In our previous blog posts, we walked through setting up and securing a restaurant booking app using Apache, Docker, and Linux tools. Now we’ll take the next leap — upgrading to a scalable, secure AWS architecture.
This guide shows how to migrate your app into AWS step-by-step using EC2, VPC, IAM, ACM, ELB, S3, RDS, CloudWatch, and more.
🏗️ Architecture Goals
We want to upgrade from:
- A single Linux VM running Apache or Docker
To:
- A cloud-native, secure, and monitored AWS architecture that can scale and survive failure
🧱 Key AWS Components Used
| AWS Service | Purpose |
|---|---|
| EC2 | Host Docker containers or application server |
| VPC | Isolated network, subnets, and security groups |
| IAM | Secure access control for EC2, S3, RDS, etc. |
| ACM | Free managed SSL certs for HTTPS |
| ALB (Load Balancer) | Handles HTTPS and load distribution |
| S3 | Store logs, backups, static content |
| CloudWatch | Centralized logging and alerts |
| RDS | Managed SQL database with backups and failover |
🏗️ Step-by-Step AWS Upgrade Plan
1. Networking (VPC + Subnets + SGs)
- Create a new VPC with public and private subnets
- Add Internet Gateway to allow access to public EC2
- Define Security Groups:
- Web SG: open ports 80/443
- DB SG: only allow access from EC2 instance
# Simplified AWS CLI example
aws ec2 create-security-group --group-name WebSG --description "Allow HTTP/HTTPS"2. Compute (EC2 Instance)
- Launch EC2 instance in public subnet
- Assign IAM role with S3 + CloudWatch permissions
- Install Docker and deploy your app using Compose
sudo yum install docker -y
sudo service docker start
sudo docker compose up -d3. Load Balancer (ALB) + ACM for SSL
- Request SSL certificate using ACM
- Create Application Load Balancer
- HTTPS listener → Forward to EC2 target group
# Cert via ACM
aws acm request-certificate --domain-name yourdomain.com4. Static Content + Backups (S3)
- Upload daily backups and static images to S3
- Set lifecycle policy: archive or delete after X days
aws s3 cp /backup s3://your-bucket/ --recursive5. Database (RDS)
- Create RDS (MySQL/PostgreSQL)
- Enable auto-backup and multi-AZ failover
- Connect from EC2 using internal endpoint
# Example RDS config from app
DB_URL = 'postgresql://user:pass@db-instance.amazonaws.com/dbname'6. Monitoring + Logs (CloudWatch)
- Install CloudWatch Agent on EC2
- Push app logs to CloudWatch Logs
- Create metric filters and alarms
sudo yum install amazon-cloudwatch-agent
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard📊 Final Cloud Architecture
- Public Subnet: Load Balancer + EC2
- Private Subnet: RDS instance
- S3: Backups + logs
- CloudWatch: Monitoring and alerts
- ACM: SSL certs
- IAM: Secure access boundaries
✅ Real Impact: Why This Matters
| Feature | Result |
| Load Balanced | Handles traffic spikes easily |
| SSL/HTTPS | Trusted and secure communication |
| Automated Backups | Peace of mind and data safety |
| VPC Isolation | Secure architecture by design |
| Logs + Alerts | Detect issues before users complain |