英文:
which one is better - s3+cloudfront+waf OR ec2+security group when allowing a specific IP in a frontend built with React
问题
我计划使用React部署一个Web前端。我有两个条件:我需要只允许特定的IP地址,并且我想要一个具有成本效益的解决方案。我提出了两个选项,我想知道哪一个更好。
第一个选项是使用S3和CloudFront进行部署,然后使用WAF(Web应用程序防火墙)阻止特定的IP地址。最初,只使用S3,我可以使用S3策略允许特定的IP地址。然而,由于我需要应用HTTPS,我了解到使用CloudFront可以允许我配置WAF的IP白名单。
此外,我考虑了另一种方法,不涉及S3策略或WAF,而是涉及在React应用程序的中间件中确定IP白名单。我想知道您对这种方法的看法。
第二个选项是在EC2上部署前端。我考虑在EC2上使用Docker Compose部署Nginx和React Web应用程序。在这种情况下,我打算在安全组中管理IP白名单。
您认为哪种方法更好?
英文:
I'm planning to deploy a web frontend with React. I have two conditions: I need to allow only specific IP addresses, and I want a cost-effective solution. I have come up with two options, and I would like to know which one is better.
The first option is to use S3 and CloudFront for deployment and then block specific IP addresses using WAF (Web Application Firewall). Initially, with S3 alone, I could allow only specific IP addresses using S3 policies. However, since I need to apply HTTPS, I understand that using CloudFront allows me to configure IP whitelisting with WAF.
Additionally, I have considered another approach that does not involve S3 policies or WAF but instead involves determining the IP whitelist in the middleware of the React app. I would like to know your thoughts on this approach.
The second option is to deploy the frontend on EC2. I thought about using Docker Compose on EC2 to deploy Nginx and the React web application. In this case, I intended to manage the IP whitelist in the security group.
Which method do you think is better?
答案1
得分: 1
为了在IP白名单上托管React应用,我会选择S3和CloudFront,因为它是托管服务,除了React应用本身之外,无需进行维护或更新。这也可以轻松扩展而无需额外的工作。
S3和CloudFront
- 这是一个托管服务:您无法操作服务器或选择运行的软件,但维护较少,您只需负责React应用的软件更新。
- 定价按使用量计费。使用量越高,成本越高。对于低使用量/流量应用程序来说,这可能非常便宜。成本更难以预测。
- 由于“无服务器”架构,容易扩展。
- 内置CDN和缓存,开箱即用。
- SSL/HTTPS开箱即用。
EC2
- 这是一个未托管的服务,需要更多时间和精力。您需要设置、维护和更新。存在更高的安全问题和漏洞的机会。
- 您可以获得更多控制权,但我看不出对于React应用有什么好处。
- 定价具有一致的每月固定成本,可预测。
- 扩展需要由您管理:随着流量/负载增加,您将需要更多的EC2实例和负载均衡器。
- 需要配置CDN和缓存。您可以创建CloudFront分发,但此时您可能应该一开始就选择了CloudFront选项。
- SSL/HTTPS需要您进行配置(例如使用LetsEncrypt)。
英文:
To host a React app with an IP whitelist I would choose S3 and CloudFront, because of the benefits of being a managed service: no maintenance or updates except the React app itself. This can also scale up without any additional effort.
S3 and CloudFront
- This is a managed service: you don't get your hands on the server or get to choose what software it runs, but it is less maintenance and you aren't responsible for software updates except your React app.
- Pricing is per use. The higher use the higher cost. This can be very cheap for low usage/traffic apps. The cost is more difficult to predict.
- Scaling up is easy due to the 'serverless' architecture.
- CDN and caching is built in or out of the box.
- SSL/HTTPS is out of the box.
EC2
-
This an unmanaged service which requires more time and effort. You are responsible for the setup, maintenance and updates. There's a higher chance of security issues and vulnerabilities.
-
You get more control but I cannot see any benefit for a React app.
-
Pricing is predictable with a consistent cost per month.
-
Scaling needs
to be managed by you: with enough traffic/load, you will need more EC2 instances with a load balancer. -
CDN and caching needs to be configured. You can create a CloudFront distribution, but at this point you might as well have gone with the CloudFront option in the first place.
-
SSL/HTTPS needs to be configured by you (for example with LetsEncrypt).
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论