About This Architecture

Single-AZ web architecture combining CloudFront CDN, WAF protection, and bastion host access pattern for secure AWS deployments. Users connect through CloudFront for static content delivery via S3, while WAF filters traffic before reaching the Internet Gateway. The bastion host in the public subnet provides secure SSH access to application servers in the private subnet, which communicate with RDS databases in an isolated data layer. This design demonstrates defense-in-depth with network segmentation across three subnets within a single availability zone. Fork and customize this diagram on Diagrams.so to adapt subnet sizing, instance types, or add multi-AZ redundancy for production workloads.

People also ask

How do I design a secure AWS web application with a bastion host and private database in a single availability zone?

This diagram shows a single-AZ AWS architecture where CloudFront and WAF protect inbound traffic, a bastion host in the public subnet provides secure administrative access, and application servers in a private subnet communicate with RDS databases in an isolated data subnet. This layered approach implements defense-in-depth and least-privilege access patterns.