After studying the value moving to the cloud and deciding its better for your case, this section helps you architect your application in the cloud using AWS
Leveraging automatic scaling (up/down) based on traffic provisioning to cut out useless capacity at non-peak times, to ensure cost-effective usage of resources.
Fast-responding scalability in case of unexpected loads if compared to the down time encountered by the traditionally hosted apps in case of unexpected peaks.
Managing Different environments
Easily and cost-effectively manage environments (test/beta/staging) to ensure quality of the application at different stages of its development lifecycle. This helps use this parallel fleet optimally when and as needed. You can also use this parallel fleet as staging environment for your new release and leverage Blue-Green Deployment.
- DNS services with Amazon Route 53 simplifies domain management
- Edge caching with AWS CloudFront to decrease latency of content to users
- Edge security for Amazon CloudFront with AWS WAF customer-defined rules to filter malicious traffic (XSS - SQL injections)
- Load balancing with Elastic Load Balancing (ELB) spread load over Availability Zones and use AWS Auto Scaling groups for redundancy
- DDoS protection with AWS Shield for Network and Transport layers DDoS attacks protection automatically
- Firewalls with security groups host-level stateful firewall for both web and app servers.
- Caching with AWS ElastiCache leverage Redis and Memcached for lower latency of frequent requests.
- Managed Databases with Amazon RDS highly available, multi-AZ DB architecture with 6 possible DB engine
- Static Storage and backups with Amazon S3 simple, HTTP-based object storage for backups and assets.
- Security groups provide host-level security
- Amazon VPC :
- enables running resources in an isolated network that you defined.
- helps create hybrid architecture via hardware VPNs to extend your datacenter using AWS cloud.
- Works with both IPv4 and IPv6.
- CDN (Content Delivery Network) provide a network of edge locations to deliver your content in a geo-dispersed fashion though edge caching.
- For dynamic content, CDN retrieves data from the origin server
- You can use CloudFront as a global network of your static, dynamic and streaming content.
- CloudFront is optimized for working with AWS services (like S3 and EC2) with a pay-as-you-go pricing method.
- Any other edge caching solution should work well in the AWS cloud.
Managing public DNS
- Route 53 is a scalable and highly-available AWS-optimized cloud DNS service. It's also fully compliant with IPv6
- Use EC2 security groups, which are analogues to firewalls, to limit inbound access to your instance to only specific subnets, IP addresses and resources.
- Amazon ELB (Elastic Load Balancer) is used to distribute incoming traffic across multiple targets in the same AZ or across multiple AZs.
- It offers 4 types of LBs, all provided with high-availability, scalability and security.
Finding hosts and services
- Most IPs in the AWS are dynamic
- EC2 instances are provided both public and private DNS endpoints that are accessible through the internet
- You should assign a Static IP address (Elastic IP in the AWS terminology) for instances and services that require consistent endpoints, such as primary databases, central file servers, and EC2-hosted load balancers.
- Amazon ElastiCache is a highly-available and auto scalable in-memory cache web service that's protocol compliant with Memcached and Redis.
DB (Config, Backups and failover)
Using Amazon RDS
- Provide access to popular DB engines in the cloud
- Supports MySQL, PostgreSql, MS SQL Server and Oracle.
- Easy and flexible scalability of both compute resources and storage capacity
- Backup with retention periods
- Multi-AZ deployments for increased availability
- Read replicas to scale out for heavy read workloads
Hosting and RDBMS on EC2 instance
- Install your RDBMS of choice on an EC2 instance
- Ultimate flexibility of architecture to fit your requirements
- Amazon EBS for fault-tolerant storage for data and logs.
- For demanding workloads, you can use Amazon EBS Provisioned IOPS and specify the IOPS required.
- Amazon DynamoDB : Cloud-native solution with all AWS goodness out-of-the-box.
- Amazon DocumentDB : Ready for JSON data at scale. Compatible with MongoDB
- Amazon KeySpace : Full compatibility with Apache Cassandra
- Amazon Neptune : Reliable and fully managed graph DB.
- Amazon QLDB (Quantum Ledger DB) : Fully managed ledger DB with transparent, immutable and cryptographically verifiable transaction log owned by a central authority.
- Amazon Timestream : Server less time series DB for IoT and operational applications.
- You may use EC2 to host any other non-relational DB you're working with
- Using Amazon RDS
Storage and backups
- Use Amazon S3 for static storage like files and media.
- Use Amazon EBS as attachable storage volumes with EC2 instances.
- EBS runs in a different lifecycle from that of the instance it's attached to.
- You can take a snapshot of an EBS volume and store it on S3. Since the changes only are stored, more frequent snapshot will decrease snapshot time
- EBS goes as large as 16TB and the ability to stripe volumes for increased IO performance.
- Use EBS Provisioned IOPS to meet the needs of your IO-intensive workloads - 16k (all instance types) to 64k (Nitro systems) and io2 block express volume type for up to 256k IOPS and max storage 64TB
- Use Auto Scaling alone with CloudWatch and Amazon ELB (Elastic Load Balancer) to scale up/down/in/out your fleet automatically based on monitoring-based results.
- Use Auto Scaling groups to scale different layers of the application independently.
- You can also scale EC2 instances manually using the EC2 API
Additional Security Features
- The large scale of the AWS network helps protect you against DDoS attacks via scaling up your app in response to the large traffic using ELB, CloudFront and Route53
- AWS Shield : Managed service that protects you against various forms of the DDoS attacks. It's standard offering is free and active in your account and protects against common attacks. The advanced offering provides you with a near-real-time visibility into tha attack, integration with other services and the ability to access the AWS DDoS Response Team for large-scale sophisticated attacks.
- AWS WAF (Web app framework) : Works with CloudFront of Application Load Balancer to protect your apps against XSS, SQL injection and DDoS attacks. Also comes with a fully featured API helping your in automation.
- AWS Firewall Manager : Centrally configure and manage firewall rules across your accounts and applications in AWS Organizations
- Availability Zones are physically separated locations for app redundancy and fault-tolerance. It's recommended to deploy your EC2 instances in multiple AZs. You should make sure that distribution of provisions among AZs guarantees high availability and consistency, which is already managed for you in most of AWS.
No more HW firewalls, routers, load balancer with your AWS Cloud architecture, just SW solutions.
Every host is locked down with a firewall. You should analyze traffic between hosts within your architecture to determine which ports needs to be open and create security groups in accordance. You can use network access control lists within Amazon VPC for subnet-level lockdown.
Think of AZs within an AWS region as separate Datacenters, logically and physically separated. You can use Amazon VPC to keep your resources in the same logical network while leveraging AZs.
No assumption on the host IP, location, ever-lasting availability of the host. Your key to fault-tolerance and high scalability of your apps is the dynamic design that fits with the wild nature of the cloud world.
Consider modernizing your application using Containers and Serveless technologies, leveraging services like AWS Fargate and AWS Lambda for more agile apps.
- Amazon Lightsail : Simple app development VPS with everything needed to build a Web app or website. Ideal for simple workloads and quick deployments.
- AWS Elastic Beanstalk : Easy-to-use service for deploying and scaling web apps developed with most of the technologies (Ruby, NodeJS, Docker,..) on familiar servers (Apache, NGINX, ..)
- AWS App Runner : Quickly deploy your containerise Web apps at scale effortlessly and without prior infrastructure knowledge required.
- AWS Amplify : Framework of tools and services to help front-end web and mobile developers to build scalable products with an AWS-powered backend. Also used for deploying static web apps.
Migration to an AWS cloud architecture requires some consideration and changes, but really pays off.