A comprehensive Terraform-based solution for migrating 2-tier web applications from on-premises to AWS cloud infrastructure using industry best practices.
This project automates the migration of traditional web applications to AWS using a lift-and-shift approach. It includes complete infrastructure provisioning, database migration, and monitoring setup using Infrastructure as Code principles.
View the detailed Architecture Documentation for comprehensive diagrams and technical specifications.
- VPC: Multi-AZ networking with public/private subnets
- Application Load Balancer: Traffic distribution with health checks
- EC2 Instances: Auto-scalable web servers
- RDS MySQL: Managed database with automated backups
- S3: Object storage for application files
- CloudWatch: Comprehensive monitoring and alerting
- DMS: Database migration service
- Secrets Manager: Secure credential storage
- Multi-AZ high availability deployment
- Auto Scaling Groups for dynamic capacity
- Automated backups and disaster recovery
- SSL/TLS encryption and security best practices
- Cost-optimized resource allocation
- Database Migration Service (DMS) for MySQL migration
- Application Migration Service (MGN) launch templates
- Automated file migration to S3
- Zero-downtime migration capabilities
- CloudWatch dashboards and custom metrics
- Automated alerting via SNS
- Log aggregation and analysis
- Performance monitoring and optimization
- AWS CLI configured with appropriate permissions
- Terraform >= 1.0 installed
- SSH key pair created in AWS
-
Clone the repository
git clone https://github.com/Copubah/aws-lift-shift-migration.git cd aws-lift-shift-migration -
Configure variables
cp terraform/terraform.tfvars.example terraform/terraform.tfvars # Edit terraform.tfvars with your specific values -
Deploy infrastructure
./scripts/deploy.sh
-
Monitor deployment
./scripts/monitoring.sh health
project_name = "your-project-name"
environment = "dev"
aws_region = "us-east-1"
key_pair_name = "your-key-pair"
# Source database for migration
source_db_endpoint = "192.168.1.100"
source_db_username = "root"
source_db_password = "your-password"# Instance sizing
instance_type = "t3.medium"
db_instance_class = "db.t3.small"
# Network configuration
vpc_cidr = "10.0.0.0/16"
# Monitoring
alert_email = "alerts@yourcompany.com"├── README.md # This file
├── ARCHITECTURE.md # Architecture diagrams and details
├── PROJECT_STRUCTURE.md # Detailed project structure
├── scripts/ # Automation scripts
│ ├── deploy.sh # Main deployment script
│ └── monitoring.sh # Health monitoring script
└── terraform/ # Infrastructure as Code
├── main.tf # Main configuration
├── variables.tf # Variable definitions
├── outputs.tf # Output values
├── terraform.tfvars.example # Example configuration
├── user_data.sh # EC2 initialization script
└── modules/ # Terraform modules
├── vpc/ # VPC and networking
├── security/ # Security groups
├── rds/ # Database configuration
├── s3/ # Storage buckets
├── alb/ # Load balancer
├── iam/ # IAM roles and policies
├── cloudwatch/ # Monitoring and alerting
└── dms/ # Database migration service
# Full deployment
./scripts/deploy.sh
# Plan only (no changes)
./scripts/deploy.sh plan
# Destroy infrastructure
./scripts/deploy.sh destroy# Check all components
./scripts/monitoring.sh health
# Check specific components
./scripts/monitoring.sh alb
./scripts/monitoring.sh rds
./scripts/monitoring.sh ec2
# Generate health report
./scripts/monitoring.sh report- Network segmentation with private subnets
- Security groups with least privilege access
- Encryption at rest and in transit
- AWS Secrets Manager for credential storage
- VPC Flow Logs for network monitoring
- Automated security patching
- Enable AWS Config for compliance monitoring
- Implement AWS GuardDuty for threat detection
- Use AWS Systems Manager for patch management
- Enable CloudTrail for API logging
- Regular security assessments
- Right-sized instances by environment
- S3 lifecycle policies for storage optimization
- Automated resource tagging for cost allocation
- Reserved Instance recommendations
- CloudWatch billing alarms
- Create DMS replication instance
- Configure source and target endpoints
- Start full load and CDC replication
- Monitor migration progress and validate data
- Install MGN agent on source servers
- Configure launch templates
- Test and cutover instances
- Validate application functionality
- Sync existing files to S3
- Update application configuration
- Implement S3 SDK integration
- Test file upload/download functionality
Access the CloudWatch dashboard after deployment:
terraform output cloudwatch_dashboard_url- Application response times
- Database performance and connections
- Infrastructure utilization
- Error rates and availability
- Cost and resource usage
- Check CloudWatch logs for application errors
- Verify security group configurations
- Monitor DMS task status for database migration
- Review target group health for load balancer issues
- Fork the repository
- Create a feature branch
- Make your changes
- Test thoroughly
- Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.
This project demonstrates:
- Cloud architecture and migration expertise
- Infrastructure as Code best practices
- DevOps automation and monitoring
- AWS security implementation
- Real-world migration scenarios
- Operational excellence principles
Perfect for showcasing cloud engineering skills in technical interviews and portfolio presentations.