đUnlocking the Power of AWS: Migrating Your Web App to AWS with Lift and Shift: A Step-by-Step Guide (part-1)
đIntroduction:
đ In this blog post, I will provide a comprehensive, step-by-step guide on how to set up a web application stack on AWS, using the âLift and Shiftâ strategy. If youâre new to the concept, âLift and Shiftâ is a migration approach that enables you to transfer your existing on-premises applications to the cloud with minimal modifications. Itâs like moving your setup to AWS without major changes, facilitating a swift transition to the cloud. âïž
đScenario:
đ Now, letâs take a closer look at the situation. Imagine you have various application services like MySQL (a database), Tomcat (a web server), and DNS (domain name system) running on either physical or virtual machines. To keep everything running smoothly, you need several teams working around the clock. These teams handle different aspects, including virtualization, data center operations, monitoring, and system administration.
đ This arrangement is complicated, đ° expensive, and time-consuming, especially when you have to adjust the resources frequently â like when you need to expand to handle more users or scale down during quieter times. đđ
đSolution:
đĄ The solution to this problem is to leverage cloud computing, specifically AWS. Instead of running your workloads in your own data center, you can run them on AWS, paying only for the resources you use. This approach provides:
đ Flexibility: You can easily adjust your resources as needed.
đ Elasticity: Your setup can automatically adapt to changes in demand.
đ° Cost Control: Pay only for what you use, managing your budget effectively.
đ€ Automation: Streamline tasks, save time, and reduce errors.
This simplifies infrastructure management, allowing you to focus on your application and users without the hassle of handling hardware and resources.
đArchitectural Workflow:
âȘIn this project, weâll utilize AWS services such as EC2 instances, Elastic Load Balancer, Auto Scaling, S3 for storage, Amazon Certificate Manager, and Route 53.
âȘIn a previous blog, I shared a step-by-step guide on setting up a multi-tier web application, both manually and through automation, on local machine with complete architectural workflow explanation. If you havenât had a chance to read my previous blogs, please check it out below links.
âȘNow, weâre about to embark on a new journey to migrate the same application from our local server to the AWS cloud. To achieve this, weâll be employing a âlift and shiftâ strategy. When you have a web stack on AWS Cloud, the architectural design will look like this.
đUser Access and GoDaddy DNS:
· Users access your website through a URL, which is associated with a specific endpoint.
· This association is typically managed through DNS (like GoDaddy), which translates the user-friendly URL into an IP address that points to your application.
đHTTPS Encryption and ACM:
· You correctly state that HTTPS is used to secure the communication between users and your website.
· SSL/TLS certificates for HTTPS encryption are indeed managed using Amazon Certificate Manager (ACM).
đLoad Balancer:
· You have an Application Load Balancer (ALB) that directs incoming traffic.
· The ALB enforces HTTPS and routes incoming requests to your Apache Tomcat instances.
đAuto Scaling:
· Auto Scaling group to manage the capacity of your Tomcat instances.
· The group can automatically adjust the number of instances based on the traffic load, ensuring your application can handle increased demand.
đSecurity Groups:
· Security groups are used to control inbound and outbound traffic for your instances.
· The ALBâs security group allows only HTTPS traffic, which is a good security practice.
· Tomcat instances are in a separate security group that allows traffic on Port 8080, but only from the ALB. This restricts direct access to these instances.
đBackend Services:
· Your application relies on backend services, including MySQL, Memcache, and RabbitMQ.
· The IP addresses of these services are stored in a Route 53 private DNS zone. This setup helps your Tomcat instances find and communicate with the backend services.
đDNS Resolution:
· The Tomcat instances use the names mentioned in Route 53âs private DNS zone to locate and connect to the backend servers. Itâs like a phone book for your applicationâs internal services.
đSecurity for Backend Services:
· You mentioned that backend service instances have their own security groups. This is good practice to ensure that only authorized traffic can access these services.
đFlow of Execution:
- Begin by logging into your AWS account.
- Create key pairs to ensure secure access.
- Configure security groups according to your specific requirements.
- Launch instances using Bash scripts, automating the setup process.
- Update IP-to-name mappings in Route 53 for easy DNS resolution.
- Build your application from source code to prepare it for deployment.
- Upload your application artifacts to an S3 bucket for easy access.
- Download these artifacts to your Tomcat EC2 instances, ensuring that the necessary resources are readily available.
- Set up an Elastic Load Balancer with HTTPS, securing it with ACM certificates.
- Map the Load Balancerâs endpoint to your websiteâs name in GoDaddyâs DNS settings for seamless accessibility.
- Verify that your application runs smoothly and efficiently.
- Finally, implement an Auto Scaling group for your Tomcat instances to ensure optimal performance and resource allocation.
đPrerequisites:
Before we start this exciting journey, there are a few things youâll need to have in place:
đAWS Account: If you donât already have an AWS account, itâs easy to create one.
đDomain Name: Youâll need a domain name, which is your web address. You can acquire one through services like Route 53, GoDaddy, or any other domain providers you prefer.
đACM Certificate: To secure your website with HTTPS, youâll require an ACM (Amazon Certificate Manager) certificate.
If youâre not sure how to create a certificate using ACM for HTTPS protocol, donât worry â Iâll provide you with the steps. In my case, I already purchased a domain name from GoDaddy.
- First, go to the AWS console and search for ACM. Once youâre on the ACM page, click on âRequest a Public Certificate.â This page will look like the screenshot below. Enter your domain name, choose your preferred validation method, and click the âRequestâ button.
2. After clicking âRequest,â youâll receive CNAME and CNMAE values as shown in the screenshot. At this stage, the certificate status will be âPending Validation.â
3. In your domain account with GoDaddy (or any other domain registrar where you purchased your domain), there should be a section for managing your domain settings. Enter the CNAME and values as shown below.
4. When you request a certificate using ACM (Amazon Certificate Manager) for your domain, the certificate needs to be validated to ensure that you have control over the domain. This validation can take some time, and once itâs completed and approved, youâll see in your ACM page that AWS has issued the certificate.
Once weâve ensured the prerequisites, weâll proceed to set up a multi-tier web application stack on AWS cloud using the âLift and Shiftâ strategy.â
Stay tuned for my upcoming blog, where Iâll provide you with a step-by-step, hands-on walkthrough of the entire process. Weâll dive into practical, actionable steps that will empower you to set up your web application stack on AWS with confidence. Until then, keep your learning spirit high, and get ready to embark on an exciting adventure in the world of AWS. đđ ïž
đđHappy learning! đđ
