Project Submission Document:
Building a Highly Scalable and Available 3 tier Application on AWS
Introduction: Designed and implemented a highly scalable and available web application on Amazon Web Services (AWS) for a PHP8 application. This document outlines the list of services used in the architecture, how they are networked and deployed, and how the solution can be scaled for increased demand. I also discuss the technical approach used to ensure zero downtime deployments supporting Continuous Integration and Continuous Deployment (CI/CD). Finally, addressed assumptions and trade-offs made between production, staging and development environments and propose a high-level disaster recovery plan for this solution.
Architecture Overview: Used the following AWS services to build a highly scalable and available web application:
Elastic Load Balancer (ELB), Amazon RDS for MySQL, Amazon Elasticache for Redis, Amazon DynamoDB Amazon S3, Amazon VPC, Amazon Route 53, AWS Elastic Kubernetes Service (EKS). Amazon EC2 Auto Scaling Group (ASG), Amazon CloudFront, Amazon Rekognition, AWS Lambda, Amazon Redshift Amazon QuickSight, Amazon API Gateway, Amazon Cognito, AWS Inspector, AWS Key Management Service (KMS), Amazon CloudWatch, Amazon SNS, Amazon SQS, Amazon Kinesis, Amazon EMR AWS Certificate Manager, AWS WAF, AWS Glue, Amazon Athena, AWS IAM
ELB provides load balancing to distribute incoming traffic across multiple instances. We deployed ELB in multiple availability zones to ensure high availability.
Amazon RDS for MySQL as a managed database service that provides a highly available and scalable MySQL database. We configure automatic backups, replication, and failover for RDS.
Amazon Elasticache for Redis is a fully managed Redis service that provides high performance and scalability. It is used as a cache layer to improve the performance of the application.
Amazon DynamoDB as a fully managed NoSQL database service that provides high scalability and availability. We used DynamoDB to store non-relational data with high throughput and low latency.
Amazon S3 is a highly scalable and available object storage service. We used S3 to store and retrieve data such as images, videos, and documents.
Amazon VPC as a virtual private cloud service that provides a private network environment in AWS. We created subnets (public, private and database), route tables, and network ACLs and internet gateway to define network access and communication between instances.
Amazon Route 53 is a highly available and scalable DNS service that can be used to route traffic to the application. We created records and configured Route 53 to route traffic to ELB and other services.
AWS Elastic Kubernetes Service (EKS) is a managed Kubernetes service that can be used to deploy and manage containerized applications. We used EKS to deploy the PHP8 application in a containerized environment.
Amazon EC2 is a scalable compute service that can be used to launch and manage virtual servers in the cloud. We use EC2 instances for bastion host and run the PHP8 application.
Auto Scaling Group (ASG) is a service that can be used to automatically adjust the number of EC2 instances based on the demand. We used ASG to scale up or down the number of instances to ensure high availability and reduce costs.
Amazon CloudFront is a content delivery network (CDN) service that can be used to distribute content to users with low latency and high transfer speeds. We used CloudFront to cache and deliver static and dynamic content to users and leveraged the edge locations.
Amazon Rekognition is a service that can be used to analyze images and videos using machine learning algorithms. We used Rekognition to detect objects, faces, text, and scenes in images and videos since we are in the communications industry.
AWS Lambda is a serverless compute service that can be used to run code without provisioning or managing servers. We use Lambda to covert our video format to make it mobile friendly.
Amazon Redshift is a fully managed data warehouse service that can be used to analyze large amounts of data. We used Redshift to store and analyze data generated by the application over time.
Amazon QuickSight is a business intelligence (BI) service that can be used to create dashboards and visualizations. We can use QuickSight to visualize and analyze data stored in Redshift so informed decisions can be made by management.
Amazon API Gateway is a fully managed service that can be used to create, deploy, and manage APIs. We used API Gateway to create a RESTful API to expose the application's functionality to third party applications and external clients.
Amazon Cognito is an identity management service that can be used to authenticate and authorize users. We used Cognito to authenticate users and manage their access to the application.
AWS Inspector is a security assessment service that can be used to identify security vulnerabilities in the application. We used Inspector to scan the application for security issues and provide recommendations to remediate them.
AWS Key Management Service (KMS) is a fully managed service that can be used to create and control the encryption keys used to encrypt data. We use KMS to encrypt data stored in S3, RDS, Redshift and other services.
Network Topology: We deploy the PHP8 application in a highly available and scalable manner using the following network topology: We created a VPC with two availability zones. We created one public subnets and two private subnets, one in each availability zone. We deployed an ELB in the public subnets to distribute incoming traffic to the instances in the private subnets. We deployed an RDS instance in the private subnet to provide a highly available and scalable MySQL database. We deployed an Elasticache Redis cluster in the private subnet to provide a cache layer for the application. We deployed a DynamoDB table in the private subnet to store non-relational data. We deployed the PHP8 application in an EKS cluster in the private subnet using EC2 instances as worker nodes. We use an ASG to automatically adjust the number of EC2 instances based on the demand. We deploy CloudFront in front of ELB to cache and deliver static and dynamic content to users. We use Amazon Rekognition to analyze images and videos. We use Lambda to run the conversiton in response to events. We stored and analyzed data in Redshift and QuickSight. We expose the application's functionality to external clients using API Gateway. We authenticate and authorize users using Cognito. We use Inspector to scan the application for security vulnerabilities. We encrypt data stored in S3, RDS, and other services using KMS.
Scalability: To scale the application for increased demand, we:
Increase the number of EC2 instances in the ASG to handle more traffic. Use larger instance types for the EC2 instances to handle more requests per second. Use multiple EKS clusters in different regions to handle traffic from different geographic regions. Use Amazon DynamoDB to store non-relational data with high throughput and low latency. Use Amazon ElastiCache for Redis as a cache layer to improve the performance of the application. Use Amazon S3 to store and retrieve data such as images, videos, and documents. Use Amazon CloudFront to cache and deliver static and dynamic content to users. Use Amazon Rekognition to analyze images and videos. Use Amazon Redshift to store and analyze data generated by the application. Use API Gateway to expose the application's functionality to external clients. Use Amazon Cognito to authenticate and authorize users. Use Inspector to scan the application for security vulnerabilities.
CI/CD: To ensure zero downtime deployments and support Continuous Integration and Continuous Deployment (CI/CD). We use Github as our SCM, Jenkins as our automation tool and integrated Jenkins through plugins with composer as our build tool, sonarqube for code quality analysis, nexus as our artifactory. This ends the CI job. A CD job is triggered automatically and that job involved Jenkins integration with ansible which is a configuration management tool. It triggers the docker build engine to build the image, tag it and push to image registry. And ansible then runs the deployment playbook to deploy the application. We use deployment object in k8s with rolling update strategy so we can rollout and rollback with zero down time.
Code is committed to the source code manager (SCM) by developers. Jenkins detects the code changes and triggers a build job. The PHP build tool Composer is used to build the PHP code and generate an executable artifact. The artifact is then sent to SonarQube for static code analysis and quality checks. If the code passes the quality checks, a copy of the artifact is stored in the Nexus artifact repository for future use. Next, Ansible is used to build a Docker image of the artifact. The playbook pulls the artifact and uses a dockerfile to build the image. The Docker image is then tagged and pushed to Docker Hub for distribution. Finally, another Ansible playbook is used to deploy the Docker image to a Kubernetes (K8s) cluster. The playbook pulls the image from Docker Hub and deploys it to the K8s cluster. This CI/CD pipeline ensures that code changes are automatically built, tested, and deployed in a consistent and reliable manner. It also provides feedback to the developers on the quality of the code and helps maintain a high level of code quality over time.
Assumptions and Trade-offs: We made some assumptions and trade-offs between production, staging, and development environments to ensure cost-effectiveness, scalability, and high availability. In the production environment, we deployed the application in two availability zones for high availability. However, in the staging and development environments, we deployed the application in a single availability zone to reduce costs. We used Amazon RDS for MySQL as a managed database service for the production environment, which provides automatic backups, replication, and failover for high availability. However, in the staging and development environments, we used Amazon Aurora Serverless to reduce costs. Aurora Serverless is a fully managed database service that automatically scales up and down based on the demand, which reduces costs for development and staging environments where the workload is low. In the production environment, we used Amazon CloudFront to cache and deliver content to users with low latency and high transfer speeds. However, in the staging and development environments, we did not use CloudFront to reduce costs.
Disaster Recovery Plan: To ensure disaster recovery for the application, we propose the following high-level plan: We deploy the application in two availability zones for high availability. If one availability zone fails, the application can continue to operate in the other availability zone. We configure automatic backups for RDS and store the backups in S3 in a different region for disaster recovery. We use Route 53 to route traffic to the application in the other region if the primary region fails. We use CloudFront to deliver content to users from the other region if the primary region fails.
On-Demand Development Instances with AWS EC2 we have implemented an on-demand development instance service using AWS EC2. With AWS EC2, developers have the ability to spin up their own instances with customizable specifications and configurations, including the operating system, programming languages, and tools needed for their specific project. This enables developers to work in an environment that closely resembles the production environment and ensures consistency across the development team. The on-demand nature of this service means that developers can quickly and easily create instances as needed and avoid the hassle of waiting for IT to provision resources. Additionally, since instances are billed by the hour, we are able to keep costs down and provide an affordable solution for our development teams. Furthermore, with the ability to create and manage security groups and network access control lists (ACLs), we are able to ensure that our development instances are secure and only accessible by authorized users. This ensures the safety and confidentiality of our code and intellectual property.Overall, we believe that our implementation of on-demand development instances with AWS EC2 provides a scalable, flexible, and cost-effective solution for our development teams to work in a customizable environment that meets their unique needs.
Developers automatic on-demand development instances which they can share internally: Virtual Machine-Based Development Environments: With a VM-based approach, you can create a fully-customized development environment with the exact tools and configuration needed for your application. Developers can then spin up their own instance of the VM as needed, and share access with others on the team.
Infrastructure-as-Code: Use infrastructure-as-code (Terraform) to automate the provisioning of your development instances. With IaC, you can define your development environment as code, which makes it easy to spin up new instances on-demand and ensure consistency across your team.
Conclusion: In this project submission document, we have designed and implemented a highly scalable and available web application on Amazon Web Services (AWS) using a variety of services including Elastic Load Balancer (ELB), Amazon RDS for MySQL, Amazon Elasticache for Redis, Amazon DynamoDB, Amazon S3, Amazon VPC, Amazon Route 53, AWS Elastic Kubernetes Service (EKS), Amazon EC2, Auto Scaling Group (ASG), Amazon CloudFront, Amazon Rekognition, AWS Lambda, Amazon Redshift, Amazon QuickSight, Amazon API Gateway, Amazon Cognito, AWS Inspector, and AWS Key Management Service (KMS). We have also discussed the technical approach used to ensure zero downtime deployments supporting Continuous Integration and Continuous Deployment (CI/CD) and proposed a high-level disaster recovery plan for this solution.