🛡️
High Availability Web App
CloudFront + WAF → ALB → ECS Fargate (multi-AZ) → Aurora + ElastiCache.
What you can build with this
A production application built for zero downtime. WAF blocks malicious traffic at the CloudFront edge. Your Dockerized app runs on Fargate containers spread across multiple availability zones. Aurora PostgreSQL automatically promotes a standby if the primary fails. Redis caches frequently accessed data, reducing database load and improving response times.
Deployment timing
After you run the deploy command, resources come online at different times. Check the validation steps in order.
| Resource | Ready in |
|---|---|
| VPC, subnets, security groups | 1–2 min |
| Load Balancer | 2–3 min |
| ECS containers running | 5–8 min after stack completes |
| ElastiCache Redis | 8–12 min after stack starts |
| Aurora cluster | 10–15 min after stack starts |
| CloudFront fully propagated | 5–15 min after CREATE_COMPLETE |
| Custom domain DNS | 5–30 min after Route53 record saved |
DNS / Certificate note: Two ACM certificates are required if your app region differs from us-east-1: one in us-east-1 for CloudFront, one in your app region for the ALB. CloudFront takes 5–15 minutes to deploy after stack completion. DNS propagation adds another 5–30 minutes.
CloudFormation parameters
These are the values you will fill in when deploying the exported template. Changing these does not break the template — that is the point.
| Parameter | What to provide | Example |
|---|---|---|
| ContainerImage | ECR image URI for your application | ACCOUNT.dkr.ecr.us-east-1.amazonaws.com/my-app:latest |
| AuroraPassword | Aurora master database password | SecurePass123! |
| AcmCertALB | ACM certificate ARN for the ALB (your app region) | arn:aws:acm:us-east-1:... |
| AcmCertCFN | ACM certificate ARN for CloudFront (must be us-east-1) | arn:aws:acm:us-east-1:... |
| DesiredCount | Number of container replicas (spread across AZs) | 2 |