Enhancement of Solution Approach using Microservices Architecture in AWS
This article discusses current architecture for one of the leading Training, Learning and Development portal and further enhancement of the architecture to make it more scalable, available and fault tolerant in AWS platform. This article required detailed understanding of AWS architecture and familiarity with containerization to follow it effectively. So, feel free to go back to basics before starting this journey. This architecture walkthrough aims to provide guidance about modern solution design for large scale implementation in AWS platform. We will be starting with as-is architecture walkthrough.
· Route 53 (1) Provides DNS services to simplify domain management. It provides an extremely reliable and cost-effective way to route end users to Internet applications by translating names like www.application.com into the numeric IP addresses like 192.0.3.1 that computers use to connect to each other.
· Amazon CloudFront (2) caches high-volume content to decrease the latency to customers.
· AWS WAF and AWS Shield (4) can be used to ensure security for internet usage by stopping Distributed Denial of Service (DDoS) attack. It filters malicious traffic, including XSS and SQL injection via customer-defined rules.
· S3 (3) can be used as persistent storage for static data of the website. This will ensure availability of static in absence of ephemeral storage of EC2 instance. Additionally, S3 can be used to store temporary data during processing.
· Virtual Private Cloud is separated in Public and Private subnet to ensure security.
· Bastion Host (5) from public subnet is being used to connect with Instances from Private subnet by using NAT Gateway (6) for any operational purpose. It helps to ensure security of the private instance.
· Application Load Balancer (7) allows to spread load across multiple Availability Zones and it can connect to internet as it’s in public subnet.
· Web server instance (9) is launched in Autoscaling group (8) across multiple AZ in private Subnet to ensure high availability and security.
· App server instance (11) is launched in Autoscaling group across multiple AZ in private Subnet to ensure high availability and security
· Another Application Load Balancer (10) is placed between Web server instance and App Server Instance to spread load across multiple App Server.
· Amazon RDS is used as Database layer with Multi-AZ deployment mode.
· AWS Cognito (13) authenticate users to sign-in with a user pool and authorize to access AWS services using identity pool. AWS Certificate Manager (ACM) (13) provide required SSL certificate on launched Website.
The architecture walkthrough so far provides the benefit of the design with each of its component. This is the time to think big and leverage the benefit of AWS Serverless containerize Microservices with AWS ECS on Fargate.
Amazon Elastic Container Service (Amazon ECS) is a highly scalable and fast container management service. You can use it to run, stop, and manage containers on a cluster. With Amazon ECS, your containers are defined in a task definition that you use to run individual tasks or tasks within a service. In this context, a service is a configuration that you can use to run and maintain a specified number of tasks simultaneously in a cluster. You can run your tasks and services on a serverless infrastructure that’s managed by AWS Fargate. Alternatively, for more control over your infrastructure, you can run your tasks and services on a cluster of Amazon EC2 instances that you manage.In this enhance architecture, we are going to run ECS on Fargate instead of EC2 to offload manage and maintenance to AWS.
Enhanced architecture adds value to as-is architecture. Let’s walkthrough value addition with reference to enhanced architecture diagram.
o Serverless containerize Microservices with AWS ECS on Fargate (8) removes the need to provision and manage servers, allow to specify and pay for resources per application,
o Improves security through application isolation by design in ECS on Fargate.
o Application Load Balancer can spread incoming traffic across different ECS Tasks (9) on path-based routing.
o Amazon Elastic Container Registry (ECR) (10) uses Amazon S3 for storage to make container images highly available and accessible, allowing to reliably deploy new containers for applications.
o AWS Code Pipeline with AWS CodeBuild, AWS Code commit (14) can provide feature for end-to-end build and release. Using pipeline, Docker Image can be built for pushing to ECR and from there image can be deployed to Fargate as a part of Continuous Integration, Continuous Deployment process.
o Serverless pattern for ingestion and processing of user click data with Amazon API Gateway, Kinesis Data Firehose and Lambda (13) allow to optimize cost and scalable infinitely
o Different flavors (Static Data, Click Stream Data, Output from Microservices) of data in S3 (3) will contribute to create data lake for future use in downstream application.
This is first version of the enhancement!! There is always further scope of improvement and optimization. Share your thoughts for future enhancement to be more frugal!!