So, I was curious about how banks design and secure their applications, and stumbled upon a talk from HSBC on how they built their serverless architecture at scale. Check out the architecture:
Now, let's talk about the key design decisions:
-
Small CIDR and large CIDR blocks are in two different VPCs.
-
If we used just one VPC with 1000 IP addresses and tried to scale, we'd run out of IPs pretty quickly.
-
So, smaller CIDR ranges are applied to a set of proxies.
-
Any service that wants to connect to the bank talks to the private VPC endpoints, which in turn talk to the proxies. The proxies then acquire a direct connection to the bank, which allows for safe transit of services in and out of the bank with separate segregation.
-
Plus, if we run out of 65,000 IP addresses (which is the limit for a /16 IP address range), we can create another VPC and connect it to the proxies. This way, we can scale out as needed.
-
The other proxies on the right are controlled by a separate security team. This team whitelists all the domains that proxies can talk to, such as for sending push notifications. We can also use this pattern to whitelist AWS services that we want to connect to the proxies, which keeps us private and not connected to the internet.
And there you have it! A clever and scalable serverless architecture from HSBC. Now, if only we could get them to help us balance our checkbooks...
Reference: This is My Architecture, AWS