If the backend relies on Windows-only features (COM/Crystal Reports/Windows auth), I willl tailor this to Windows (EB/ECS-Windows). Otherwise I would proceed with ECS Fargate + ALB host rules + S3/CloudFront - that’ll give you per-app autoscaling, isolation, and lower ops without the VM Tetris.