Migration of Monolithic to Highly Available and Secure Architecture with AWS 🚀

Hemaprakash Raghu
2 min readAug 8, 2022

--

Here is a story of converting an existing web application which is very good at single point of failure as everything that belongs to the application is stacked together (tightly coupled) and deployed inside one single instance.

If any one component fail inside the instance, the entire application goes down and need a physical resource (developer) to fix it and make it up and running.

The web application consists of:

  1. Web Server (React JS Application)
  2. App Server (Node JS Application)
  3. Database (MySQL)

The goal here is to create a highly scalable and secure three tier web application using AWS services.

Modified Architecture Diagram

The modified architecture is more scalable, secure and fault tolerant and could even support disaster recovery with very little modification.

The Web and AppServer

The basic (react and express) applications are pre-configured with all necessary software installation with the source code and created the Amazon Machine Images.

Launch Templates are then created with the AMI, and AutoScaling Groups are created to scale in and out based on usage. Web Server group is then placed in front of an (Internet Facing) Application Load Balancer to split up the load equally to all instances available with necessary health checks. The App Server group is placed in front of an (Private) Application Load Balancer where it can be accessed only through the other Load Balancer configured via security groups.

The web servers are placed in a public subnets in three Availability Zones and the app servers are placed in private subnets. In order to do any configuration to code or any other settings to app servers, a Bastion Host (Jump-box) is been used through the public subnet.

The Database

Amazon RDS (MySQL) is created with two read replicas in each AZ, and an Elastic Cache is used to reduce performance issue. Here we could also have a stand-by database in another region in order to be safe due to any disaster.

Web App Contents

All images, videos and other files, are uploaded to Amazon S3 through VPC Endpoint through the app or web server (to avoid network cost), and then CloudFront Distribution is used to deliver all the files to public through edge locations without any disturbance.

Authentication and Authorization

Amazon Cognito is used to validate a user and allowed to access to the application. App servers are then using SDK to validate any scopes related to the business logic.

--

--

Hemaprakash Raghu
Hemaprakash Raghu

No responses yet