Re-Architecting Web App using AWS Cloud

Refactoring the AWS Lift and Shift project: https://www.dhirubhai.net/posts/kamalpreet-singh-92165a1b2_90daysofdevopschallenge-90daysofdevops-imrantelli-activity-7141750334783111168-RQrJ?utm_source=share&utm_medium=member_desktop

using IAAC and PAAC.

Objective of Refactoring LIFT and Shift Project:

1. Ease of managing the infrastructure
2. Pay-as-you-go model
3. PAAS, and SAAS
4. Flexibility in operations

AWS services Used :

1. Security Group for Backend Services
2. Key pair for ec2 instances
3. Subnet Group, Parameter Group, and Database for RDS instance.
4. Subnet group, parameter group and Elastic cache cluster (Memcached) using subnet group and parameter group created
5. Amazon MQ broker
6. One EC2 Instance
7. Elastic Beanstalk(EC2 instance, Load balancer, Auto scaling)
8. IAM role for Beanstalk
9. CloudFront
10. Route53 DNS service

Infrastructure :

Flow Of Execution:

1. created a Keypair and stored the key in .pem format.
2. Created the security group for the backend services (Memcached, Active MQ, and RDS) and First just allowed all traffic from the same Security group so that all the DB instances can interact with each other.
3. Created subnet group selecting all the Zones and subnets and further parameter group with MySQL 8.0 and further using subnet group, security group, and parameter group created the Database(single DB instance for Free Tier) using standard create option. In additional configuration of the RDS made some changes related to the Database Name and selected all the logs to be exported to CloudWatch.
4. Created subnet group and further parameter group with Memcached 1.6 and further using subnet group, and parameter group created the Elastic cache Cluster to run on port 11211
5. Created Rabbit MQ broker selecting Amazon MQ for the single instance broker option. For a free-tier application, we will select the t2.micro instance type.
6. Created an EC2 instance and allowed SSH on port 22 from my IP. In the EC2 instance run this command mysql -h (RDS endpoint) -u username -p password database_name <src/main/resources/db_account.sql. Here src/main/resources/db_account.sql is the path of the SQL queries that we need to run in our Database. We used the repository provided by Imran Teli in the DevOps courses.
7. We deleted the instance created and stored the three endpoints (RDS endpoint, elastic cache endpoint, and Rabbit MQ endpoint).
8. Created an IAM role for Beanstalk. Added 4 policies to the IAM role.AWS elastic beanstalk web tier, Administrator access-AWSelasticBeanstalk, AWSElasticBeanstalkRoleSNS, AWS ElasticBeanstalk custom Platform for EC2 role. And deleted the service role for Beanstalk created automatically.
9. Created the Beanstalk application and environment with the Tomcat platform. We selected the platform Tomcat 8.5 with Corretto 11 based on our Vprofile Project. Selected the keypair created by us, default VPC, all subnets, instance type as t3.micro or t3.small. Autoscaling option as Load balanced. Selected Application Load balancer. Selected 2 instances for Minimum quantity and 8 for maximum quantity. Changed the health check from '/' to '/login'. Selected updates as Rolling updates as deployment policy with percentage as 50%. This means that in case 10 ec2 instances are required to be created then 5 Will be created first and then a further 5. Further checked all the details and submitted them.
10. Opened S3 and checked that the Beanstalk name bucket was already created and enabled ACL for that.
11. Again Opened the Beanstalk and changed the configuration. Added listener at port 443 with the ACM certificate we already created in the last project.
12. In ec2 Instances we checked that the 2 instances will automatically created. From these EC2 instances, we copied the security Group ID and allowed traffic from this security group to the Backend security Group (Port 5671,11211,3306).
13. In the repository Cloned, we made changes in the Application.properties file. We changed the RDS endpoint and credentials, RabbitMQ endpoint and Elastic cache cluster endpoint. Build the project and deploy the artifacts generated to the Beanstalk.
14. Copied the Beanstalk endpoint and using that accessed the Vprofile Site. HTTP protocol was working fine but for HTTPS we created a new CNAME DNS record mapping vprofile to beanstalk endpoint. Now accessing https://vprofile/login works fine.
15. Created the Cloudfront Distribution with the Domain. selected protocol as match viewer, Selected all the edge locations and Selected the already created ACM.

The above-provided method hosted the AWS cloud using PAAS and SAAS services and established a secured connection (using an SSL certificate from Amazon certificate manager) between client and server. CloudFront allowed the Global audience and eliminated High Latency.