AWS: Highly Available & Resilient architecture using LAMP?stack

Today, I am going to discuss about a high-level reference architecture for a web based services start-up company which hopes for a significant growth in near future. This proposed architecture is based on AWS solutions and inherently enables various enterprise capabilities to the overall solution. Currently this architecture uses a LAMP stack comprising of open source softwares. If you are looking for AWS startup events, register here: https://aws.amazon.com/events/startup-day/

Why AWS for a start-up company?

Amazon Web Services provides the foundation for your ambition, where capability and community come together to help you build and scale your dreams.

AWS Solutions elasticity nature enables the enterprise cloud capabilities to the solution.

Since growth of the company is not guaranteed and to keep the solution cost effective over the time, the solution should be easily re-sizeable to match the growth. AWS solutions readily brings these capabilities at every stage of the solution to the desk. AWS components are elastic in nature, that is they can auto re-size to a given load at run time. Say, using EC2 you can have more servers added to the solution if the load on servers increases and vice-versa. AWS pay-as-you pricing model keeps investments as well elastic. That is when you have more load, you use more resources then you pay for added resources and vice-versa. Choosing AWS enables the elasticity to the overall solution for any loads over any time.

AWS solution is a Scalability booster for handling the unpredicted traffic loads.

It’s very often heard that upcoming web based solutions suffer performance during peak loads. This is a result of resources not being scalable to meet the unexpected increase in load at real time. AWS auto scale provisioning of VM instances helps you add more web servers readily as needed to serve the increased loads. They can be taken offline or removed when the load returns to normal as needed. This capability boosts the scalability of overall solution to the ever changing traffic loads.

Easy manageability of the solution deployments and maintenance.

Being a start-up and web based solution, company may often need to deploy changes to the system. They would require a consistent close of production environment at every level of their Development, QA testing, Staging and Prod. Yet again the on-demand provisioning of resources in AWS improves turnaround time to deploy and test the changes at every stage to ensure stable release of product in the Production. This minimizes the hardware and maintenance costs involved at every stage of development cycle.

Proposed Solution 

The proposed solution consists of three layers: 

•  Web/App Server Layer 

 Manages application on EC2 instance via Elastic Beanstalk, Load balancing and Auto Scaling Groups. 

 Manage User Identity & sync using Cognito 

• Database Layer 

 Manages database servers configuration, security, availability using RDS Mysql Instance 

• Network Layer 

 Manages network configurations and security via AWS Route 53, Cloudfront, ELB, MultiAvailability Zones, Elastic IPs, Security Groups, etc. Responsible for ensuring access to the application from across the globe and load balancing them.

Solution Architecture

1. The HTTPS request is served by Route53 which forwards it to corresponding ELB(Elastic Load Balancer) consisting of ASG-EC2 instances. EC2 instances are provisioned using Elastic Beanstalk in Multi AZ and load balanced.
2. Request to static objects(image/videos etc) are served from a S3 bucket via Cloudfront as a CDN.
3. The data access layer from EC2 instance connects to RDS(MySQL) master instance for CRUD operations.
4. RDS is set up for High availability/Failover in Multi AZ environment. A synchronous standby replica is provisioned and maintained in a different Availability Zone.
5. Automated backups and snapshots can be provisioned for disaster recovery.
6. Cognito is used to manage user identities & sync user specific data across multiple devices. Load Balancer is used to securely authenticate users as they access the applications.
7. Kinesis is used to process the streams of data in real time. The app on the EC2 instances pushes app logs, error logs or custom logs onto the Kinesis. RDS can push error logs/custom data to Kinesis.
8. S3 is used to store all the logs produced in Kinesis Streams. Lifecycle Rule is set up to archive this data in Glacier after 180 days.
9. Quicksight is leveraged for analytics having source in S3 bucket in above step.
10. Pinpoint is used for customer engagement like sending notifications or campaigns with data source from S3 bucket. 
11. SNS is used to send notifications to consumers from the application. 
12. Cloud formation can be used to provision, configure and also auto scale the infrastructure. AMI can be created for EC2 and leveraged for provisioning.

Configurations: 

• Security at rest & in transit is enabled for all services is enabled. 
• All AWS services are having service linked roles/policies to enforce security & accessibility via the relevant service only.
• AWS security hub & Config is enabled to monitor & review security status of the infrastructure. 
• As the team expands, IAM groups will be created for the specific roles & policies required for the separate teams. IAM users can be assigned to their relevant group.

Conclusion

With this architecture, we can address following challenges:

• Faster response time from website
• No downtime
• Security of user data
• Faster Infrastructure provisioning & Time to market
• Simplified database management and administration

With combination of above services of AWS, we could build a manageable, secure, scalable, high performance, efficient, elastic, highly available, fault tolerant and recoverable architecture for the company.

That's all folks!! Thanks for reading. Feedback appreciated :)