Run your MVP in Aws cloud for just $1
Have you ever wondered, if you can run your MVP in cloud under a budget of $1 per month? With a simple architecture and few hacks it is possible. After you have decided to build your awesome product, sign up to Amazon Web Services. Now you have an account which is eligible for a list of free tier products like 750 hours of RDS database, 750 hours of an EC2 instance and a lot more. Check out the below link.
Serve homepage and static pages from S3
So every product we design will have a home page with a cool introduction, a pricing page if it is a commercial product, and few static pages like “about us” or “contact us”. These are the pages that search engines crawl to know more about your domain. So we can expect frequent traffic on these pages. Also these pages are static and can run serverless. This is the reason I would prefer using a S3 bucket to serve these static content. You can create a S3 bucket and update the policy of the bucket as public read only. Also you can configure an access log bucket in S3 and point the previous bucket’s access logs to it.
Add a CloudFront distribution before S3 with ACM certificates
We will definitely need SSL certificates for our root domain and www subdomain. Also we have to redirect http traffic to https. Compressing your static content (gzip) is also a good way to save some bandwidth. Throw in some caching and we will have a perfect static page hosting. All these are done by CloudFront with a little help from ACM for managing SSL certificates.
Create a hosted zone in Route 53 and point domains to CloudFront
Create a hosted zone in Route 53 and copy the nameserver details to your DNS. Add ‘A’ records for your root domain and www subdomain and point to CloudFront distribution url. Now your website is up and running under the cost of 50 cents which is accounted for your hosted zone.
We will now create the platform for our dynamic content.
Create RDS instance for backend database
Every online product has a backend system which supports user management as a basic need and a core business on top of it. For both we need to create a database and Aws has got you covered. Free tier account includes RDS DB instance of t2.micro size. When you are about to take the rage of internet some day we can extend the RDS instance with a read replica in another Availability zone. This way the system is highly available. We can also migrate to Document DB in the long run.
Create EC2 instance for Backend applications
Now is the time to link your Login and Register buttons to it’s real functionality. I would prefer using Keycloak which has OIDC capability and a clean UI for Login, Registration and Account management. Create a t2.micro instance with Ubuntu OS preferably. While the instance boots up add a security group opening RDS DB to your EC2 instance. Deploy Keycloak docker container in EC2 instance pointing its database to your RDS DB. Open 443 port of EC2 instance and other ports based on your backend service(s).
Create ELB Application Load Balancer and Target Group
Create an ACM certificate for auth.example.com to secure Keycloak. Create a Target Group for https port adding your EC2 instance. Create an Application Load Balancer with https listener pointing to the target group. Link the ACM certificates to the listener. Add ‘A’ record for auth.example.com and point alias to the ELB.
Now you have a static website, database and an auth server ready to get integrated with your backend systems. All under $1 per month.
Few points to ponder
- We have used public subnet of default VPC and did not create the database and backend systems in private subnet. Creating a private subnet has a hidden cost due to NAT gateway. Refer this story for such implementation: https://medium.com/@richygreat/infrastructure-as-code-using-aws-cloudformation-step-10-be558f4dce0e
- Tune the nameserver TTL close to 7 days or more to avoid huge bill in the name of query costs. I seriously think there is no need to create a new hosted zone whatsoever.
- When you want to be highly available, update your RDS to multi AZ. Also create another instance for Keycloak in a different Availability Zone and register it with your Target group.
