Architecting Your First Enterprise Class Web Application Using AWS

Architecting Your First Enterprise Class Web Application using Amazon Web Services

A Technical Whitepaper for Cloud Based Development


To Architect and Build an Enterprise Class Application that will be Highly Available, Extremely Secure, Very Reliable and Incredible Resilient



Stemming from the need to move from CapEx to OpEx, Flexibility and Agility in IT Resource planning and Improve Time to Market, organizations of all sizes are flocking to the Cloud, making it the "new normal" for IT. Gartner has ranked Amazon Web Services as the leader in its latest magic quadrant for Cloud Infrastructure as a service, Worldwide. Among the most popular IaaS providers, AWS has the most functionalities, has the largest customer and partner community and also the longest experience (9 Years). From startups to enterprises to public sectors, AWS has over 1million customers. Security and Compliance used to be the biggest concern for Cloud adoption however, AWS has changed that game. Today, organizations are adopting AWS to become more secure and compliant. Its innovation culture is so strong that in 2015 alone, AWS launched a total of 522 features! Its global infrastructure spans across 5 Continents, 11 Regions, 30 availability zones and 53 edge locations providing 60 enterprise class services offering in categories such as Compute, Storage and Content Delivery, Database, Networking, Developer Tools, Management Tools, Security and Identity, Analytics, Internet of things, Mobile Services, Application Services and Enterprise Applications. With these many options and comprehensive list of services and offerings, it can become very challenging to get started in the right way. Hence, the objective of this paper is to provide you step by step instructions to architect and build an enterprise-class application that will be highly available, extremely secure, very reliable and incredibly resilient. By the time you are finished reading this paper, you will have your own application up and running in the cloud! Sounds exciting? Let's go!


The Problem

The biggest hurdle that developers and architects face during cloud adoption is “How to get started and build something that enterprise-class that is simple to understand and implement yet does not comprise the basics of Enterprise software needs”? There are three key problems that stand out in crossing this hurdle:

  1. There are several artifacts available today that address important aspects in silos like Security, Infrastructure, Compute, Storage, Network, Database, etc. However, there is a lack of quality artifacts that puts all these pieces together to build a comprehensive solution together, from a technical perspective.
  2. Most technical papers focus on the “what” part of the solution before the “Why” part of the solution. Without understanding the “Why,” “What” is not important. For example, unless we understand and establish why AWS is important and “why” it is relevant to IT organizations, “What” can be achieved on AWS does not make much sense.


The Solution

Key Design Considerations

AWS is Infrastructure as a Service (IaaS) not a Datacenter

AWS is a very mature Infrastructure as a Service. Just in their core services offerings, AWS offers several options for Compute, Storage, Database, Network and Contend Delivery. Hence, it is imperative that a solution built for the cloud understands these core services. Besides the core infrastructure, there are several other services that AWS offers. Under its Management Tools, AWS offers Cloud Watch, which can be combined with one or more of the services such as Simple Notification Services, Load Balancers, Alarms, AMIs, Launch Configuration and Auto Scaling group to provide Automatic Scaling (Scale up/Scale Down) for Application or Services. Amazon’s Cloud Trail can be utilized to track user activity and API Usage. AWS has its own Global Content Delivery Network called Cloud front that utilizes one of the 53 Edge Location for Delivering web and RTMP distribution (For streaming media Files). Another popular offering is AWS Route 53, which is a scalable DNS and Domain Name Registration service offering.

Design Principles are different for Data Center and AWS

Since AWS is not a typical Data Center, because what worked well in a Data Center based environment may not function well on the cloud. Here is a quick example of how the selection of virtual servers.

The table above shows the various options available on AWS that typically is not available in a Data Center due to these differences:

1) An Application that needs a lot of graphics should be designed with GPU Optimized (G2) instance type.

2) An application that does a lot of batch processing has to be designed differently on AWS to leverage the low cost to leverage the benefits of spot instances.

For more on best practices for Architecting, please check out the Best Practices document here.


Try to know what is relevant and important in your context

Why? Well, there are two key reasons. First of all, it is close to impossible to know all the latest and greatest offerings that are coming from AWS. Since its inception in 2006, AWS has been constantly evolving and innovating at a rapid pace to support virtually any kind of workloads. Today, they have over 60 services with 1696 features, out of which 522 new features were just added in 2015. Secondly, these services range from compute, storage, networking, database, analytics, application services, deployment, management, and mobile. An architect responsible for designing and implementing an e-commerce web-based applications may not need to know what the new offerings are in analytics and mobility. Having said that, keeping a high-level knowledge may certainly help. Again, this consideration is only for someone trying to get started.





Setting up the AWS Account

Go to and start the sign-up process. All you need is an email address, a credit card, and a touch phone to verify your account. The sign-up is very simple takes 5 steps which take less than 5 minutes:

1) Contact information

2) Payment Information

3) Identity Verification

4) Support Plan – This is where you select the support plan. Pick free tier.

5) Conformation

You can get this done in less than 5minutes. Once you complete the sign-up, you will see the screen below. You will also get email notifications highlighting the details of the account.

Clicking on the sign in to the console button will take you to the AWS Console.




The AWS Dashboard

Yay! Welcome to the world of Cloud Computing. You are all set to explore Amazon Web Service! Congratulations on getting to this point!



Understanding the Key Services

Before we go on to building the application, it is important to get familiarized with the all the services that we will use. If you are not new to AWS, you can skip this section or skim through it. It will come in handy as we assemble the solution using these building blocks. We have selected only the important things that you need to know. My no means this is a comprehensive definition of these services.




VPC: Virtual Private Cloud (Amazon VPC) is a logically isolated section of the Amazon Web Services (AWS) that you can define within which you can launch your AWS resources. Within this virtual networking environment, you have complete control to select your own IP address range, subnet creation, configuring route tables and internet gateways. VPC allows you to create a public-facing subnet for your webservers that has access to the Internet and place your databases or application servers in a private-facing subnet with no Internet access. You can leverage multiple layers of security like security groups and network access control lists to help control access to Amazon EC2 instances in each subnet. Additionally, you can create a Hardware Virtual Private Network (VPN) connection between your corporate datacenter and your VPC and leverage the AWS cloud as an extension of your corporate datacenter.

Subnet: Subnet is a segment of a VPC’s IP address range where you can place groups of isolated resources. Route Tables: A route table contains a set of rules, called routes that are used to determine where network traffic is directed.

Internet Gateway: Internet Gateway is the Amazon VPC side of a connection to the public internet.

Route 53: Amazon Route 53 lets you register domain names such as Also, Amazon Route 53 resolved domains names like into IP addresses like Amazon

Route 53 responds to DNS queries using a global network of authoritative DNS servers, which reduces latency.

Hosted Zones: A Hosted Zone is a collection of resource record sets hosted by Amazon Route 53. Like a traditional DNS zone file, a hosted zone represents a collection of resource record sets that are managed together under a single domain name.

KeyPairs: Amazon EC2 uses public–key cryptography to encrypt and decrypt login information. Public–key cryptography uses a public key to encrypt a piece of data, such as a password, and then the recipient uses the private key to decrypt the data. The public and private keys are known as a key pair.




EC2: Amazon EC2 provides scalable, on-demand and OpEx based computing capacity. You can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage.

AMI: An Amazon Machine Image (AMI) provides the information required to launch an EC2 instance. You specify an AMI when you launch an instance, and you can launch as many instances from the AMI as you need. You can also launch instances from as many different AMIs as you need.

Security Groups: A security group acts as a virtual firewall that controls the traffic for one or more instances. When you launch an instance, you associate one or more security groups with the instance. You add rules to each security group that allows traffic to or from its associated instances. You can modify the rules for a security group at any time; the new rules are automatically applied to all instances that are associated with the security group.

Load Balancers: Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances in the cloud. It enables you to achieve greater levels of fault tolerance in your applications, seamlessly providing the required amount of load balancing capacity needed to distribute application traffic.

Auto Scaling: Auto Scaling helps you maintain application availability and allows you to scale your Amazon EC2 capacity up or down automatically according to conditions you define. You can use Auto Scaling to help ensure that you are running your desired number of Amazon EC2 instances.

Launch Configurations: A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances. When you create a launch configuration, you specify information for the instances such as the ID of the Amazon Machine Image (AMI), the instance type, a key pair, one or more security groups, and a block device mapping.

Auto-scaling groups: An Auto Scaling group contains a collection of EC2 instances that share similar characteristics and are treated as a logical grouping, for instance scaling and management. For example, if a single application operates across multiple instances, you might want to increase the number of instances in that group to improve the performance of the application, or decrease the number of instances to reduce costs when demand is low. You can use the Auto Scaling group to scale the number of instances automatically based on criteria that you specify, or maintain a fixed number of instances even if an instance becomes unhealthy. This automatic scaling and maintaining the number of instances in an Auto Scaling group is the core value of the Auto Scaling service.

CloudWatch Alarm: A CloudWatch alarm watches a single metric (For Example CPU or IOPS etc.) over a period you specify, and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. The action is a notification sent to an Amazon Simple Notification Service topic or Auto Scaling policy. Alarms invoke actions for sustained state changes only.




Amazon Simple Storage Service (Amazon S3): S3 provides developers and IT teams with secure, durable, highly scalable object storage. Amazon S3 offers a range of storage classes designed for different use cases including Amazon S3 Standard for general-purpose storage of frequently accessed data, Amazon S3 Standard - Infrequent Access (Standard - IA) for long-lived, but less frequently accessed data, and Amazon Glacier for long-term archive. Amazon S3 also offers configurable lifecycle policies for managing your data throughout its lifecycle.

CloudFront: Amazon CloudFront is a content delivery web service. It integrates with other Amazon Web Services products to give an easy way to distribute content to end users with low latency, high data transfer speeds, and no minimum usage commitments.




Amazon Relational Database Service (Amazon RDS): RDS makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while managing all administrative tasks. Amazon RDS provides you six familiar database engines to choose from, including Amazon Aurora, Oracle, Microsoft SQL Server, PostgreSQL, MySQL, and MariaDB.



Management Tools

Amazon CloudWatch: CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, and set alarms. Amazon CloudWatch can monitor AWS resources such as Amazon EC2 instances, Amazon DynamoDB tables, and Amazon RDS DB instances, as well as custom metrics generated by your applications and services, and any log files your applications generate. You can use Amazon. CloudWatch to gain system-wide visibility into resource utilization, application performance, and operational health.

AWS Trusted Advisor: Trusted Advisor inspects your AWS environment and finds opportunities to save money, improve system performance and reliability, or help close security gaps. Since 2013, customers have viewed over 2.6 million best-practice recommendations and realized over $350 million in estimated cost reductions.



Security and Identity