Help for sysadmin challenge

Hello Everyone ,
I have been ask to carry out this ask related to sysadmin and I’m looking for some help and tips or documentation on how to begin because I 'm lost . Thanks for your help
This is the task:
Imagine Abou corporation is running a web application either on:

  • Amazon Web Services (AWS)
  • Any other server hosting company (if you are not familiar with AWS)
    This application is made-up of 3 sub-components:
  • A PostgreSQL database:
  • By default, it should not be accessible on the Internet on a network-level (it
    shouldn’t even ping!)
  • It should however be freely accessible to the 2 applications described below
    (dashboard & back-office)
  • Traffic between the database and both applications should be encrypted
  • The end-user dashboard application:
  • It is a ReactJS/node.js application
  • It responds on https://app.earthcube.eu
  • Like many web applications, it is freely accessible online by anybody but restricts
    access using its own authentication mechanism page through users stored in the
    database
  • A back-office application that is used to configure the dashboard:
  • It is a ReactJS/node.js application
  • It responds on https://admin.earthcube.eu
  • Like the dashboard, it restricts access using its own authentication mechanism
    page through users stored in the database
  • As an additional security layer, it should only be accessible to administrators of
    Earthcube. This should be done on the network-level, not using an authentication
    mechanism similar to the dashboard. No other person should be able to get any
    response from that application through the Internet even if they have a valid
    administrator account in the database.
    Considering these requirements, please describe a network solution by including as many
    details as you can with your current knowledge. You can use diagrams if you wish.
    You could host the various parts of the applications on as many computers as you wish
    and you are free to use any tool/AWS service or technology.
    NB: The application authentication mechanism is not your responsibility but is handled by
    the applications themselves.

In which tool are you lost?

I understand the Tools but I Don’t know how to begin . that’s my problem.

Can you explain yourself better?
This architecture is a simple client - server - database.

@elsebasan,
Thanks for your answer . As I have said , I have been asking to describe a network solution by including as many details as you can with your current knowledge regarding the architecture .