of logs, performance
Explore the Portal in Action
Credencials
- Email: info@tucanbit.com
- Password:
yrXl12m5h'1E
👁️ Interactive demo: industry4.tucanbit.com
Conclusion
The serverless implementation of this portal demonstrates that it is possible to manage data efficiently, securely and scalably without relying on traditional servers. The solution automatically adjusts its capacity to demand, optimizes costs and maintains high availability, ensuring a smooth experience for users.
With low latency and minimal operating costs at AWS’s free tier level, this approach validates the viability of the cloud for modernizing data infrastructures. In addition, it establishes a replicable model for future serverless initiatives, facilitating the organization’s technological evolution in an agile and secure manner.
Ready to Implement Serverless in your Project?
📧 Contact us: info@tucanbit.com
Additional Resources