Project Idea ‐ Hybrid Architecture - Campus-Castolo/m300 GitHub Wiki
🏗️ Project Overview
The objective is to design and implement a hybrid infrastructure where a local on-premises server continues to host critical legacy applications, while scalable services are offloaded to the AWS cloud. This setup supports business continuity, scalability, and disaster recovery.
Secure connectivity between the on-prem network and AWS is established via AWS Site-to-Site VPN or AWS Direct Connect. Docker images are built and tested locally, then pushed to Amazon ECR for deployment to ECS. A read-only replica of the on-prem database is maintained in Amazon RDS, enabling cloud-based analytics and reporting workloads without interfering with the local production system.
All logs are centralized in Amazon CloudWatch, covering both environments for unified observability. Additionally, daily on-prem backups are synchronized to Amazon S3, ensuring durable off-site storage and facilitating disaster recovery.
🛠️ Technologies and Tools
| Category | Tool/Service | Purpose |
|---|---|---|
| Version Control | GitHub | Source code repository and CI trigger |
| Containerization | Docker | Build and test containers locally |
| Container Registry | Amazon ECR | Host production-ready images |
| Orchestration | Amazon ECS | Deploy containers in the cloud |
| Networking | AWS Site-to-Site VPN / Direct Connect | Secure connectivity between on-prem and AWS |
| Database (On-Prem) | Legacy SQL/NoSQL DB | Hosts core business data |
| Database (Cloud Replica) | Amazon RDS (read replica) | Sync on-prem DB to the cloud |
| Monitoring & Logging | Amazon CloudWatch | Unified logging and monitoring |
| Backup & Recovery | Amazon S3 | Off-site storage for daily on-prem backups |
| Infrastructure as Code | Terraform | Infrastructure deployment and versioning |
| Security | IAM, Security Groups, VPN Tunnel Keys | Access control and secure networking |
🎯 Goals and Functionality
-
✅ Hybrid Architecture
- Maintain critical services on-prem
- Offload scalable workloads to AWS
-
✅ Secure Cloud Connectivity
- Set up Site-to-Site VPN or Direct Connect for secure access
- Enable private communication between environments
-
✅ Containerized Workflow
- Build and test Docker images on-prem
- Push to ECR for deployment to ECS
-
✅ Database Replication
- Sync read-only replica of local DB to RDS
- Offload read-heavy operations to cloud
-
✅ Unified Monitoring
- Centralize logs from local and cloud into CloudWatch
-
✅ Durable Backup Strategy
- Automate daily on-prem backup uploads to Amazon S3
- Ensure off-site storage and disaster recovery readiness
⚠️ Probable Challenges
| Area | Potential Challenge | Suggested Mitigation |
|---|---|---|
| Network Reliability | Site-to-Site VPN can experience latency or drops | Use Direct Connect or multi-tunnel VPN with failover |
| DB Sync Complexity | Ensuring data consistency between on-prem and RDS | Use dedicated replication tools and periodic verification |
| Cloud Migration Barriers | Legacy apps may not be cloud-ready | Containerize legacy components where feasible or use API gateways |
| Log Aggregation | Merging logs from disparate systems | Normalize log formats before pushing to CloudWatch |
| Backup Failures | Upload interruptions or incomplete syncs | Implement verification steps and retry logic |
| Security Management | Handling different IAM and access models | Implement federated access and use least-privilege policies |
| Resource Cost Management | Hybrid model can cause unexpected cloud charges | Use billing alerts and resource tagging for cost tracking |
| Terraform Complexity | Managing state between on-prem and cloud resources | Isolate modules and use remote backends for Terraform state |