I have a web application divided in two projects django rest api as a backend and angular as a frontend. And there is for sure http api calls from angular to Django
Django is hosted in elastic beanstalk in a private subnet While angular is on cloudfront + S3 bucket.
I know that when using a static web app in cloudfront and S3, Http calls will be from the user browser.
my question is
How to make the two of them connect together without exposing my Django app to the internet?
And what is the preferred solution architecture for cases like this?
As the Django rest API is built to serve the angular app only it’s not for public use!!
How to make the two of them connect together without exposing my Django app to the internet?
That is impossible. Everyone's browser needs access to it, so it has to be on the Internet.
You can look into something like placing AWS API Gateway in front of it, and enable API tokens or something to add a layer of security. But ultimately the API endpoints that the Angular app hits must be on the public Internet.