About This Architecture

Multi-AZ banking architecture in eu-west-2 combining ECS Fargate, Aurora PostgreSQL Serverless v2, and hybrid connectivity via AWS Direct Connect and Cloud WAN. Application traffic routes through Route 53, API Gateway, and AWS WAF-protected internal ALBs across two availability zones with cost-optimized Spot instances for standard services and On-Demand for high-resource workloads. Secrets Manager, AWS KMS, CloudTrail, and CloudWatch provide encryption, audit logging, and observability across the VPC (10.0.0.0/16) with VPC endpoints isolating access to ECR, SNS, SQS, and Secrets Manager. Cross-region backup to eu-west-1 and Transit Gateway attachment enable disaster recovery and hybrid connectivity to NatWest DC infrastructure. Fork this diagram on Diagrams.so to customize subnets, add additional regions, or adjust Fargate task definitions for your compliance and performance requirements. This architecture demonstrates AWS Well-Architected principles for regulated financial services: multi-AZ resilience, least-privilege IAM, encryption at rest and in transit, and segregated network segments for production and non-production workloads.

People also ask

How do I design a production banking architecture on AWS with multi-AZ failover, encryption, and hybrid connectivity to on-premises data centers?

This diagram shows a banking-grade AWS architecture spanning eu-west-2a and eu-west-2b with ECS Fargate clusters (On-Demand for high-resource services, Spot for standard workloads), Aurora PostgreSQL Serverless v2 with cross-region DR, and AWS WAF protection. Hybrid connectivity is achieved via AWS Direct Connect and Cloud WAN to NatWest DC, while Secrets Manager, AWS KMS, CloudTrail, and VPC endp