AWS Solution for a Startup currently using LAMP stack!!!

1. BRIEF

Imagine you meet a small startup company planning to launch a new mobile application that allows consumers & service providers to interact in real-time. Currently, their architecture uses a LAMP stack comprising of open-source software. Like many small start-ups, they are confident that they will be the next big thing and expect significant, rapid, yet un-quantified growth in the next few months. With this in mind, they are concerned about the following:

· Scaling to meet the demand, but with uncertainty around when and how much this demand will be — they are very concerned about buying too much infrastructure too soon or not enough too late!

· Disaster Recovery planning

· Manage user identities & sync user-specific data across multiple devices

· Ability for Service Providers to send notifications to consumer

· Ability to run analytics on top of collected data, with analytics they should be able to visualize & understand app data usage

· Their ability to configure their database and data access layer for high performance and throughput

· Effective distribution of load

· A self-healing infrastructure that recovers from failed service instances

· Security of data at rest and in transit

· Securing access to the environment as the delivery team expands

· An archival strategy for inactive objects greater than 6 months

· Ability to easily manage and replicate multiple environments based on their blueprint architecture

2. OBJECTIVE

Recommend a manageable, secure, scalable, high performance, efficient, elastic, highly available, fault-tolerant and recoverable architecture that allows the startup to organically grow. The architecture should specifically address the requirements/concerns as described above.

3. Solution approach

This document intends to propose a high-level reference architecture and design for the mobile application for the start-up company. As-Is architecture uses a LAMP stack comprising of open-source software. The proposed architecture is based on the AWS well-architected framework and extensively usage of AWS PaaS services designed for scaling based on demand, without the need for an extensive infrastructure capacity planning and setup upfront.

4. Solution Design

Reference architecture for the mobile application

Scalability, availability, and DR

1. The recommendation is to use Elastic Beanstalk, which is a PaaS service from AWS that scales on-demand without too much administrative overhead. This would lower the upfront capital expenditure on the infrastructure. Customer can directly on-board the application to the Beanstalk environment and focus on their application development.

2. The recommendation is to customize the Beanstalk environment to deploy the mobile application across multiple availability zones to ensure the high availability aspect. Also, consider a load balancer and auto-scaling configurations to address the distribution of load across different availability zones and scaling requirement based on the dynamic load.

3. Load across different regions will be managed via the Route 53 routing policies and load across availability zones will be managed via the ALB (public subnet and internet-facing).

4. The recommendation is to use AWS Aurora DB which can cater to high performance and throughput requirements.

· Amazon Aurora deployment provides a Multi-AZ configuration to protect the Database against unexpected failures to any availability zone.

· We can deploy the Pilot Light Strategy by deploying a read replica in another region that can be promoted as the master in case of a region-level failure.

Multi-User Identity Management and Sync

Since it’s a mobile-based application, users are likely to use some sort of social networking and web-based Identities. Cognito provides authentication, authorization and synchronization services for web and mobile applications. Synchronization across multiple devices and login via different ids is always a challenge because users may log-in from multiple devices like Mobile, tablets some time form web also. To address this, the recommendation is to use AWS Cognito authentication services. Cognito also has the feasibility to maintain the user auth service effectively and has the feasibility to merge social identities.

You can configure an Application Load Balancer to securely authenticate users against Amazon Cognito as they access your applications. This enables you to offload the work of authenticating users to your load balancer so that your applications can focus on their business logic.

Notifications to End Users

Push notification is one of the popular features in mobile applications for user engagement. The recommendation is to use AWS SNS (Simple Notification Service) for push notifications. SNS notifications are much more cost-effective compared to SMS. SNS supports most mobile platforms like Android, iOS, and Windows etc.

Data Analysis

· Recommend integrating the application with Amazon’s Pinpoint service for analytics to learn about how customers interact with your apps.

· The AWS SDKs for iOS and Android enable customers to set up apps to report usage events to Amazon Pinpoint. Customers can easily use this data to monitor which features customers use most, which features are causing customers to stop using your apps, and much more. With this data, customers can improve the experience of using mobile apps, and take steps to ensure that customers stay engaged.

· The company can create segments of customers based on user interactions and behaviours, and then send targeted campaigns and messages to those segments via SNS.

· This data can further be exported automatically to Redshift (optional) and AWS QuickSight can be used to perform advanced analytics and create interactive dashboards.

(Optional) AWS S3 is also a good fit for the data analysis platform other than user engagement. Various application logs can be stored in S3. I have considered S3 for data analysis and once the data is obsolete (more than 6 months old), we can push the data to Glacier for long term retention. S3 can connect seamlessly to multiple data analysis services like Athena to provide detailed data analysis. We can also explore sending the logs to ELK or Splunk for analysis.

Data Archival

· Data stored in Amazon S3 (like application log files, database snapshots) can be archived to Amazon Glacier service by applying a lifecycle policy to the S3 bucket.

· These services also provide indefinite scalability

Security

Security is one of the biggest concerns in the cloud. Recommendations are to consider AWS IAM and KMS along with other security services and best practices in the cloud.

· Amazon Aurora allows you to encrypt databases using keys managed through AWS Key Management Service (KMS). On a database instance running with Amazon Aurora encryption, data stored at rest in the underlying storage is encrypted, as are its automated backups, snapshots, and replicas in the same cluster.

· All the Web/API calls to be securely transmitted over HTTPS.

· Create appropriate IAM roles for access to services and secrets.

Developer Experience

· Developers will be set up in the IAM service and permissions as per their roles.

· Developers will create the infrastructure blueprints as cloud-formation templates that can be used for restoring a new environment faster.

End-user Experience

• When the user opens the mobile application, the static content like images and scripts are served via the CloudFront distribution in a secure call.
• When the user signs into the mobile application, the user’s credentials are sent to the Amazon Cognito user pool for authentication. After successful authentication, Amazon Cognito returns a JSON Web Token (JWT) to the application.
• Cognito will also enable the sync of user-specific data across multiple devices.
• The mobile application sends subsequent requests (secure HTTPS) with the Amazon Cognito JWT token in the authorization header to Route 53 and ELB.
• The application load balancer has the option to authorize users against the Cognito service.

· ELB will send the request to the healthy and available EC2 instances in Elastic Beanstalk.

· For successfully authenticated users, the requests are served via the elastic beanstalk service and store the data on the Amazon Aurora instance.

Assumptions:

1. The architecture assumes regional deployment and recommending global service like Route 53 for global entry into the application. That means its resilience can be extended up to the complete regional failure.

2. There would be the need for additional services like WAF, AWS Shield- Advanced, Monitoring, DevOps services and those will be discovered and recommended based on discussions with the customer.

3. The assumed number of developers and all other users are less than 5000.

4. Assumed the application team to connect over the internet. No Direct Connect networking has been planned with the customer’s on-premise network.

5. Read replicas for DB to be created across the region for DR

6. You should benchmark both RDS MySQL and Aurora before taking the final decision to migrate. Performance depends much on workload and schema design.