About This Architecture

Prometrica's AWS + Linux VPS architecture combines Route 53 DNS, CloudFront CDN, and WAF protection with a single-AZ cost-optimized core featuring EC2 t3.medium instances running Nginx and Node.js/NestJS APIs, backed by RDS PostgreSQL and secured via Secrets Manager, IAM roles, and KMS encryption. Traffic flows from web and mobile clients through Route 53 to CloudFront for static assets or WAF-protected ALB for API endpoints, with the application tier accessing RDS, S3, and SES through least-privilege IAM instance profiles. This architecture demonstrates production security best practices—network segmentation via security groups, encrypted secrets management, CloudTrail audit logging, and GuardDuty threat detection—while maintaining cost efficiency through single-AZ deployment and t3 burstable instances. The optional multi-AZ extension in AZ-2 adds Auto Scaling Groups and RDS standby replicas for high-availability scenarios without mandatory upfront investment. Fork this diagram on Diagrams.so to customize subnets, instance types, or add additional AWS services like ElastiCache or EventBridge for your SaaS workload.

People also ask

How do I architect a cost-optimized AWS SaaS backend with EC2 and RDS that can scale to multi-AZ high availability?

Prometrica's architecture uses a single-AZ core with Route 53, CloudFront, WAF-protected ALB, and EC2 t3.medium instances running Nginx and Node.js APIs connected to RDS PostgreSQL, secured via Secrets Manager and IAM roles. An optional AZ-2 extension adds Auto Scaling Groups and RDS standby replicas for high availability without upfront cost. This pattern balances production security—network segm