Migrating 3 tier web application to AWS (Re-hosting/lift-and-shift)

The Current Architecture

Deployment Overview

The current application will be migrated as it is to the AWS Cloud. There will be no code changes required other than changing the connection config.

New Architecture

High availability

The application will be deployed in two AWS availability zones. This will guarantee the application availability even if one AZ goes down. The primary DB will be syncing with the second instance on the other AZ. This instance will be on standby. If in case of a failure in the AZ 1, the stand by DB will automatically be brought up to serve the requests from the application servers. An application load balancer — ALB will be used to divide the load between two AZs. ALB will ensure the traffic will be sent only to the available and healthy server. It will stop sending traffic to a web server if in case the server health check fails.

Performance

Auto-scaling cannot be used in the current application because the web application is storing the user session (stateful application). The application needs to be refactored to support auto-scaling.

Security

Authenticating users: On-prem AD and SSO will authenticate the organisation’s employees to the cloud infra.

  • Web DMZ security group will allow port 443 traffic from the internet.
  • In the Web SG — Allow traffic from the Web DMZ SG
  • In the App SG — Allow traffic from Web SG
  • In the DB SG — Allow traffic from App SG

Monitoring and alerts

Cloud watch will be used to monitor system performances and health. If in case of any issue, Cloud watch will trigger alerts to the application support team. Cloud trail can be used to monitor user activities for audit purposes.

Backups

Scheduled backups will be enabled in the database with an appropriate retention period. After the retention period, the backups will be moved to S3 Glacier deep archive to save costs using S3 life cycle management.

Disaster recovery

The same infrastructure set can be deployed in another AWS region for disaster recovery purposes. The region should be selected based on corporate compliance policies.

--

--

What I’m doing now https://manju.la/now

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store