{"id":89,"date":"2025-06-09T12:51:25","date_gmt":"2025-06-09T11:51:25","guid":{"rendered":"https:\/\/blog.mkcloudai.com\/?p=89"},"modified":"2025-06-09T12:51:25","modified_gmt":"2025-06-09T11:51:25","slug":"upgrading-to-aws-from-basic-server-to-scalable-cloud-architecture","status":"publish","type":"post","link":"https:\/\/blog.mkcloudai.com\/?p=89","title":{"rendered":"Upgrading to AWS: From Basic Server to Scalable Cloud Architecture"},"content":{"rendered":"\n

In our previous blog posts, we walked through setting up and securing a restaurant booking app using Apache, Docker, and Linux tools. Now we\u2019ll take the next leap \u2014 upgrading to a scalable, secure AWS architecture<\/strong>.<\/p>\n\n\n\n

This guide shows how to migrate your app into AWS step-by-step using EC2, VPC, IAM, ACM, ELB, S3, RDS, CloudWatch<\/strong>, and more.<\/p>\n\n\n\n

\n\n\n\n

\ud83c\udfd7\ufe0f Architecture Goals<\/h3>\n\n\n\n

We want to upgrade from:<\/p>\n\n\n\n

    \n
  • A single Linux VM running Apache or Docker<\/li>\n<\/ul>\n\n\n\n

    To:<\/p>\n\n\n\n

      \n
    • A cloud-native, secure, and monitored AWS architecture<\/strong> that can scale and survive failure<\/li>\n<\/ul>\n\n\n\n
      \n\n\n\n

      \ud83e\uddf1 Key AWS Components Used<\/h3>\n\n\n\n
      AWS Service<\/th>Purpose<\/th><\/tr>
      EC2<\/strong><\/td>Host Docker containers or application server<\/td><\/tr>
      VPC<\/strong><\/td>Isolated network, subnets, and security groups<\/td><\/tr>
      IAM<\/strong><\/td>Secure access control for EC2, S3, RDS, etc.<\/td><\/tr>
      ACM<\/strong><\/td>Free managed SSL certs for HTTPS<\/td><\/tr>
      ALB (Load Balancer)<\/strong><\/td>Handles HTTPS and load distribution<\/td><\/tr>
      S3<\/strong><\/td>Store logs, backups, static content<\/td><\/tr>
      CloudWatch<\/strong><\/td>Centralized logging and alerts<\/td><\/tr>
      RDS<\/strong><\/td>Managed SQL database with backups and failover<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
      \n\n\n\n

      \ud83c\udfd7\ufe0f Step-by-Step AWS Upgrade Plan<\/h3>\n\n\n\n

      1. Networking (VPC + Subnets + SGs)<\/strong><\/h3>\n\n\n\n
        \n
      • Create a new VPC<\/strong> with public and private subnets<\/li>\n\n\n\n
      • Add Internet Gateway<\/strong> to allow access to public EC2<\/li>\n\n\n\n
      • Define Security Groups<\/strong>:\n
          \n
        • Web SG: open ports 80\/443<\/li>\n\n\n\n
        • DB SG: only allow access from EC2 instance<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
          # Simplified AWS CLI example\naws ec2 create-security-group --group-name WebSG --description \"Allow HTTP\/HTTPS\"<\/code><\/pre>\n\n\n\n
          \n\n\n\n
          2. Compute (EC2 Instance)<\/strong><\/h3>\n\n\n\n
            \n
          • Launch EC2 instance in public subnet<\/li>\n\n\n\n
          • Assign IAM role with S3 + CloudWatch permissions<\/li>\n\n\n\n
          • Install Docker and deploy your app using Compose<\/li>\n<\/ul>\n\n\n\n
            sudo yum install docker -y\nsudo service docker start\nsudo docker compose up -d<\/code><\/pre>\n\n\n\n
            \n\n\n\n
            3. Load Balancer (ALB) + ACM for SSL<\/strong><\/h3>\n\n\n\n
              \n
            • Request SSL certificate using ACM<\/strong><\/li>\n\n\n\n
            • Create Application Load Balancer<\/strong>\n
                \n
              • HTTPS listener \u2192 Forward to EC2 target group<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
                # Cert via ACM\naws acm request-certificate --domain-name yourdomain.com<\/code><\/pre>\n\n\n\n
                \n\n\n\n
                4. Static Content + Backups (S3)<\/strong><\/h3>\n\n\n\n
                  \n
                • Upload daily backups and static images to S3<\/li>\n\n\n\n
                • Set lifecycle policy: archive or delete after X days<\/li>\n<\/ul>\n\n\n\n
                  aws s3 cp \/backup s3:\/\/your-bucket\/ --recursive<\/code><\/pre>\n\n\n\n
                  \n\n\n\n
                  5. Database (RDS)<\/strong><\/h3>\n\n\n\n
                    \n
                  • Create RDS (MySQL\/PostgreSQL)<\/li>\n\n\n\n
                  • Enable auto-backup and multi-AZ failover<\/li>\n\n\n\n
                  • Connect from EC2 using internal endpoint<\/li>\n<\/ul>\n\n\n\n
                    # Example RDS config from app\nDB_URL = 'postgresql:\/\/user:pass@db-instance.amazonaws.com\/dbname'<\/code><\/pre>\n\n\n\n
                    \n\n\n\n
                    6. Monitoring + Logs (CloudWatch)<\/strong><\/h3>\n\n\n\n
                      \n
                    • Install CloudWatch Agent on EC2<\/li>\n\n\n\n
                    • Push app logs to CloudWatch Logs<\/li>\n\n\n\n
                    • Create metric filters and alarms<\/li>\n<\/ul>\n\n\n\n
                      sudo yum install amazon-cloudwatch-agent\nsudo \/opt\/aws\/amazon-cloudwatch-agent\/bin\/amazon-cloudwatch-agent-config-wizard<\/code><\/pre>\n\n\n\n
                      \n\n\n\n
                      \ud83d\udcca Final Cloud Architecture<\/h3>\n\n\n\n
                        \n
                      • Public Subnet<\/strong>: Load Balancer + EC2<\/li>\n\n\n\n
                      • Private Subnet<\/strong>: RDS instance<\/li>\n\n\n\n
                      • S3<\/strong>: Backups + logs<\/li>\n\n\n\n
                      • CloudWatch<\/strong>: Monitoring and alerts<\/li>\n\n\n\n
                      • ACM<\/strong>: SSL certs<\/li>\n\n\n\n
                      • IAM<\/strong>: Secure access boundaries<\/li>\n<\/ul>\n\n\n\n
                        \n\n\n\n
                        \u2705 Real Impact: Why This Matters<\/h3>\n\n\n\n
                        Feature<\/td>Result<\/td><\/tr>
                        Load Balanced<\/td>Handles traffic spikes easily<\/td><\/tr>
                        SSL\/HTTPS<\/td>Trusted and secure communication<\/td><\/tr>
                        Automated Backups<\/td>Peace of mind and data safety<\/td><\/tr>
                        VPC Isolation<\/td>Secure architecture by design<\/td><\/tr>
                        Logs + Alerts<\/td>Detect issues before users complain<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
                        \n","protected":false},"excerpt":{"rendered":"
                        In our previous blog posts, we walked through setting up and securing a restaurant booking app using Apache, Docker, and […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[5,8,9],"tags":[39,45,44,46],"class_list":["post-89","post","type-post","status-publish","format-standard","hentry","category-aws","category-how-to","category-tutorial","tag-cloud-architecture","tag-cloudwatch","tag-public-subnet","tag-ssl-https"],"_links":{"self":[{"href":"https:\/\/blog.mkcloudai.com\/index.php?rest_route=\/wp\/v2\/posts\/89","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.mkcloudai.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mkcloudai.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mkcloudai.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mkcloudai.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=89"}],"version-history":[{"count":1,"href":"https:\/\/blog.mkcloudai.com\/index.php?rest_route=\/wp\/v2\/posts\/89\/revisions"}],"predecessor-version":[{"id":90,"href":"https:\/\/blog.mkcloudai.com\/index.php?rest_route=\/wp\/v2\/posts\/89\/revisions\/90"}],"wp:attachment":[{"href":"https:\/\/blog.mkcloudai.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=89"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mkcloudai.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=89"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mkcloudai.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=89"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}