AWS Lift And Shift

8 min readMay 24, 2023

Introduction:

This is an AWS Cloud Computing project called lift and shift application workload we will lift our application Vprofile that is hosted on local machine and shift on AWS.
We have multi tier web application stack called Vprofile that was created using vagrant we will host and run it on AWS cloud for production and we will use lift and shift strategy for this, This project will help to understand how application workload on AWS cloud using lift and shift strategy.

Objective:

> Flexible Infrastructure

> No upfront cost

> IAAC

Project Implementations:

Once we will have our stack on cloud users will access our website by using URL and URL will be point to an endpoint and this entry will be mentioned in godaddy DNS, user’s browser will be use this endpoint to connect to load balancer by using https certificate for https encryption will be mentioned in amazon ACM our load balancer will be in a security group which will only allow https traffic and then our application load balancer will route the request to tomcat instances apache tomcat service will be running on some ec2 instances which will be managed by auto scaling group so as per high or low load this instances capacity will be scale out or scale in these tomcat instances will be running in separate security group and will only allow traffic on port 8080 from load balancer we know our Vprofile application sits on tomcat apache server and it also required some back end servers like mysql, memcached and and rabbitmq, information of backend services or backend servers ip address will be mentioned in route 53 private DNS zone these backend will be in separate security group and at last we will have amazon S3 to store our software artifacts.

Structure Diagram of AWS List And Shift:

Flow of Execution:

Step1:

First create a certificate and do its validation from your domain service provider.

We can request for AWS free public certificate for our domain:

Go in certificate manager→ request certificate→ request a public certificate here put your domain name and put *. before it. After you request the certificate and then refresh it you will see certificate with pending validation status click on that certificate id and copy Cname and Cname value from there and go to godaddy from where you purchased that domain and find option manage domain→ DNS records → add new record and select cname and paste that cname and cname value there. Wait for few minutes and come to AWS certificates refresh it it will show issued status.

Step2:

Create security groups in AWS console in EC2 section:

Add inbound rules in security group to allow port 80 http and port 443 https traffic from ipv4 and ipv6 as some internet providers uses ipv6.

Now create security group for tomcat server:

Tomcat server will use only port 8080 and allow security group of load balancer in source section of inbound rule.

One more security group for our backend services lime mysql, memchached, rabitmq.

Here we will allow only specific services, access by only application security group and these all backend services will access each other also as defined in structure diagram:

Step3:

Now we will create key pairs for our EC2 instances.

Once key is created .pem file will be downloaded keep it save to access EC2 instances via ssh.

Step4:

Now we will launch EC2 instances with some bash scripts that will put in user data section. For user data bash scripts git clone to:

sudo git clone https://github.com/devops-CloudComputing/Devops_AwsLift-Shift.git

Once project is cloned shift to other branch from master branch:

⇒ cd Devops_AwsLift-Shift/

⇒ sudo git checkout aws-LiftAndShift

There is some bunch of shell scripts in user data directory we will provisioned EC2 instances with help of that scripts.

1- db01 ec2 instances with centos7 and instance t2.micro (free tier available), also select already created key pairs and security pair for ec2 instances. In advanced details tab put mysql script in user data section.

Allow ssh port 22 from your public ip by selecting my ip as source to take ssh of ec2 instance using key pairs that generated earlier.

2- Now we will provisioned other EC2 instances using memcached and rabbitmq user data scripts with the same procedure that is followed for db01.

Take ssh of all three instances and verify services:

Db01

mc01:

Rmq01:

So our backend stack is up and running. Now we will update private ips of these three instances in route 53 private dns zones, for this go to route 53 service and create a hosted zone:

Once private hosted zone is created we will create records now.

Define three record for all three backend services to route traffic to AWS services from ipv4 addresses.

We will define these record in tomcat server to access these services rather than define their ip addresses.

Step5:

Launch EC2 tomcat instance(ubuntu 20) with tomcat ubuntu.sh script. Keypair will be the same that used for previous backend instances but the security group of tomcat app will be used.

Step6:

Now time to build artifacts on our local laptop first then upload it on S3 bucket. Tools required to build artifacts are:

Jdk8 (it is dependency for maven)
Maven
Awscli (It will use to upload our artifacts on S3 bucket).

After installing dependency time to built artifacts, go to repository /Devops_AwsLift-Shift/src/main/resources and update the following in application.properties file:

database hostname, replace db01 with db01.vprofile.in
memchached.active.host =mc01 with mc01.vprofile.in
rabbitmq.address=rmq01 with rmq01.vprofile.in

Now we can build our source code into an artifact on local computer:

⇒ cd /Devops_AwsLift-Shift

⇒ maven install (The mvn install command is used in Apache Maven to build and install a project or module into the local Maven repository.)

Our build was success now we have a target directory and an artifact in it to deploy on S3 bucket and download the same artifact from S3 bucket on tomcat server.

Step7:

Now we will use aws cli to push our artifact on S3 bucket, but first create a IAM user which will use for authentication for aws cli, choose the attach policy directly option and attach s3 full access policy is permission tab while creating the user.

Once user is created, create the access key (cli) for this user and download its .csv file:

Now time to set access and secret keys through aws cli on local laptop:

Note: Never reveal your secret keys to public, i will delete these after this.

Now we will create S3 bucket through aws cli:

Step8:

Now its time to setup application load balancer so first we need a target group, It is just a group of instances with health checks, If any instance found unhealthy target group will not route the traffic to that instance.

so our load balancer is routing the request to tomcat ec2 instance successfully. Now login on apache tomcat server if its is done means apache server is communicating with mysql also test memcached service after login.