Architecture
This document explains the architecture of AI-Starter.
Public Pattern
Overview
The most common pattern, characterized by simplicity and ease of deployment. This architecture places ECS Fargate in a public subnet.
Configuration Example 1
- Users access via the internet
- AWS WAF is used for IP restrictions and protection against unauthorized access
- ALB and ECS Fargate are placed in a public subnet
Configuration Example 2
- Users access via a private network
- ALB and ECS Fargate are placed in a public subnet
- Security groups deny inbound traffic from the internet
Private Pattern
Overview
An architecture that places ECS Fargate in a private subnet.
Configuration Example
- Users access via a private network
- ALB and ECS Fargate are placed in a private subnet
- VPC endpoints or NAT gateways are used for services outside the VPC
This architecture is not recommended for the following reasons:
- The public pattern can achieve a sufficient security level
- Some LLMs and services do not support private network access, making it difficult to restrict all communications to a private network
- Network configuration becomes complex, reducing the flexibility required for AI services