The main goal is to host ASP.NET applications with a MS SQL server database. But we'll make it more interesting by adding a WordPress blog and requiring that all of that needs to be done with AWS services.
All of the ASP.NET applications (we have 8) will be run in IIS. IIS is the software that will run our applications and make them available on the internet. As our applications are currently build in ASP.NET we don't have a choice for the operating system. We have to use Windows.
Our WordPress blog will be hosted on a separate Ubuntu instance with a LEMP stack. We tried running it in IIS on Windows as well, but we needed the memory for our ASP.NET applications (and WordPress is much faster on Linux).
A few of our applications need to be publicly accessible through the internet. We have a homepage, user dashboard and some services that send out email for example.
We want to give these applications their own subdomain and thus also need to get each one an SSL certificate. We can do that by getting a wildcard certificate through Let's Encrypt.
Some of these applications don't need internet access, so we also want to restrict that. This also makes it harder for people to hack them.
Our application sends emails to our customers. To do that we at least need an SMTP server or service, with AWS that is SES or simple email service. We also want to receive email, and we prefer not to host an email service ourselves. AWS also has an email service called WorkMail, which we will use to receive email and send our "handwritten" mail.
Static data like documents (PDF's), images and downloads are normally placed on the hard drive of the server or a nearby NAS. AWS has a "sort of" NAS equivalent: S3. We will store static data on S3 as much as possible. Also backups of our setups and databases will be stored in S3.
When something goes wrong, you want to know. Especially if your service is down for whatever reason. We are going to use CloudWatch monitoring to monitor the state of our application through their log files and by checking if the application is alive.
Another thing we shouldn't forget is to backup our data regularly. As our static data is relatively safe in S3, we'll only focus on the databases here.
This is a very brief overview of what we want to build. Let's sum it up and get into the details with the architecture of the cloud environment.