Skip to content

Architecture requirements #1

Closed
Closed
Architecture requirements#1
Assignees
DigiPie
@DigiPie

Description

@DigiPie
DigiPie
opened on Nov 3, 2020

Breakdown of requirements stated in https://gist.github.com/houdinisparks/b8dcd1d2b5b1179b45b0afe68351e027 and the Well Architected Framework.

VPC requirements

  • Entire infrastructure in a private isolated network.
    • Solution: Place web and database tier in the same VPC under public and private subnets respectively.
    • Solution: Add Bastion server in public subnet for accessing database in private subnet.
  • Web application is available over the Internet via HTTP.
    • Solution: App instances only allow ingress/egress from Bastion and Elastic Beanstalk
  • Database tier should have restricted access (not open to HTTP) and allow traffic only through the web tier.
    • Solution: Database instances only allow Ingress/egress from Bastion and Elastic Beanstalk
  • Database tier should allow outbound requests via NAT.
    • Solution: Managed NAT gateways

Database requirements

  • Requires a managed SQL database which is highly available.
    • Solution: Amazon RDS (use Aurora in real-world scenario, sadly not in free-tier).
  • Daily generation of numerous reports which incur heavy read operations on the database. Need to mitigate impact on the performance of the web application.
    • Solution: Read replica and Batch job triggered by Cloudwatch rule.
  • No requirement at this point to balance the load on the database tier.

Elastic Beanstalk requirements

  • Enable automatic scaling based on traffic for cost-effectiveness.
    • Solution: Elastic Beanstalk > Auto-Scaling Group > Scaling based on instance CPU utilization.
  • L4/L7 load balancer which directs traffic to healthy instances only.
    • Solution: Elastic Beanstalk > Elastic Load Balancer (App or Network)
  • Set up CI/CD workflow
    • Solution: CodePipeline > Elastic Beanstalk

Well-architected framework

Operational Excellence

Ability to run and monitor systems to deliver value and to continually improve supporting processes and procedures.

  • Perform operations as code - Infrastructure as code.
    • Solution: Cloudformation.
  • Monitor operations.
    • Solution: CloudWatch alarms on MasterDB and Elastic Beanstalk environment

Security

Ability to protect information, systems, and assets while delivering value through risk assessments and mitigation strategies.

  • Apply security at all layers
    • Solution: Use Subnet Network ACL, VPC Security Groups, DB Subnet Groups, etc.
    • Solution: SSH Invalid User alarm for Bastion server
  • Data security at rest
    • Solution: RDS encryption at rest (for Production)

Reliability

Ability of a system to recover from disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions.

  • Automatically recover from failure
    • Solution: Elastic Beanstalk > Elastic Load Balancer health checks and auto-recovery
  • Scale horizontally to increase aggregate system availability
  • Use auto-scaling
    • Solution: Elastic Beanstalk > Auto-Scaling Group

Performance efficiency

Ability to use computing resources efficiently to meet requirements, and to maintain that efficiency.

  • Solution: Elastic Beanstalk > Auto-Scaling Group

Cost-optimisation

Ability to run systems to deliver business value at the lowest price point.

  • Adopt a consumption mode; only pay for what you need/use
    • Solution: Elastic Beanstalk > Auto-Scaling Group
  • Stop spending money on data centre operations
    • Solution: Use managed services as much as possible, such as Elastic Beanstalk, RDS, managed NAT, etc.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions