SEIRO IWAMOTOFUKUOKA 33.59°N / REMOTEREV 2026.07
SHEET FIG.5 — /en/work/web-app-from-scratch
CASE STUDY § 01-5

Consumer web app designed from scratch

2021 / Tech Lead / AWS · ECS · API Gateway · CloudFront · WAF · VPC · OpenID Connect
Tech Lead
ROLE
consumer web app
TARGET
architecture · SSO · CI/CD
SCOPE

Challenge

For a new consumer web app, the initial architecture decides its later scalability, availability, and security. Rebuilding the foundation afterward is expensive.

In this engagement, the app’s runtime, delivery, authentication, and deployment path all had to be designed from a state with no foundation in place.

Design decisions

  • On AWS, ran the application on ECS, public access through API Gateway, delivery through CloudFront, and perimeter defense with WAF, splitting the structure into layers by role
  • Separated the network with a VPC and designed the public surface explicitly
  • Adopted SSO via OpenID Connect for authentication
  • Standardized the deployment path with CI/CD
CloudFront + WAFAPI GatewayECSOIDC SSO

Hover, focus, or tap a node to see the design rationale for each element.

  1. CloudFront + WAF — delivery and perimeter defense. CloudFront serves the public edge, WAF handles defense.
  2. API Gateway — the entry point for public access. Connects to the app inside the VPC.
  3. ECS — application runtime. Placed inside the VPC.
  4. OIDC SSO — authentication via OpenID Connect.
FIG. 5-A — Consumer web app designed from scratch

Approach

  • Designed runtime, delivery, authentication, and deployment as independent layers, and pulled the whole structure together as tech lead