In my previous project(Project-3_Lift&Shift Application Workload to AWS), I used Lift&Shift strategy to move the application to AWS. Project 4 is about re-architecting the application using Cloud Native Services in AWS. Changes that I have done:
- 🔸 Used Elastic Beanstalk for deploying the application to Tomcat. It also created LoadBalancer, CloudWatch alarms, and ASG for the app servers
- 🔸 Replaced MySQL instance with RDS MySQL
- 🔸 Created ElastiCache service instead of Memcached instance
- 🔸 Used Amazon MQ service with RabbitMQ engine instead of RabbitMQ on an instance
- 🔸 Created a CloudFront distribution for the application
- AWS Account
- Default VPC
- Route53 Public Registered Name
- Maven
- JDK8
- We will create a key pair to be used with Elastic Beanstalk. Go to
EC2console, on left menu selectKeyPair->Create key pair.
Name: - Remember where to download the private key, it will be used when logging in to EC2 via SSH.
- Create a Security Group with name
vprofile-backend-SG. Once it is created we need to editInboundrules:
All Traffic from `vprofile-backend-SG`
- First we will create
Subnet Groupswith below properties:(If we have seperate vpc subnet group is useful)
Name: vprofile-rds-sub-grp
AZ: Select All
Subnet: Select All- We will create a parameter group to be used with our RDS instance. If we want to use default parameter group we don't need to create one. With parameter group, we are able make updates to default parameter for our RDS instance.
- A parameter group is a collection of engine configuration values that you set for your RDS database instance. It contains the mapping of what you want each of these over 400 unique parameters to be set to.
Parameter group family: mysql5.7
Type: DB Parameter Group
Group Name: vprofile-rds-para-grp- We will create RDS instance with below properties:
Method: Standard Create
Engine Options: MySQL
Engine version: 5.7.33
Templates: Free-Tier
DB Instance Identifier: vprofile-rds-mysql
Master username: admin
Password: Auto generate psw
Instance Type: db.t2.micro
Subnet grp: vprofile-rds-sub-grp
SecGrp: vprofile-backend-SG
No public access
DB Authentication: Password authentication
Additional Configuration
Initial DB Name: accounts
Keep the rest default or you may add as your own preference- After clicking
Createbutton, you will see a popup. ClickView credential detailsand note down auto-generated db password. We will use it in our application config files.
- We will create a parameter group to be used with our ElastiCache instance. If we want to use default parameter group we don't need to create one. With parameter group, we are able make updates to default parameters for our ElasticCache instance.
Name: vprofile-memcached-para-grp
Description: vprofile-memcached-para-grp
Family: memcached1.4- First we will create
Subnet Groupswith below properties:
Name: vprofile-memcached-sub-grp
AZ: Select All
Subnet: Select All- Go to
Get Started->Create Clusters->Memcached Clusters
Name: vprofile-elasticache-svc
Engine version: 1.4.5
Parameter Grp: vprofile-memcached-para-grp
NodeType: cache.t2.micro
Number of Nodes: 1
SecGrp: vprofile-backend-SG- We will create Amazon MQ service with below properties:
Engine type: RabbitMQ
Single-instance-broker
Broker name: vprofile-rmq
Instance type: mq.t3.micro
username: rabbit
psw: Blue7890bunny
broker engine version: default
Additional Settings:
private Access
VPC: use default
SEcGrp: vprofile-backend-SG- Do not forget to note down your username/pwd. You won't be able to see your Password again from console.
- Go to RDS instance copy endpoint.
vprofile-rds-mysql.cyicet2iv8su.us-east-1.rds.amazonaws.com- Create an EC2 instance to initialize the DB, this instance will be terminated after initialization.
Name: mysql-client
OS: ubuntu 18.04
t2.micro
SecGrp: Allow SSH on port 22
Keypair: vprofile-prod-key
Userdata:
#! /bin/bash
apt update -y
apt upgrade -y
apt install mysql-client -y- SSH into
mysl-clientinstance. We can check mysql version
curl http://169.254.169.254/latest/user-data
# The 169.254.169.254 IP address is a “magic” IP in the cloud world, in AWS it used to retrieve user data and instance metadata specific to a instance. It can only be accessed locally from instances and available without encryption and authentication.
mysql -V
- Before we login to database, we need to update
vprofile-backend-SGInbound rule to allow connection on port 3306 formysql-client-SGAfter updating rule, try to connect with below command:
mysql -h vprofile-rds-mysql.cyicet2iv8su.us-east-1.rds.amazonaws.com -u admin -pGdkEoOolnmSh911no5VS
mysql> show databases;
- Next we will clone our source code here to use script to initialize our database. After these commands we should be able to see 2 tables
role,user, anduser_role.
git clone https://github.com/devopshydclub/vprofile-project.git
(git clone https://github.com/hamidgokce/COURSE-PROJECTS--AWS-DEVOPS.git)
(cd COURSE-PROJECTS--AWS-DEVOPS/Real_Time_DevOps_Project/Project-4_\ Re-Architecting\ Web\ App\ on\ AWS\ Cloud\[Cloud\ Native\]/src/main/resources/)
cd vprofile-project
git checkout aws-Refactor
cd src/main/resources
mysql -h vprofile-rds-mysql.cyicet2iv8su.us-east-1.rds.amazonaws.com -u admin -pGdkEoOolnmSh911no5VS accounts < db_backup.sql
mysql -h vprofile-rds-mysql.cyicet2iv8su.us-east-1.rds.amazonaws.com -u admin -p8C0oRoIMSUwrJvjbVpVR accounts
show tables;- Our backend services are ready now. We will copy their endpoints from AWS console. These information will be used in our
application.propertiesfile
RDS:
vprofile-rds-mysql.cyicet2iv8su.us-east-1.rds.amazonaws.com:3306
Rabbitmq
amqps://b-9fb5569a-ccd8-4c5a-b3b2-7be27757c2aa.mq.us-east-1.amazonaws.com:5671
ElastiCache:
vprofile-elasticache-svc.iz2nzo.cfg.use1.cache.amazonaws.com:11211- Application in Elastic Beanstalk means like a big container which can have multiple environments. Since out app is Running on Tomcat we will choose
Tomcatas platform.
Name: vprofile-java-app
Platform: Tomcat
keep the rest default
Configure more options:
- Custom configuration
****Instances****
EC2 SecGrp: vprofile-backend-SG
****Capacity****
LoadBalanced
Min:2
Max:4
InstanceType: t2.micro
****Rolling updates and deployments****
Deployment policy: Rolling
Percentage :50 %
****Security****
EC2 key pair: vprofile-bean-key
- Our application instances created by BeanStalk will communicate with Backend services. We need update
vprofile-backend-SGto allow connection from our appSecGrp created by Beanstalk on port3306,11211and5671
Custom TCP 3306 from Beanstalk SecGrp(you can find id from EC2 insatnces)
Custom TCP 11211 from Beanstalk SecGrp
Custom TCP 5671 from Beanstalk SecGrp
- In Elastic Beanstalk console, under our app environment, we need to clink Configuration and do below changes and apply:
Add Listener HTTPS port 443 with SSL cert
Processes: Health check path : /login- Go to directory that we cloned project, we need to checkout aws-refactor branch. Update below fields in
application.propertiesfile with correct endpoints and username/pwd.
vim src/main/resources/application.properties
*****Updates*****
jdbc.url
jdbc.password
memcached.active.host
rabbitmq.address
rabbitmq.username
rabbitmq.password
- Go to root directory of project to the same level with
pom.xmlfile. Run below command to build the artifact.
mvn install-
Go to Application versions and Upload the artifact from your local. It will autmatically upload the artifact to the S3 bucket created by Elasticbeanstalk.
-
Now we will select our uploaded application and click Deploy.
- Let's check if our application deployed successfully.
-
We will create an A record which aliasing Elastic Beanstalk endpoint.
-
Now we can reach our application securely with DNS name we have given.
- Cloudfront is Content Delivery Nettwork service of AWS. It uses Edge Locations around the world to deliver contents globally with best performance. We will to
CloudFrontand create a distribution.
Origin Domain: DNS record name we created for our app in previous step
Viewer protocol: Redirect HTTP to HTTPS
Alternate domain name: DNS record name we created for our app in previous step
SSL Certificate:
Security policy: TLSv1- Now we can check our application from browser.
- We will delete all resources that we have created throughout the project.