Challenge Overview
In this challenge series we will design the architecture and implement a POC serverless SPA using various AWS services.
Our client currently has an Angular 2+ Single Page App hosted on an EC2 instance with Apache serving it. This infrastructure uses a firewall for DDoS, XSS, Basic SQL, and other protection. It employs Apache Webgate to check for authentication tokens and redirect to Oracle Access Manager (OAM) if the token is not found, for SSO/login. In addition to the access token Webgate also checks various custom headers to validate the requests:
Access-Control-Allow-Headers: // basically any custom header required by our app
Access-Control-Allow-Methods:// methods supported (GET, POST, PUT, PATCH, etc.)
Access-Control-Allow-Origin:https: // Origins allowed - CORS Configuration
This header check allows or prevents access to resources based on the header values (eg. if GET method is not in allowed methods, request is blocked).
Our goal in this challenge is to define an architecture within the AWS ecosystem to replace the current EC2 setup with a serverless infrastructure (example: Cloudfront serving content from S3). All of the above mentioned requirements must be available and configurable within the new serverless architecture (possibly using Lambda@Edge, AWS WAF or AWS Shield, etc.). We need you to document this architecture and make a compelling argument as to why your choices are the right way to go. We’re also offering one bonus prize ($200) for the winner, see the outputs section for details.
For example, if the below diagram is the architecture you proposed for the solution, you would document what each of the services does and how it fits with the challenge requirements (ie what is the service that replaces Apache Webgate and what are the differences that come with the new service, how is the firewall used/configured, etc).
Outputs:
Our client currently has an Angular 2+ Single Page App hosted on an EC2 instance with Apache serving it. This infrastructure uses a firewall for DDoS, XSS, Basic SQL, and other protection. It employs Apache Webgate to check for authentication tokens and redirect to Oracle Access Manager (OAM) if the token is not found, for SSO/login. In addition to the access token Webgate also checks various custom headers to validate the requests:
Access-Control-Allow-Headers: // basically any custom header required by our app
Access-Control-Allow-Methods:// methods supported (GET, POST, PUT, PATCH, etc.)
Access-Control-Allow-Origin:https: // Origins allowed - CORS Configuration
This header check allows or prevents access to resources based on the header values (eg. if GET method is not in allowed methods, request is blocked).
Our goal in this challenge is to define an architecture within the AWS ecosystem to replace the current EC2 setup with a serverless infrastructure (example: Cloudfront serving content from S3). All of the above mentioned requirements must be available and configurable within the new serverless architecture (possibly using Lambda@Edge, AWS WAF or AWS Shield, etc.). We need you to document this architecture and make a compelling argument as to why your choices are the right way to go. We’re also offering one bonus prize ($200) for the winner, see the outputs section for details.
For example, if the below diagram is the architecture you proposed for the solution, you would document what each of the services does and how it fits with the challenge requirements (ie what is the service that replaces Apache Webgate and what are the differences that come with the new service, how is the firewall used/configured, etc).
Outputs:
- High Level Architecture Diagram (Can use visio or similar: output this as a PDF)
- Detailed documentation for configuring the serving of a single page angular app, managing req/res custom headers, handling of SSO/redirect, managing firewall / DDoS protections
- Bonus: Step by step guides for configuring custom requirements on AWS services used in architecture - for example how to add custom headers to the requests for the SPA, How to handle XSS or DDoS protections, How to configure CORS, Or, How to integrate to Webgate to handle these items instead (if any of the custom security requirements are not possible with AWS Services)
NOTE: The submissions will be reviewed by Topcoder and the client and there will be no appeals phase.
Final Submission Guidelines
Submit the architecture diagram
Submit the architecture documentation