A small startup company planning to launch a new mobile application that allows consumers & service providers to interact in real time. Currently, their architecture uses a LAMP stack comprising of open-source software. Like many small start-ups, they are confident that they will be the next big thing and expect significant, rapid, yet un-quantified growth in the next few months. With this in mind, they are concerned about the following:
- Scaling to meet the demand, but with uncertainty around when and how much this demand will be – they are very concerned about buying too much infrastructure too soon or not enough too late!
- Disaster Recovery planning
- Manage user identities & sync user-specific data across multiple devices
- Ability for Service Providers to send notifications to consumer
- Ability to run analytics on top of collected data, with analytics they should be able to visualize & understand app data usage
- Their ability to configure their database and data access layer for high performance and throughput
- Effective distribution of load
- A self-healing infrastructure that recovers from failed service instances
- Security of data at rest and in transit
- Securing access to the environment as the delivery team expands
- An archival strategy for inactive objects greater than 6 months
- Ability to easily manage and replicate multiple environments based on their blueprint architecture
The below architecture diagram depicts the start-up using an existing web-based LAMP stack architecture, and the proposed solution and architecture for mobile-based architecture represents a RESTful mobile backend infrastructure that uses AWS-managed services to address common requirements for backend resources. The architecture provides the capability to identify and authenticate users and perform complex queries to return user-relevant data. The diagram outlines the architectural flow of RESTful mobile backend resources for a mobile app and includes functional components to address the common requirements of a start-up.
System Overview and Solution Flow:
- Mobile users retrieve an identity from Amazon Cognito, which offers mobile identity management and data synchronization across mobile devices. Once a mobile user has received an identity, the user is granted access to other AWS services. The mobile application uses a combination of web identity federation with AWS Security Token Service (AWS STS) to issue temporary key that expires after a short period
- User-generated media files are stored in Amazon Simple Storage Service (Amazon S3), a highly available and durable storage service
- Mobile users can access their uploaded digital assets stored in Amazon S3 through Amazon CloudFront, a low latency, content delivery network
- Mobile users send requests to Amazon API Gateway to access application logic and dynamic data. API Gateway acts as an entry point for mobile applications to access functionality from code running on AWS Lambda
- Mobile applications require a highly scalable backend infrastructure to support the variable usage created by mobile users. AWS Lambda runs code in response to requests and automatically manages and scales the underlying resources. Lambda Functions provides a synchronous endpoint for users to store and retrieve unstructured data from Amazon DynamoDB
- Amazon DynamoDB provides a managed, highly available NoSQL database for storing and querying app data. Amazon DynamoDB includes fine-grained access control to follow the best practice of least privilege for Lambda functions querying specific data. Amazon Dynamo DB provides automatic high-availability by replicating data across multiple availability zones within an AWS Region
- Lambda provides an asynchronous endpoint for mobile users to communicate with each other within a mobile application. The function formats each communication request and sends a push notification to specific users with Amazon SNS
- Amazon Glacier for Data Archival
- Cloud Watch can be used to monitor resources and applications in real time. Cloud watch supports multiple types of actions such as executing an auto-scaling policy
AWS Services addressing Start-up Requirements:
Mobile apps have the basic need to do user sign-up and sign-in. Cognito allows login via user pools created through apps, it also works with an external identity provider that support SAML or OpenID Connect and social identity providers such as (Facebook, Twitter, Amazon).
Amazon Simple Storage Service (Amazon S3)
The start-up can leverage Amazon S3 to stores mobile application static assets including certain mobile user data such as profile images.
Amazon Cloud Front
Amazon has data centers worldwide called edge locations. The app user is routed to the nearest edge location. Start-ups should consider delivering all static content via CloudFront. In a simplified world, the company can keep all its content in S3 buckets. CloudFront would read and cache content in various regions.
API Gateway and AWS Lambda
Presentation Tier: A mobile application running on a user’s smartphone and API Gateway
Amazon API Gateway opens up a variety of presentation tier possibilities. An Internet-accessible HTTPS API can be consumed by any client capable of HTTPS communication.
Logic Tier: AWS Lambda
AWS Lambda is a zero-administration compute platform for backend code execution at a fine-grained pricing structure. AWS Lambda will run the backend code across multiple availability zones in a region, which provides high availability, security, performance, and scalability. Lambda functions can define the core business logic for the mobile back end. Using AWS Lambda, the start-up can build applications that automatically scale without provisioning or managing servers. Since the start-up has a limited budget for upfront infrastructure, a cost-effective, event-driven mobile architecture allows paying only for what is used.
In this solution, the lambda would need access to RDS. In this case, we would need to ensure two things:
Design Lambda for high availability by selecting multiple subnets in different AZs.
If an Availability Zone (AZ) goes down, other AZs need to have sufficient IP addresses allocated to handle concurrent Lambda requests. So, we need to allocate sufficient IP addresses in a subnet for HA.
Amazon Dynamo DB
Amazon DynamoDB provides a persistence layer where data can be stored by the API’s Lambda function.
It is a fast, fully-managed NoSQL database service that makes it simple and cost-effective to store and retrieve app data and serve any level of request traffic.
Amazon Simple Notification Service (Amazon SNS) managed to push notification service makes it simple and cost-effective to send push notifications to mobile users.
Lambda Integration with Amazon SNS service enables the Logic Tier to send real-time cross-device push notifications.
Data stored in Amazon S3 can be archived to Amazon Glacier service by applying an archival policy to the S3 bucket.
Amazon CloudWatch can be used to monitor AWS resources and applications real-time for e.g AWS Lambda that leverages Dynamo DB and the start-up wants to know when read request reaches a certain threshold and send an alert via email. Amazon CloudWatch can aggregate data across the availability zone within a region.
This architecture with AWS services can be converted into scripts/code in the form of CloudFormation templates and these templates can then be easily used to replicate environments.