From Stateful to Stateless: Security and Scalability on AWS

Jason Kim / February 11, 2022

Blue Sentry Cloud recently architected a solution for a medical company’s primary website.  This website acts as the primary scheduling and information portal for the entire organization.

The company is Florida’s largest privately-owned primary care pediatric practice, with more than 34 convenient locations scattered throughout the state.

The Challenge

The website historically was hosted on stateful servers with a separate MySQL database server. There were several considerations prompting the re-architecture:

  1. Cost. Lack of elasticity and scalability on the application and data layers was costing the company money because they needed to provision resources for peak demand at all times regardless of actual utilization.
  2. Poor customer experience. The application layer consistently got overwhelmed with requests and resulted in frequent timeouts or 5xx errors.
  3. No continuous delivery. The stateful application servers required many manual steps to be updated to ensure consistency, greatly slowing down the implementation and delivery of important new features and capabilities  to the end users.

The Solution

Blue Sentry Cloud utilized several managed AWS services to provide a resilient, cheaper, faster, and more automated solution.

To achieve an automated and resilient solution, Blue Sentry Cloud architected a design that keeps  security and scalability as the paramount objective from the ground up. Continuous delivery was the next focus, allowing developers to deliver content anytime of the day into production without disruption. Finally, cost savings in both the development and production environments was implemented at each level.

“I was excited to learn we could update the site anytime we wanted – even during the business day” remarked one IT executive.

An Amazon Web Application Firewall (WAF) was put in place in front of the Application Load Balancer (ALB) to mitigate any unnecessary or harmful traffic to the infrastructure. Several AWS managed rule sets were put into place, including the WordPress application, SQL, and Amazon IP reputation lists.

The next part of the solution was Hashicorp Packer built stateless WordPress AMIs based on Amazon Linux 2 with the new Kernel 5.10. Mounted into each was a provisioned IOPS Elastic File System (EFS) share that allowed for seamless continuous delivery and allowed scalability of the application servers not previously available to the customer.  Using shared storage among the application servers allowed for horizontal scaling of the application layer based on performance metrics or planned scaling schedules.

The biggest cost savings were achieved in the data layer. Serverless MySQL compatible Aurora was set up in both the development and production environments. Development allowed AutoPause while production was configured with auto scaling enabled. Pausing the development data layer and not having to pay for resources not actively utilized made a real and positive impact on the bottom line.  Additionally, since the production environment is able to scale vertically, savings and high performance are always available.

Automation was also achieved by using AWS Backup and AWS Systems Manager (SSM) for patch compliance.  Patches are run on a monthly maintenance window. Backups are tested quarterly.

The Benefit

The managed services provided by AWS allow for a more resilient, scalable , and automated infrastructure for the customer to serve clients.  Additionally, the use of infrastructure as code (IaC) best practices ensure that security remains a primary focus and continuous delivery pipelines remove the human error factor while rolling out new features. Developers can now implement changes and updates, while operations can utilize an automated, secure, least privilege infrastructure.

The elasticity of the serverless Aurora database layers has also saved 25% per month in production and over 50% per month in development.

Case Study Author: Todd Bernson – Enterprise Architect