Introduction
The primary goal of this project is to design, deploy, and manage a robust multi-service application on Amazon Web Services (AWS). The application architecture leverages various AWS resources to ensure scalability, availability, and optimal performance. The solution is built around four EC2 instances, each hosting a dedicated service critical to the functionality of the overall system. Additionally, it incorporates an Elastic Load Balancer (ELB) to manage incoming traffic efficiently and an Auto Scaling group to handle dynamic demand.
This architecture provides a well-structured foundation for a cloud-based application, allowing seamless communication between services and offering flexibility to scale up or down as needed.
System Design/Architecture:
The architecture of this project is built on the AWS cloud infrastructure to deploy a multi-service application with high availability, scalability, and security. The system design includes various components that are integrated to ensure efficient resource usage, fault tolerance, and secure communication between services.
High-Level Architecture Overview:
1.Virtual Private Cloud (VPC):
The system is deployed within a Virtual Private Cloud (VPC) to provide a secure, isolated network environment. The VPC is divided into public and private subnets:
o Public Subnets: These host the Elastic Load Balancer (ELB), which is responsible for handling incoming traffic and distributing it across the application servers.
o Private Subnets: These contain the EC2 instances that host various services like Memcached, MariaDB, and RabbitMQ, which need to be isolated for security reasons.
2.Elastic Load Balancer (ELB):
The ELB sits in the public subnet and distributes incoming traffic across the EC2 instances in the private subnets. It helps ensure that the application remains highly available and fault-tolerant, routing traffic to healthy instances automatically.
3.EC2 Instances:
app01:
Hosts the core application logic that handles user requests and serves the application. It is part of an Auto Scaling group to automatically scale based on demand.mc01:
Hosts Memcached, a caching layer that helps reduce database load by caching frequently accessed data.db01:
Hosts MariaDB, which provides relational database management for storing application data securely.rmq01:
Hosts RabbitMQ, a messaging broker that facilitates communication between services asynchronously.
4.Auto Scaling Group:
The Auto Scaling group ensures that the number of EC2 instances in the app01 tier automatically adjusts based on defined metrics such as CPU utilization or incoming traffic. This allows the application to scale in or out to handle varying load efficiently.
5.Security Groups and Network ACLs:
Security groups are configured to allow traffic only from trusted sources, such as the ELB to the application instances, and other necessary communication between services. Network ACLs add an additional layer of security by controlling inbound and outbound traffic at the subnet level.
6.CloudWatch for Monitoring:
AWS CloudWatch is used to monitor the health of EC2 instances, Auto Scaling events, and ELB metrics. Alarms are set to automatically scale resources and notify administrators in case of any issues or performance bottlenecks.
Diagram
Implementation: Methods, Algorithms, and Processes
- Security Group Configuration Security Groups are configured to act as virtual firewalls for EC2 instances. Each service (app01, mc01, db01, rmq01) has its own security group with specific inbound and outbound rules to control network traffic
- ELBSG (Security Group): The Elastic Load Balancer is set up in the public subnet to distribute traffic to the app01 instances in private subnets. The ELB is configured to automatically route traffic to healthy instances.
allow inbouund rule in which https allow for public IP means traffic is allowed
- appSG (Application server): Only allows incoming traffic from the ELB (to handle HTTP/HTTPS requests) and from other trusted services (e.g., RabbitMQ, Memcached, MariaDB).
Allow HTTPS traffic comes from ELB to application server
and allow ssh to your Ip only to enter in the server for installing application or monitoring etc.
- BackendSG : Accepts inbound traffic only from app01 and other trusted services in the private subnet like rabbitmq , database,and memecached server, ensuring that database connections are not exposed to the internet.
Allow port 3306,11211,5672 for the traffic that comes from application server
allow all traffic for all rabbitMQ, Memcache, Database server to each other means allow traffic from same security group
2.Key Pair Management:
During EC2 instance creation, a Key Pair is generated (or an existing one can be used) for secure SSH access to instances. This ensures that only authorized personnel or systems with the corresponding private key can connect to the EC2 instances, maintaining the security of the instances from unauthorized access.
3.Provisioning EC2 Instances:
EC2 instances are provisioned using Amazon Machine Images (AMIs) based on the service requirements:
app01:
EC2 instance is configured with a Tomcat server to host the application. Tomcat is installed on the EC2 instance, and the necessary Java Runtime Environment (JRE) is configured to run the application.
The Tomcat web server is configured to handle HTTP requests (typically on port 8080 by default) and route them through to the appropriate application components. If required, Apache HTTPD can be used as a reverse proxy in front of Tomcat to handle requests on port 80 or 443 and forward them to Tomcat on port 8080.mc01:
Configured with Memcached to provide an in-memory caching layer, improving application performance.db01:
Set up with MariaDB as the database service for storing application data securely.rmq01:
Configured with RabbitMQ for handling messaging between different services in an asynchronous manner.
4.Configuring ELB:
The Elastic Load Balancer is set up in the public subnet to distribute traffic to the app01 instances in private subnets. The ELB is configured to automatically route traffic to healthy instances.
5.Auto Scaling Configuration:
An Auto Scaling group is created for the app01 EC2 instances, with scaling policies based on CPU utilization (e.g., scale out when CPU utilization exceeds 80%). This ensures that the application automatically scales based on user traffic
Top comments (0)