Toey Sawatdee

OVERVIEW

System Active // Data Synced

architecture

Web Architecture

A production-grade, server-side rendered application engineered for high availability, zero-downtime deployments, and edge-optimized delivery. Built to demonstrate absolute control over cloud infrastructure.

FrontendNext.js • TypeScript
CloudAWS EC2 • CloudFront • DynamoDB
NetworkNginx • Route 53
DevOpsDocker • GitHub Actions
SecurityAWS Cognito • ACM

account_treeInfrastructure Pipeline Flow

STEP 01

Edge & DNS Layer

Route 53 ➔ CloudFront
  • Resolves domain via AWS Route 53.
  • CloudFront caches static assets globally (~50ms latency).
  • Terminates SSL at the edge via AWS ACM.
  • Routes dynamic SSR requests through 'origin.*' backdoor.
chevron_right
STEP 02

Security Gatekeeper

EC2 ➔ Nginx Proxy
  • AWS EC2 (t3.micro) receives traffic via secure origin.
  • Nginx intercepts on Port 80 as a reverse proxy.
  • Sanitizes HTTP headers and prevents direct IP access.
  • Forwards clean requests to internal localhost bridge.
chevron_right
STEP 03

Application Runtime

Docker ➔ Next.js SSR
  • Fully isolated Docker container network.
  • Next.js Node server executes on internal Port 3000.
  • Performs Server-Side Rendering (SSR) for dynamic pages.
  • Executes Next.js Middleware for initial route protection.
chevron_right
STEP 04

Serverless Backend

Cognito & API Gateway
  • Decoupled AWS Cognito enforces SRP authentication.
  • Validates JWT sessions for protected dashboard routes.
  • API Gateway + Python Lambda ingests telemetry data.
  • DynamoDB handles On-Demand state persistence.

Zone 1: The Edge

Global Delivery

  • CloudFront: Caches static assets globally, slashing load times and offloading compute.
  • Route 53: Implemented origin isolation to bypass DNS loops, routing traffic safely to EC2.
  • ACM: Enforced strict SSL/TLS encryption across the edge network.

Zone 2: Compute Core

AWS EC2 (t3.micro)

  • Nginx: Primary gatekeeper managing headers and secure request proxying.
  • Docker: Full environment isolation, standardizing production and local states.
  • Next.js SSR: Server-Side Rendering for dynamic routes and middleware authentication.

Zone 3: Serverless Backend

Decoupled Microservices

  • Cognito: Identity management with JWT/SRP, securing all application routes.
  • Lambda: Asynchronous telemetry ingestion to preserve main compute performance.
  • DynamoDB: On-demand NoSQL storage for rapid network state tracking.

Zone 4: CI/CD Automation

Automated Deployment

  • Multi-stage Build: Optimized standalone output reducing container image size to ~69MB.
  • GitHub Actions: Automated pipelines pushing to GHCR on every verified merge.
  • SSH Orchestration: Direct host-level automation for zero-downtime service updates.