AWS Web Application Architecture using LAMP Stack
Scenario : Build a scalable and high performing Web Application using a LAMP stack( Linux, MySQL, Apache and PHP) on AWS.Web Application is expected to grow at scale and should provide the following capabilities:
•The ability to scale to meet increasing demand and the effective distribution of load.
•Self-healing infrastructure that recovers from failed service instances.
• Ensure high availability and DR capability.
•Their ability to serve static and dynamic content with greater throughput.
•The latency and throughput of content served directly from S3 or from storage attached to EC2.
•The security of data at rest and in transit.
Architecture Objective
Build a scalable, high performing, and highly available architecture that allows the organization’s website to organically grow as work load increases.
The architecture should specifically address the requirements/concerns as described above.
This post also address LAMP Stack Web Application Re-hosting on AWS Cloud.
Please Note : This approach does not focus on micro- services driven Server-less Architecture therefore you don’t see usage of AWS Lambda, API Gateway , Dynamo DB, AWS RDS etc.
Key components and capability of AWS Web Architecture
Amazon S3 — S3 provides highly scalable, secure and durable object storage that can store virtually unlimited amount of data. You can securely store any amounts of data of any shape and size for a wide variety of use cases- store static Data files, images, videos, Data backup/archiving ,
Elastic Load balancing — Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances in the cloud. It enables org. to achieve greater levels of fault tolerance and effectively load balance and distributes the app and network traffic.
• It distributes the load evenly across the instances in all availability zones and ensures request in flight are fully served.
• Each Elastic Load Balancing has health checks defined to ensure that it delegates requests only to healthy instances available for new request.
Elastic Block store — Amazon Elastic Block Store (Amazon EBS) provides persistent block-level storage volumes for use with Amazon EC2 instances.
• EBS volumes are highly available and reliable storage volumes that can be attached to any running EC2 instance that is in the same AZ.
• Each EBS volume is automatically replicated within its AZ to protect against failure, offering HA, durability and low-latency.
Availability zones (AZ) — Availability Zones is AWS high-availability offering that protects against system and data center failures. AZ is unique physical data center locations within an AWS region, AZ are physically separate, independent data centers.
• AZ provides Zone-redundant deployment that replicates your applications & data across AZ to fail-over quickly & protect from single-points-of-failure.
• Multi-AZ deployments provide high availability, data durability, fault tolerance for Web App and DB instances and protect from single-points-of-failure.
• High availability & Disaster recovery — As AZ are physically separate, independent data centers so even extremely uncommon disasters such as fires, tornado, or flooding can affect only a single AZ and application can continue running without significant downtime due to multi-AZ deployment.
Caching with ElastiCache- Amazon ElastiCache is a in-memory cache service. In memory cache can reduce load on services and improve performance and scalability on the database tier by caching frequently used data and provide you blazing fast performance.
• In-Memory Caching is one of the common characteristics of a high performance application and provides fast and responsive user experience.
• Amazon ElastiCache allows you to easily deploy and manage cache environments running either Memcached or Redis engine.
Auto scaling service can create auto scaling group of servers that can grow and shrink on demand. example , If web servers are reporting greater than 80% CPU utilization over a period of times , an additional web servers can be deployed to support growing workload
Edge Caching with Amazon Cloud Front- Amazon Cloud Front is an incredibly robust, versatile content delivery network (CDN) that enables you to speed up distribution of your static, dynamic & streaming web content to end users using AWS Global network of edge location.
• Cloud front automatically routes requests for your content to the nearest edge locations so that content is delivered with the best possible performance.
DNS Service with Amazon Route 53 — Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service.
• It is designed to give businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating human readable names, such as www.example.com, into the numeric IP addresses, such as 192.0.5.1 .
• Amazon Route 53 also serves as domain registrar, allowing you to purchase and manage domains directly from AWS.
Amazon EC2 — Amazon Elastic Compute Cloud (Amazon EC2) provides scalable compute capacity.
• Amazon EC2 provides Virtual computing environments, known as instances.
• Amazon EC2 eliminates your need to invest in hardware up front, so you can develop and deploy applications faster.
• Amazon EC2 enables you to scale up or down to handle changes in requirements, reducing your need to forecast traffic.
Data protection and security- AWS provides one of the most secure global infrastructure and secure cloud computing platform.
• AWS Web Application Firewall (AWS WAF) –Is a managed service designed to protect web application from attacks that can compromise Web App security.
• AWS Shield: AWS Shield is a managed Distributed Denial of Service (DDoS) that safeguards applications running on AWS.
• IAM: Allows you to manage AWS users and groups level access control to allow and deny their access to AWS resources.
• MFA: AWS Multi-factor authentication (MFA) provides an extra level of security for sign-in credentials. With MFA enabled, when users sign in , they will be prompted for their user name and password (the first factor–what they know), as well as for an authentication code from their MFA device (the second factor).
• All sensitive data is stored in S3 are encrypted both in flight & in rest using server side encryption with AWS managed Key SSE- KMS.
