This part of the repository provides options to implement the product factor Guarded Ingress via an AWS WAF. The concepts of rate limiting and load shedding are realized to secure the application from incoming traffic.
Both concepts are provided within two Terraform scripts, to adhere to the modularity of this repo and allow the interchangeable and cobinatory deployment of components.
- Provisioned EKS Cluster: Baseline Architecture.
- Connection to the cluster (via
aws eks --region us-east-2 update-kubeconfig --name eks-cluster). - AWS CLI - A command line tool for interacting with AWS services.
- kubectl - A command line tool for working with Kubernetes clusters.
- eksctl - A command line tool for working with EKS clusters.
- Helm 3.7+ - A tool for installing and managing Kubernetes applications.
- TeaStore App deployed, here via the usage of the ALB.
The AWS WAF was used to set a rate limit (for testing purposes) of 100 requests per IP address or 200 requests in total within a five-minute period.
Exceeding requests are blocked to avoid overloading the compute capacity.
Load shedding was realized by applying a url-based request limit to the /login path. The goal is to realize a priority-based handling of requests and limit the amount of login-sessions but keeping the availability of the WebUI.