DEV Community: Moses Daniel

Web Application for Hospital Management System on GCP with HIPAA Compliance

Moses Daniel — Fri, 10 Jan 2025 08:46:02 +0000

Introduction

Designing a Hospital Management System (HMS) for healthcare organizations requires strict adherence to HIPAA (Health Insurance Portability and Accountability Act) compliance. This ensures the security and privacy of patient data.

In this guide, we’ll deploy a secure three-tier architecture for an HMS using Google Cloud Platform (GCP). This architecture uses:

Frontend VM: Hosts Node.js and NPM.
Backend VM: Hosts Java JDK.
Database: Uses GCP MySQL Managed Database for scalability and high availability.

We will configure the system with:

1 VPC with 3 subnets for segmentation.
Firewall Rules for security.
GCP services to meet HIPAA requirements, including encryption and access control.

Overview of Architecture

Key Components:

VPC (Virtual Private Cloud):
- 3 Subnets: Frontend Subnet, Backend Subnet, and Database Subnet.
Virtual Machines (VMs):
- VM1: Hosts Node.js and NPM (Frontend).
- VM2: Hosts Java JDK (Backend).
Database:
- GCP Cloud SQL (MySQL).
Firewall Rules:
- Protect communication between the tiers.
HIPAA Compliance Features:
- Encryption of data in transit and at rest.
- Least privilege access control.
- Secure audit logging.

Step 1: Set Up the VPC and Subnets

Create a VPC:
- Navigate to VPC Network > Create VPC.
- Name: HMS-VPC.
- Configure subnets:
  - Frontend Subnet: 10.0.1.0/24.
  - Backend Subnet: 10.0.2.0/24.
  - Database Subnet: 10.0.3.0/24.

Step 2: Set Up Virtual Machines

VM1: Frontend (Node.js and NPM)

Create a VM:
- Go to Compute Engine > VM Instances > Create Instance.
- Name: Frontend-VM.
- Subnet: Frontend Subnet.
- Machine type: e2-medium (or equivalent).
- Image: Ubuntu 22.04.
Install Node.js and NPM:

   sudo apt update && sudo apt upgrade -y
   sudo apt install -y nodejs npm
   node -v
   npm -v

VM2: Backend (Java JDK)

Create a second VM:
- Name: Backend-VM.
- Subnet: Backend Subnet.
- Machine type: e2-medium.
- Image: Ubuntu 22.04.
Install Java JDK:

   sudo apt update && sudo apt upgrade -y
   sudo apt install -y openjdk-17-jdk
   java -version

Step 3: Configure GCP Cloud SQL (MySQL)

Create a Cloud SQL instance:
- Navigate to SQL > Create Instance.
- Select MySQL.
- Configure:
  - Name: hms-database.
  - Database Version: MySQL 8.0.
  - Region: Same as your VPC.
- Enable Public IP and select Database Subnet.
Create a Database:
- After the instance is created, connect to it using the Cloud Shell:
```
 gcloud sql connect hms-database --user=root
```

Run the following commands:

 CREATE DATABASE hospital_mgmt;
 CREATE USER 'hms_user'@'%' IDENTIFIED BY 'secure_password';
 GRANT ALL PRIVILEGES ON hospital_mgmt.* TO 'hms_user'@'%';
 FLUSH PRIVILEGES;

Step 4: Set Up Firewall Rules

Frontend Subnet:
- Allow inbound HTTP/HTTPS traffic (ports 80, 443).
- Deny all other inbound traffic.
- Allow outbound traffic to Backend Subnet.
Backend Subnet:
- Allow inbound traffic from Frontend Subnet on port 8080.
- Deny all other inbound traffic.
- Allow outbound traffic to Database Subnet.
Database Subnet:
- Allow inbound traffic from Backend Subnet on port 3306 (MySQL).
- Deny all other inbound traffic.
- Block all outbound traffic (or restrict as necessary).

Step 5: Application Deployment

Frontend Deployment

Set up a simple Node.js app:

   mkdir hms-frontend
   cd hms-frontend
   npm init -y
   npm install express

Create a sample index.js file:

   const express = require('express');
   const app = express();
   const PORT = 80;

   app.get('/', (req, res) => res.send('Hospital Management Frontend Running!'));
   app.listen(PORT, () => console.log(`Frontend running on port ${PORT}`));

Run the app:

   node index.js

Backend Deployment

Write and compile a Java-based REST API:
- Example: Use Spring Boot to create APIs for the HMS.
Deploy the API:
- Run the API on port 8080 and ensure it communicates with the database.

Step 6: Enforce HIPAA Compliance

1. Data Encryption

Enable SSL/TLS:
- Use Let’s Encrypt or GCP Certificate Manager for securing frontend and backend communication.
- Enable SSL for Cloud SQL:
- Navigate to your SQL instance and enable SSL connections.

2. Access Control

Use IAM roles to limit access to critical resources.
Store sensitive information (e.g., database credentials) in GCP Secret Manager.

3. Audit Logging

Enable Cloud Audit Logs for all actions on the VMs and database.
Use Cloud Monitoring to track system activity and detect anomalies.

Step 7: Test and Validate

Test Connectivity

Verify that:
- The frontend connects to the backend.
- The backend successfully interacts with the MySQL database.

Run HIPAA Tests

Use tools like OpenSCAP to validate compliance with HIPAA controls.

Step 8: Secure the Environment

Enable GCP Identity-Aware Proxy (IAP) for secure access to VMs.
Regularly update VMs and software.
Set up Cloud Backup for the database and application data.

Conclusion

By leveraging GCP’s managed services and adhering to HIPAA compliance principles, you can design a secure, scalable, and efficient Hospital Management System. The architecture described ensures patient data is protected while providing seamless application functionality.

Designing a Bank Web Application on Azure with PCI-DSS Compliance

Moses Daniel — Fri, 10 Jan 2025 07:53:00 +0000

Introduction

In today’s fintech landscape, ensuring that your banking application adheres to compliance standards like PCI-DSS (Payment Card Industry Data Security Standard) is critical. This guide walks you through designing a secure, three-tier bank web application on Microsoft Azure using PCI-DSS compliance principles.

We’ll set up a three-tier architecture:

Frontend VM (Node.js and NPM)
Backend VM (Java JDK)
Database VM (MySQL Database)

The architecture will include a single VNet with three subnets, three NSGs for network security, and a strong firewall strategy.

Overview of Architecture

Key Components:

Virtual Network (VNet):
- 3 Subnets: Frontend Subnet, Backend Subnet, and Database Subnet.
Virtual Machines (VMs):
- VM1: Hosts Node.js and NPM (Frontend)
- VM2: Hosts Java JDK (Backend)
- VM3: Hosts MySQL (Database)
Network Security Groups (NSGs):
- Frontend NSG: Protects the frontend.
- Backend NSG: Protects the backend.
- Database NSG: Secures database access.
PCI-DSS Compliance:
- Secure transmission of sensitive data.
- Strong firewall configuration.
- Segmented architecture to limit lateral movement.

Step 1: Create the Virtual Network (VNet)

Log into Azure Portal.
Create a Virtual Network:
- Navigate to Networking > Virtual Networks > Create.
- Name: BankApp-VNet.
- Address Space: 192.168.0.0/16.
- Subnets:
  - Frontend Subnet: 192.168.2.0/24.
  - Backend Subnet: 192.168.1.0/24.
  - Database Subnet: 192.168.0.0/24.
- Click Review + Create.

Step 2: Create Virtual Machines

VM1: Frontend (Node.js and NPM)

Navigate to Compute > Virtual Machines > Create.
Configuration:
- Name: Frontend-VM.
- Size: Standard_B2s (or equivalent).
- Image: Ubuntu Server 22.04.
- Subnet: Frontend Subnet.
Install Node.js and NPM:

   sudo apt update && sudo apt upgrade -y
   sudo apt install -y nodejs npm
   node -v
   npm -v

VM2: Backend (Java JDK)

Repeat the steps above for Backend-VM:
- Subnet: Backend Subnet.
Install Java JDK:

   sudo apt update && sudo apt upgrade -y
   sudo apt install -y openjdk-17-jdk
   java -version

VM3: Database (MySQL)

Create Database-VM:
- Subnet: Database Subnet.
Install MySQL:

   sudo apt update && sudo apt upgrade -y
   sudo apt install -y mysql-server
   sudo mysql_secure_installation

Step 3: Configure Network Security Groups (NSGs)

Frontend NSG

Navigate to Networking > Network Security Groups > Create.
Configure rules:
- Allow HTTP (80) and HTTPS (443) inbound.
- Deny all other inbound traffic.
- Outbound: Allow only to backend subnet.

Backend NSG

Create another NSG for Backend-VM:
- Allow TCP port 8080 from frontend subnet.
- Deny all other inbound traffic.
- Outbound: Allow only to database subnet.

Database NSG

Create the final NSG for Database-VM:
- Allow MySQL (port 3306) inbound from backend subnet.
- Deny all other inbound traffic.
- Outbound: Deny all (or allow restricted outbound).

Step 4: Application Deployment

Frontend Deployment

Set up your Node.js app on Frontend-VM:

   mkdir bank-frontend
   cd bank-frontend
   npm init -y
   npm install express

Create a sample index.js file:

   const express = require('express');
   const app = express();
   const PORT = 80;

   app.get('/', (req, res) => res.send('Bank Frontend Running!'));
   app.listen(PORT, () => console.log(`Server running on port ${PORT}`));

Run the application:

   node index.js

Backend Deployment

Create a sample Java REST API on Backend-VM:
- Write and compile your REST API (e.g., using Spring Boot or JAX-RS).

Database Configuration

Connect the Backend API to the MySQL Database:

Create a database for your bank application:

 CREATE DATABASE bank_app;
 CREATE USER 'bank_user'@'%' IDENTIFIED BY 'secure_password';
 GRANT ALL PRIVILEGES ON bank_app.* TO 'bank_user'@'%';
 FLUSH PRIVILEGES;

Step 5: Implement PCI-DSS Controls

1. Data Encryption

Enable SSL/TLS for communication between components:
- Install Let's Encrypt SSL certificates for the frontend server.
- Configure MySQL to use SSL for secure database connections.

2. Secure Authentication

Use strong passwords for all VMs and database users.
Configure Azure Key Vault to store sensitive secrets like database credentials.

3. Logging and Monitoring

Enable Azure Monitor to log network traffic and application activity.
Set up alerts for unusual behavior or unauthorized access attempts.

4. Segmentation

Subnets are already segmented; ensure NSG rules strictly enforce this segmentation.

Step 6: Test and Validate

Test Connectivity

Verify that:
- Frontend can communicate with the backend via the Backend NSG rules.
- Backend can connect to the database securely using Database NSG.

Run PCI-DSS Tests

Use tools like AlienVault OSSIM or OpenVAS to validate compliance.

Step 7: Secure the Environment

Regularly update VMs and software.
Enable Azure Backup to back up critical data.
Conduct periodic penetration tests to identify vulnerabilities.

Conclusion

This architecture ensures a secure, scalable, and PCI-DSS-compliant bank web application. By using Azure’s robust infrastructure and best practices, you can focus on delivering value to your users while safeguarding sensitive financial data.

How to Integrate and Configure Zabbix for Monitoring IT Infrastructure

Moses Daniel — Fri, 10 Jan 2025 05:58:07 +0000

Introduction
Zabbix is a powerful open-source monitoring tool used to monitor IT infrastructure, applications, and services. It provides comprehensive visibility into your environment, enabling proactive issue resolution. In this article, we’ll walk you through the steps to integrate and configure Zabbix for your IT infrastructure.

Prerequisites
Before starting, ensure the following:

Server Requirements:
- OS: Ubuntu 22.04 (or your preferred Linux distribution)
- At least 2GB RAM and 10GB of disk space
Database: MySQL or PostgreSQL installed on the server
Network Setup: Open ports 80, 10051 (for Zabbix server), and 10050 (for Zabbix agents)

Step 1: Install Zabbix Server

Update System Packages:

   sudo apt update && sudo apt upgrade -y

Add the Zabbix Repository:

   wget https://repo.zabbix.com/zabbix/6.0/ubuntu/pool/main/z/zabbix-release/zabbix-release_6.0-5%2Bubuntu22.04_all.deb
   sudo dpkg -i zabbix-release_6.0-5+ubuntu22.04_all.deb
   sudo apt update

Install Zabbix Server and Agent:

   sudo apt install zabbix-server-mysql zabbix-frontend-php zabbix-apache-conf zabbix-agent -y

Step 2: Configure Zabbix Database

Install MySQL Server:

   sudo apt install mysql-server -y

Secure MySQL Installation:

   sudo mysql_secure_installation

Create a Database for Zabbix:

   mysql -u root -p
   CREATE DATABASE zabbix CHARACTER SET utf8mb4 COLLATE utf8mb4_bin;
   CREATE USER 'zabbix'@'localhost' IDENTIFIED BY 'your_password';
   GRANT ALL PRIVILEGES ON zabbix.* TO 'zabbix'@'localhost';
   FLUSH PRIVILEGES;
   EXIT;

Import Zabbix Schema:

   zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | mysql -u zabbix -p zabbix

Step 3: Configure Zabbix Server

Edit the Zabbix Server Configuration File:

   sudo nano /etc/zabbix/zabbix_server.conf

Update:

   DBName=zabbix
   DBUser=zabbix
   DBPassword=your_password

Restart and Enable Zabbix Server:

   sudo systemctl restart zabbix-server zabbix-agent apache2
   sudo systemctl enable zabbix-server zabbix-agent apache2

Step 4: Access the Zabbix Web Interface

Open the Web UI: Navigate to http://<your_server_ip>/zabbix in a browser.
Follow the Web Installer:
- Choose your language.
- Verify prerequisites.
- Configure the database (use the zabbix user and database name).
- Finalize the setup.
Login to Zabbix:
- Default Username: Admin
- Default Password: zabbix

Step 5: Configure Zabbix Agents

Install Zabbix Agent on a Monitored Host:

   sudo apt install zabbix-agent -y

Edit Agent Configuration:

   sudo nano /etc/zabbix/zabbix_agentd.conf

Update:

   Server=<zabbix_server_ip>
   ServerActive=<zabbix_server_ip>
   Hostname=<monitored_host_name>

Restart the Agent:

   sudo systemctl restart zabbix-agent
   sudo systemctl enable zabbix-agent

Step 6: Add Hosts to Zabbix

Navigate to “Configuration > Hosts” in the Zabbix Web Interface.
Add a New Host:
- Hostname: Same as in zabbix_agentd.conf.
- Group: Select or create a group (e.g., Linux Servers).
- Interfaces: Add the IP address of the monitored host.
Link a Template:
- Go to “Templates” and select a Template OS Linux template.

Step 7: Set Up Alerts

Navigate to “Configuration > Actions.”
Create a Trigger:
- Define a condition (e.g., CPU usage > 90%).
- Configure an action (e.g., send email).
Configure Media Types:
- Go to “Administration > Media Types.”
- Add email or other notification methods.

Step 8: Visualize Data

Set Up Dashboards:
- Navigate to “Monitoring > Dashboards.”
- Create widgets for CPU, memory, disk, and network usage.
Use Graphs:
- Go to “Monitoring > Graphs” for detailed performance data.

Step 9: Secure Your Zabbix Installation

Enable HTTPS:
- Install SSL certificates using Let’s Encrypt or self-signed certificates.
- Configure Apache to use HTTPS.
Restrict Access:
- Use a firewall (e.g., ufw) to allow only necessary ports.

   sudo ufw allow 22/tcp
   sudo ufw allow 80/tcp
   sudo ufw allow 443/tcp
   sudo ufw enable

Step 10: Maintain and Monitor

Update Zabbix:
- Regularly check for updates and apply patches.
Monitor Logs:

   sudo tail -f /var/log/zabbix/zabbix_server.log

Backup Configuration:
- Export Zabbix configurations and regularly back up the database.

Conclusion
Zabbix is a comprehensive monitoring solution that can scale with your infrastructure. By following these steps, you’ll have a fully functional Zabbix setup that provides real-time insights and proactive issue resolution. If you encounter any challenges, refer to the official Zabbix documentation.

Deploying GCP Infrastructure Using Terraform Modules: A Step-by-Step Guide

Moses Daniel — Fri, 20 Dec 2024 12:11:42 +0000

Managing cloud resources manually can be tedious, error-prone, and time-consuming. Infrastructure-as-Code (IaC) tools like Terraform make it easier to define, provision, and manage cloud infrastructure. In this guide, we'll use Terraform to deploy a Virtual Private Cloud (VPC), a Subnet, a Firewall rule, and a Compute Instance on Google Cloud Platform (GCP).

Prerequisites
Before we start, ensure you have:

Google Cloud Account with project setup.
Terraform installed on your local machine. Download Terraform.
GCP Service Account JSON Key with appropriate permissions (e.g., Owner or specific permissions for the resources).
Google Cloud SDK (gcloud) installed for authentication.

Step 1: Authenticate Terraform with GCP
Download the Service Account JSON file from GCP.

Set the GOOGLE_APPLICATION_CREDENTIALS environment variable to the JSON file path:

Step 2: Create the Terraform Configuration File
Create a directory for your Terraform project:

-Run the command "terraform init" to initialize the directory

Step 3: Create VPC Network Module
Create a vpc tf file

-Run the command terraform validate to make sure every vpc network configuration is correct

Run the command "terraform plan"
Run the command "terraform deploy --auto-approve"

Step 4: Create the Subnet Module
Create a subnet tf file:

Run the command "terraform deploy --auto-approve"

Step 4: Create the Firewall Module
Create a firewall tf file:

Run the command "terraform deploy --auto-approve"

Step 4: Create the Compute Instance Module
Create a compute tf file:

-Run the command terraform validate to make sure every computer instance configuration is correct

Run the command "terraform plan"
Run the command "terraform deploy --auto-approve"

Step 5: Verify the Resources
Log in to the Google Cloud Console.
Navigate to VPC networks, Compute Engine, and Firewall rules to confirm the resources are created.

Step 6: Clean Up Resources
When you're done, destroy the resources to avoid unnecessary charges:

Run the command "terraform destroy --auto-approve

Code Explanation
VPC: Creates an isolated network (google_compute_network) for your resources.
Subnet: Reserves an IP range within the VPC using a CIDR block (google_compute_subnetwork).
Firewall: Opens port 22 to allow SSH access (google_compute_firewall).
Compute Instance: Deploys a virtual machine (google_compute_instance) with an external IP for access.

Why Terraform?
Terraform is declarative, meaning you define what you want to achieve, and Terraform figures out how to make it happen. It supports multi-cloud environments and tracks changes with state files, making infrastructure management simple and efficient.

Benefits of Using Modules
Reusability: Write once and reuse across multiple projects.
Clarity: Keep your root configuration clean and organized.
Scalability: Manage complex deployments with modular components.

This modular setup is production-ready and ensures scalability for future infrastructure growth. Let me know if you'd like help refining the documentation further! 🚀

Securing a Web Application on Google Cloud Platform: Best Practices and Implementation

Moses Daniel — Wed, 18 Dec 2024 10:45:44 +0000

Introduction
Security is a critical aspect of any web application, especially in the cloud. In this post, I’ll walk you through how I secured a web application hosted on Google Cloud Platform (GCP). This project demonstrates the implementation of cloud-native security tools and practices to safeguard a web application against common threats while ensuring compliance with industry standards.

Project Overview
Objective: To secure a web application deployed on GCP by implementing best practices for data protection, network security, and access control.
Key Features:
Securing data in transit and at rest.
Protecting the application from unauthorized access and attacks.
Using GCP-native tools for monitoring, logging, and threat detection.

Architecture
Components:
Web Server: Hosted on Compute Engine (NGINX/Apache).
Database: Cloud SQL (MySQL).
Load Balancer: GCP HTTP(S) Load Balancer with SSL.
Firewall Rules: Configured via GCP VPC.
Monitoring: Cloud Monitoring and Cloud Logging.
Threat Protection: Security Command Center

Step-by-Step Implementation
1. Deploying the Web Application on GCP
Before securing the application, I deployed it on GCP:

Compute Engine: Deployed the web application on a virtual machine.
Cloud SQL: Set up the MySQL database for application data.
Configured an HTTP(S) Load Balancer to distribute traffic efficiently.

2. Enforcing Secure Network Configurations
Firewall Rules:

Allowed only HTTP/HTTPS traffic from specific IP ranges.
Restricted SSH access to my IP address using ingress rules.
Blocked all unused ports.
Example rule:

Private IPs for Database Services:

Configured the database to use private IPs to prevent public exposure.

3. Encrypting Data
Data in Transit:

Secured communication between clients and the server using SSL/TLS.
Integrated an SSL certificate on the HTTP(S) Load Balancer.
Redirected all HTTP traffic to HTTPS.
Steps:

Provisioned a free SSL certificate via GCP's managed certificates.
Configured SSL policies to enforce modern TLS standards (e.g., TLS 1.3).
Data at Rest:

Enabled encryption for Cloud SQL and Cloud Storage buckets.
Used customer-managed encryption keys (CMEK) for added control.

4. Implementing Identity and Access Management (IAM)
Principle of Least Privilege:

Restricted IAM roles to the minimum required permissions.
Used predefined roles for Compute Engine, Cloud SQL, and Storage instead of broad Owner/Editor roles.
Service Accounts:

Assigned dedicated service accounts to each GCP resource.
Configured granular permissions for service accounts.
Audit Logging:

Enabled Cloud Audit Logs to track all changes to GCP resources.

5. Protecting Against Threats
Google Cloud Armor:

Configured Cloud Armor to protect against DDoS attacks and common web vulnerabilities (e.g., SQL injection, XSS).
Applied pre-configured WAF (Web Application Firewall) rules.
reCAPTCHA Enterprise:

Integrated reCAPTCHA to prevent bot traffic and brute-force login attempts.
Firewall for Egress Traffic:

Monitored and restricted outgoing traffic to prevent data exfiltration.

6. Monitoring and Logging
Cloud Monitoring:

Set up dashboards to monitor CPU usage, memory, and network traffic.
Configured alerts for unusual activity.
Cloud Logging:

Collected and analyzed logs for HTTP requests, errors, and database queries.
Integrated with Cloud Logging for real-time insights.
Security Command Center:

Enabled GCP’s Security Command Center for threat detection and vulnerability scanning.

7. Regular Security Audits and Patching
Scheduled periodic vulnerability assessments using third-party tools and GCP Security Scanner.

Configured automatic updates for the operating system and application dependencies.
Regularly patched the database and web server to address known vulnerabilities.

Security Assessment and Testing

Penetration Testing

Nmap Scanning: Use Nmap to verify open ports and firewall rules.
Vulnerability Testing:
- Run Nikto against the webserver to check for outdated software and web vulnerabilities.

Results
The web application was fully secured against common vulnerabilities such as SQL injection, XSS, and DDoS attacks.
All data was encrypted at rest and in transit, ensuring compliance with security standards.
Real-time monitoring and alerting helped detect and mitigate threats promptly.
The security measures improved user trust and application performance.

Lessons Learned
Security is a Continuous Process: Threats evolve, so regular updates and monitoring are essential.
Leverage Cloud-Native Tools: GCP’s built-in tools like Cloud Armor and IAM made securing the application much easier.
Document Everything: Clear documentation simplifies audits and troubleshooting.

Conclusion
Securing a web application on Google Cloud Platform requires a combination of cloud-native tools, best practices, and ongoing vigilance. By implementing the steps outlined in this guide, I ensured the application was robust against threats and compliant with modern security standards.

Call to Action
Have you secured an application on GCP or any other cloud platform? Share your experiences and tips in the comments!

Migrating a Web Application from AWS to GCP: A Step-by-Step Guide

Moses Daniel — Wed, 18 Dec 2024 09:01:24 +0000

*Introduction *
Migrating web applications between cloud platforms can be challenging but rewarding. In this post, I’ll share how I successfully migrated a web application from AWS to Google Cloud Platform (GCP). I’ll cover everything from planning, setting up infrastructure, migrating static content, databases, and DNS, to ensuring functionality and performance optimization.

Project Overview
Objective: To migrate a production-ready web application from AWS to GCP.
Motivation: The migration aimed to leverage GCP’s cost-efficiency, scalability, and integration capabilities.
Challenges:
Ensuring zero downtime during the migration.
Maintaining data integrity and performance.
Updating DNS configurations without affecting users.

Architecture Before and After
AWS Setup:
Web Server: EC2 instance running Apache.
Database: Amazon RDS (MySQL).
Static Files: S3 bucket.
DNS: Amazon Route 53.
GCP Setup:
Web Server: Compute Engine with NGINX.
Database: Cloud SQL (MySQL).
Static Files: Google Cloud Storage (GCS).
DNS: Google Cloud DNS.

**Step-by-Step Migration Process

Planning the Migration** Before migrating, I assessed the existing AWS infrastructure and mapped equivalent GCP services:

EC2 (AWS) → Compute Engine (GCP)
RDS (AWS) → Cloud SQL (GCP)
S3 (AWS) → Cloud Storage (GCP)
Route 53 (AWS) → Cloud DNS (GCP)

*2. Setting Up GCP Infrastructure
Compute Engine:
*
Created a Compute Engine VM instance with the necessary configurations (vCPU, memory, storage).
Installed NGINX and configured it as the web server.
Cloud SQL:

Set up a MySQL instance on Cloud SQL with the same schema as the original RDS database.
Cloud Storage:

Created a bucket for static files and set the appropriate permissions.
DNS Configuration:

Prepared Cloud DNS for domain management post-migration.

Migrating the Web Server
Task: Recreate the EC2 instance on GCP using Compute Engine.
Steps:
Configured a Compute Engine instance to run NGINX.
Transferred the application code to the instance using SCP:

Testing and Validation
Performed rigorous testing to ensure the application was working as expected:
Load Testing: Verified the application’s performance on GCP.
Functionality Testing: Ensured all features (login, file uploads, database queries) worked.
DNS Propagation Check: Used tools like dig and whatsmydns.net to confirm DNS changes.

Post-Migration Optimization
Enabled GCP-specific features for better performance:
Cloud CDN for caching and reducing latency.
Cloud Monitoring for performance insights.
IAM Policies for secure access control.

Lessons Learned
Thorough Planning is Key: Mapping AWS services to GCP equivalents upfront saved time.
Data Integrity: Regular database backups ensured no data loss.
Testing: Early testing avoided surprises during the migration.

Conclusion
Migrating from AWS to GCP is achievable with careful planning and execution. This project taught me the importance of aligning cloud services with business goals while ensuring minimal disruption to users.

Have you undertaken a cloud migration project? Share your experiences in the comments!