Design

CS7201

Design and propose final concept

solution for the identified problem

Under the Guidance of

Sourabh Sharma

Sheikh M. Tadeeb AU19B1014

TABLE OF CONTENTS

Pre-conditions..................................................... 01

Operational Requirements ............................... 02-03

Architecture ........................................................ 04-11

Functional Requirements ................................. 12-15

Communication Architecture .......................... 16

Flowchart ............................................................ 17-18

Block-Diagram ..................................................... 19

Design limitations ............................................... 19

Well, my project has some preconditions which needs to be fulfilled before
proceeding. These pre-conditions are: -

there should be a Valid

Business Account in Bank through The Company Should
which all the Transactions with
have a ready-made website
AWS could be Carried out

The availability of
Internet with full Fault Technical staff to handle future
tolerant support problems relating to cloud

01
1 . METHOD FOR CONSOLIDATION
First, Creating 3 AWS Accounts i.e., DEV for Development, PROD for Production,
GENERAL for Management & testing. Then Adding this account to AWS-
Organization Units from where we can centrally manage them and take the
advantage of consolidated billing as well as role-switching.

The pre-existing account must be invited to the organization & we need to explicitly
create role-switching context there. The Accounts created withing AWS-ORG
comes with default Role-Switching option.

2 . METHOD TO IMPROVE AVAILABILITY & SCALIBILITY

Creating infrastructure in two availability zones within same region in order to

achieve High-availability. This insures if any of the AZ has some issues, the
infrastructure in other AZ wont be comprmised.

By, infrastructure I mean the Ec2-instances (think of them as machines) and other
needed resources for storage, website hosting and Networking components. These
are virtual machines so we can create as many as we wish based on our needs &
requirements but I'll be using built in CPUUtilization, DISK READ/WRITE metric of
CloudWatch to automatically scale up & down my virtual Machines so incurring
charges only when the machines are really needed.

02
3 . MEHOD TO ENHANCE SYSTEM MONITORING
The Virtual Machine infrastructure could be monitored using inbuilt metrics of
CloudWatch i.e., CPUUtilization, DiskReadOps, DiskWriteOps, DiskReadBytes,
DiskWriteBytes, NetworkPacketsIn, NetworkPacketsOut. We can go to CloudWatch
console and under metric panel we'll see all the metrics data wise as well as
visually in the form of graph on the CloudWatch console.

For custom metrics we need to install CloudWatch agent on the ec2-instance so

that it could capture application level logs. For the security of CloudWatch agent
configuration, I'll store it in Systems Manager Parameter Store (A place where we
can keep all the configuration + environment variables in encrypted manner).
Required application can make an API call and extract them whenever needed.

4. METHOD TO DELIVER COMPANIES WEBSITE

EFFICIENTLY TO END USER

Our website will be hosted on s3, using static-webiste hosting feature where we
need to mention the index.html and error.html.

I'll be using CloudFront which is a global Content-Delivery network by AWS. After

hosting it in s3, we create a CloudFront distribution with OAI (Origin Access Identity),
so that only our CloudFront Distribution could access the s3 bucket and the
webiste hosted over it. This is done in order to improve security of our webiste.

Once the website is hosted, I'll generate a SSL/TLS certificate using Aws Certificate
Manager so that all the communication from our end-user to CloudFront
Distribution/edge-location can happen in encrypted way that is using HTTPS
protocol.
03
I HAVE TRIED TO DEPICT GLOBAL AWS HARDWARE/INFRASTRUCTURE
EXISTENCE BY TAKING EXAMPLE OF INDIA

04
UNDERSTANDING WHY MULTI-AZ DEPOLYMENT IS NECESSARY FOR HIGH
AVAILABILTY.

Sheikh Muhammed Tadeeb

THIS IS HOW ACCOUNTS IN AWS WORK. I WILL CREATE 3 ACCOUNT

GENERAL, DEV & PROD

Sheikh Muhammed Tadeeb

05
ADDING ALL ACCOUNTS TO AWS-ORGANIZATION

Sheikh Muhammed Tadeeb

WE CAN GROUP ACCOUNTS WITHIN AN ORGANISATION INTO DIFFERENT

STRUCTURE/GROUPS LIKE BUSINESS, FINANCE, ADVERTISEMENT ETC
ETC. THIS STRUCTURE SHOULD BE HIERARCHICAL AND IT’S LIKE AN
INVERTED TREE. THE TOP STRUCTURE/CONTAINER IS CALLED
ORGANISATIONAL ROOT (CONTAINING ONE OR MORE ACCOUNTS) AND
ITS BELOW STRUCTURES ARE CALLED AS ORGANISATIONAL UNITS
(CONTAINING ONE OR MORE ACCOUNTS).

Sheikh Muhammed Tadeeb

06
ADDING ALL ACCOUNTS TO AWS-ORGANIZATION

Sheikh Muhammed Tadeeb

WE CAN GROUP ACCOUNTS WITHIN AN ORGANISATION INTO DIFFERENT

STRUCTURE/GROUPS LIKE BUSINESS, FINANCE, ADVERTISEMENT ETC
ETC. THIS STRUCTURE SHOULD BE HIERARCHICAL AND IT’S LIKE AN
INVERTED TREE. THE TOP STRUCTURE/CONTAINER IS CALLED
ORGANISATIONAL ROOT (CONTAINING ONE OR MORE ACCOUNTS) AND
ITS BELOW STRUCTURES ARE CALLED AS ORGANISATIONAL UNITS
(CONTAINING ONE OR MORE ACCOUNTS).

Sheikh Muhammed Tadeeb

07
CONSOLIDATION OF ALL ACCOUNTS AT ONE PLACE & ROLE-SWITCHING

VPC AND SUBNET STRUCTURE FOR EVERY ACCOUNT.

Sheikh Muhammed Tadeeb

08
THIS IS HOW MY OVERALL BASE NETWORK & ITS COMPONENTS LOOK LIKE

09
DEFAULT & CUSTOM LOGS MONITORING OVER EC2-INSTANCE/MACHINE

Sheikh Muhammed Tadeeb

Sheikh Muhammed Tadeeb

10
THE DIFFERENT TYPES OF S3 STORAGE AND WHEN TO USE WHAT

11
12
13
14
15
AS ALL THE THINGS WILL BE WORKING FROM CLOUD ENVIRONMENT, ITS
VERY IMPORTANT TO HAVE AN UNDERSTANDING OF WHAT PROTOCOLS
AND NETWORK STACK ELEMENTS ARE INVOLVED IN MY DESIGN. BELOW
IS THE DEPICTION FOR THE SAME

16
01

02

17
03

04

18
THERE IS ALWAYS SOME SCOPE OF IMPROVEMENT IN EVERY
PROJECT, WELL MY PROJECT DOES HAVE LIMITATIONS AND
THEY ARE AS FOLLOWS: -

1. EVERYTHING IS HOSTED AND RELIED ON SINGLE CLOUD PROVIDER

THAT IS AWS. IF THIS CLOUD PROVIDER HAS SOME ISSUES THAN OUR
BUSINESS WILL FACE ISSUES.

2. PARTIAL DEPENDENCY ON SOLUTION ARCHITECT

19