Medical health record system on AWS with multi-layered security spanning Route 53 DNS, AWS WAF, CloudFront CDN, and AWS Shield Advanced protecting internet-facing endpoints. Traffic flows through Application Load Balancer and Network Firewall to DMZ web servers, then API Gateway routes to private application servers running on t3.large instances with ECS orchestration. Data layer isolates Aurora Primary and Replica databases, ElastiCache, S3 document storage, and DynamoDB sessions in a private subnet with KMS encryption and Secrets Manager credential management. Security monitoring integrates GuardDuty IDS/IPS, CloudWatch, CloudTrail, Security Hub SIEM, Macie for PHI detection, and Inspector for vulnerability scanning across a dedicated security VLAN. Fork this diagram on Diagrams.so to customize subnets, add additional availability zones, or adjust instance types for your patient volume and compliance requirements.