Cloud Infrastructure Project β AWS Scalable Architecture
A detailed showcase of a cloud-native application migration to AWS.
AWS Cloud Infrastructure Project
Author: Abdullah Bagishev
Year: 2024
Subject: AWS Scalable Architecture
Migrating a Monolithic Application to a Cloud-Native AWS Architecture
Introduction
This project was part of a Cybersecurity & Cloud academic assignment, where the goal was to modernize a legacy application for ACME Corp. The existing on-premises infrastructure struggled with scalability, cost-efficiency, and reliability, making it unsuitable for growing demands.
The solution? Migrating to AWS using a highly available, auto-scaled, and cost-effective architecture.
Existing Issues (As-Is Situation)
The application currently handles images and videos through a monolithic design, running on a single server. This creates multiple problems:
π΄ Limited Scalability β The server cannot handle traffic spikes (peaks: 9 AM - 5 PM).
π΄ Manual Resource Management β No auto-scaling, leading to waste during low traffic.
π΄ Single Point of Failure β A crash takes down the entire service.
π΄ High Maintenance Costs β The existing on-premises infrastructure is expensive to maintain.
Current Workload (Daily Averages)
π· 1M image requests, mainly cached (compressed to ~500KB).
π₯ 10K video streams, reducing size to 10% of original.
π 1000 image uploads (5MB each) and 100 video uploads (500MB each).
Goal: Migrate to a Cloud-Native Architecture
β
Auto-scale resources based on real-time demand.
β
Reduce operational costs by leveraging pay-as-you-go AWS pricing.
β
Ensure high availability through redundancy and multi-AZ deployments.
β
Decouple services for better performance and fault tolerance.
Target Architecture (To-Be Situation)
To achieve these goals, the application was migrated to AWS with the following key components:
π₯ Compute & Load Balancing
- Amazon EC2 (t3.medium) β Runs application containers in a scalable, secure environment.
- Auto Scaling Group (ASG) β Dynamically scales EC2 instances based on CPU load (>70%).
- Application Load Balancer (ALB) β Distributes incoming traffic evenly across instances.
ποΈ Storage & Database
- Amazon S3 β Stores and serves uploaded images and videos.
- Amazon RDS (PostgreSQL, Multi-AZ) β Manages metadata storage with built-in redundancy.
π Messaging & Queueing
- Amazon SQS β Handles asynchronous task processing, ensuring scalability and decoupling.
π Networking & Security
- VPC (172.31.0.0/16) β Isolated cloud environment with private and public subnets.
- NAT Gateway β Enables outbound internet access for private instances.
- Security Groups & IAM Roles β Implements strict least-privilege access control.
Implementation Details
1οΈβ£ VPC & Network Setup
The AWS environment was configured using a secure VPC architecture:
- Public Subnets β Hosts ALB & NAT Gateway for internet access.
- Private Subnets β Houses Auto Scaling EC2 instances & RDS PostgreSQL.
- Security Groups & IAM Policies β Define fine-grained access control rules.
2οΈβ£ Compute & Scaling Strategy
- Dockerized applications deployed on EC2 instances (t3.medium).
- Auto Scaling Group manages instances dynamically:
- Min: 2 | Max: 4 instances (scaling up/down based on demand).
- Scaling trigger: CPU utilization exceeds 70%.
3οΈβ£ Storage & Data Flow
- User uploads β Stored in Amazon S3.
- SQS handles message processing β EC2 instances process images/videos asynchronously.
- Processed media is stored back in S3, while metadata is logged in RDS PostgreSQL.
Network Architecture & Security
This design follows AWS best practices to ensure high availability, security, and efficient traffic flow.
πΉ Breakdown of Network Design
1οΈβ£ VPC (Virtual Private Cloud) β 172.31.0.0/16 for network isolation.
2οΈβ£ Public Subnets β ALB & NAT Gateway for external access.
3οΈβ£ Private Subnets β Secured EC2 instances & RDS database.
4οΈβ£ ALB (Application Load Balancer) β Handles incoming traffic securely.
5οΈβ£ NAT Gateway β Ensures private resources can access the internet safely.
6οΈβ£ Multi-AZ RDS PostgreSQL β Ensures high availability & disaster recovery.
πΉ Security Best Practices
β
IAM Roles β Restricts access to AWS services following the principle of least privilege.
β
Security Groups β Enforces strict inbound/outbound traffic filtering.
β
Multi-AZ Deployment β EC2, NAT Gateway, and RDS are redundantly distributed across AWS Availability Zones.
Estimated Cost Breakdown (Per Month)
| AWS Service | Cost Estimate |
|---|---|
| EC2 Instances (Auto Scaling) | $79.88 |
| S3 Storage (75.15 TB) | $1,778.55 |
| RDS PostgreSQL (Multi-AZ) | $35.24 |
| SQS (Message Processing) | $0.40 |
| NAT Gateway (15TB Data Transfer) | $675.00 |
| Load Balancer (ALB) | $45.00 |
| Total Monthly Cost | $2,557.57 |
Optimization Strategies
To further reduce costs, several improvements can be made:
β
Switch NAT Gateway β AWS PrivateLink β Cuts outbound data transfer costs.
β
Enable S3 Intelligent-Tiering β Moves infrequent data to cheaper storage classes.
Results & Key Takeaways
π Scalability β Auto Scaling ensures the application handles peak loads seamlessly.
π° Cost Savings β Migration from fixed-cost on-premises to AWS pay-as-you-go pricing.
π Security & Compliance β IAM, Security Groups, and VPC segmentation ensure a secure environment.
πΎ Reliability & Resilience β Multi-AZ RDS, ALB, and redundant EC2 instances prevent downtime.
This migration successfully transformed ACME Corpβs legacy application into a cloud-native, scalable, and cost-efficient solutionβmaking it future-proof for growth.