How can you take an existing monolith to the cloud with very minimal effort? In this talk we will explore an architecture that can help you to achieve that while focusing on scalability and resilience.
and they should be able to see all their previously uploaded legal documents A user can upload new documents and organize them by providing speci๏ฌc tags (client id, case number, etc.) A user might search for documents containing speci๏ฌc keywords or tags 16
Virginia, Ireland or Sydney) where AWS hosts a group of data centers. Regions help to provision infrastructure that is closer to the customers, so that our applications can have low latency and feel responsive. 28
networking, and connectivity in an AWS Region. Data centers in di๏ฌerent availability zones are disjointed from one another, so if thereโs a serious outage, thatโs rarely a๏ฌecting more than one availability zone at the same time. 29
region for a given AWS account. It is logically isolated from other virtual networks in AWS. Every VPC has a range of private IP addresses organised in one or more subnets. 31
and in a given availability zone that can be used to spin up and connect resources within the network. Subnets can be public or private. A public subnet can be used to run instances that can have a public IP assigned to them and can be reachable from outside the VPC itself. 32
load balancers) in public subnets and keep everything else (backend services, databases, etc.) in private subnets. Tra๏ฌc between subnets can be enabled through routing tables to allow for instance a load balancer in a public subnet to forward tra๏ฌc to backend instances in a private subnet. 33
request per second. Managed service: we don't need to con๏ฌgure the OS or install software patches. Can be integrated with ACM (AWS Certi๏ฌcate Manager) to support HTTPS. 41
We can scale targets automatically using autoscaling groups. E.g. Add or remove instances based on num requests in-๏ฌight or on avg CPU of the current instances. 44
necessary software for the service (Nginx, Node.js, app code, etc.) They need to use Security Groups (allow tra๏ฌc) and IAM Roles (allow them to access other AWS resources like S3). 48
same: we need to build an AMI (Amazon Machine Image). An AMI contains OS, libraries, software and source code. You can use an AMI to start a new instance. 50
has been launched we shouldn't change it anymore (e.g update the OS, install new softare, update the code, etc.) If we need to change something, we build a new image and deploy new instances. Instances are disposable! 52
might be served by di๏ฌerent instances during their session. A single instance should not store any state (e.g. user sessions, uploaded ๏ฌles, etc.) State should be stored outside instances (ElastiCache, S3, RDS, etc). 53
availability zone. If there is an AWS outage, the instances on the healthy availability zone will keep handling requests. We can use an autoscaling group to make sure that unhealthy instances are replaced. 56
AWS services and (probably) the most famous one. Object storage service: Allows you to store any amount of data durably. You need to use the SDK to read and write data. 58
A ๏ฌrst migration could be done by using a something like to create a "virtual ๏ฌlesystem" that allows you to read/write to S3 seamlessly. s3fs-fuse 61
MySql, PostgreSQL, MariaDB, Oracle & SQL Server. Being a managed service, AWS takes care of most common concerns like backups and updates (con๏ฌgurable). 65
Multi-AZ mode: this means that there will be one or two standby copies of the database in di๏ฌerent AZs. If the primary DB instance or the primary AZ have an outage, one of the standby copies are promoted to become "the primary" instance. 67
Meant to be used for use cases that don't require durability like data cache, session stores, gaming leaderboards, streaming, and analytics. AWS takes care of maintenance. 70
(with enough memory) can scale to signi๏ฌcant amounts of tra๏ฌc. If you need more, you can run ElastiCache Redis in Cluster Mode and shard your data across multiple Redis instances. 71
to RDS, in case of failures, there might be some downtime while the new master is promoted. We need to make sure the app accounts for Redis connection failures. 72
from the web console, but... It will be hard to create consistent environments for development and QA It will be hard to change things incrementally How would we test and review changes before applying them in production? 76
the infrastructure using code. There are several tools that can help us with that: CloudFormation Hashicorp Terraform Cloud Development Kit (CDK) Pulumi 77
EC2InstanceWithSecurityGroupSample: Create an Amazon EC2 instance running the A "Parameters" : { "KeyName": { "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instance", "Type": "AWS::EC2::KeyPair::KeyName", "ConstraintDescription" : "must be the name of an existing EC2 KeyPair." }, "InstanceType" : { "Description" : "WebServer EC2 instance type", "Type" : "String", "Default" : "t2.small", "AllowedValues" : [ "t1.micro", "t2.nano", "t2.micro", "t2.small", "t2.medium", "t2.large", "m1.small", "m1.medium", "m1.large" , "ConstraintDescription" : "must be a valid EC2 instance type." }, "SSHLocation" : { "Description" : "The IP address range that can be used to SSH to the EC2 instances", "Type": "String", "MinLength": "9", "MaxLength": "18", "Default": "0.0.0.0/0", "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." } }, "Mappings" : { "AWSInstanceType2Arch" : { "t1.micro" : { "Arch" : "HVM64" }, "t2.nano" : { "Arch" : "HVM64" }, "t2.micro" : { "Arch" : "HVM64" }, @loige Example of CloudFormation template 78
team grows and the system gets more complicated we can start to think about micro- services. We can start to play with other AWS services (E.g. SQS + Lambda for background task processing). 88
a "gamble"... I selected some arbitrary instance sizes (EC2, RDS, ElastiCache). I am not accounting for auto-scaling. I am not accounting for network tra๏ฌc. Better to look at cost in production and try to optimise when needed. Rule of thumb: try to balance cost with your revenue. Rule of thumb (2): consider the ! total cost of ownership 91
IaaC โ Create and con๏ฌgure a VPC in a region (3 AZs, Public / Private subnets) โ Create an S3 bucket โ Update the old codebase to save every new ๏ฌle to S3 โ Copy all the existing ๏ฌles to S3 โ Spin up the database in RDS (Multi-AZ) โ Migrate the data using Database Migration Service โ Provision the ElastiCache Redis Cluster (Multi-AZ) โ Bonus: a TODO list for the migration @loige โ Create an AMI for the application โ Create a security groups and an IAM policy for EC2 โ Make the application stateless โ Create an health check endpoint โ Create an autoscaling group to spin up the instances โ Create a certi๏ฌcate in ACM โ Provision an Application Load Balancer (public subnets) โ Con๏ฌgure Https, Targets and Health Checks โ Con๏ฌgure Route53 โ Tra๏ฌc switch-over through DNS ๐ค ๐ Great guide to cloud migrations: 6 strategies for migrating applications to the cloud 92