Your AWS account might support both EC2-Classic and EC2-VPC, depending on when the AWS account was created and regions used.
AWS accounts created after 2009 do not support EC2-Classic platform environment and have the EC2-VPC environment. EC2-VPC environment has additional advantages over EC2-Classic environment. In terms of security, VPC has Network ACL which can allow or deny access to a particular IP. Also, we can setup openVPN and customer gateway between VPC and on-premises.
This blog will tell you how to migrate instances (both EC2 and RDS) from EC2-classic environment to EC2-VPC environment with zero downtime.
Let’s assume that I have my application server running in the cloud infrastructure. The following architecture diagram can represent the infrastructure running in EC2-Classic environment.
As you can see in the diagram, there is a Route53 Entry for www.mysite.com with ‘A’ name record. There are two app servers running which are under a load balancer which are pointing to the MySQL RDS instance.
In order to migrate the above EC2-Classic environment to the EC2-VPC environment without downtime following steps can be used-
Creating a Load Balancer inside the VPC.
Creating AMI of app server
Launching application server into public subnet of the VPC.
Updating the DNS record in Route53.
Creating Read-Replica of RDS instance and Creating snapshot from Read-Replica.
Launching RDS instance from the snapshot into VPC.
One should have an understanding of EC2, VPC, RDS services and their corresponding terminologies in order to understand and implement these steps.
Let us assume that we have created a VPC with three public subnets.
Step 1: Creating a Load Balancer inside the VPC:
Create and launch a load balancer in the public subnet of this VPC.
Step 2: Creating AMI of Application server.
Select you app server instance and right click on it. Choose Create Image option.
Then, give the AMI name as App-server-AMI and add description. Make sure that No Reboot Check box is selected.
Click Create Image. It will create an AMI of this app server instance.
Step 3: Launching application server into the public subnet of VPC.
Once AMI creation process is completed, launch an instance into public subnet of the VPC.
Select AMI created in Step 1 and click Launch instance.
Launch this instance into the public subnet of the VPC.
The app server is launched into the public subnet of VPC. So, this instance is already configured with endpoint of the RDS instance. If any request comes to this instance then it will contact the RDS database which is present in EC2-classic environment.
Task 4: Updating DNS record in Route 53
Now we need to update the DNS or Route53 record with CNAME entry of our new load balancer with www.mysite.com.By default App server is pointing to endpoint of EC2-Classic RDS instance
Presently we have migrated the App server instance into VPC. Now we need to move the RDS instance from EC2-Classic environment into the EC2-VPC environment.
Task 5: Creating Read-Replica of RDS instance and Creating snapshot from Read-Replica.
The ‘new RDS’ will be launched in the VPC and the ‘source RDS’ is residing in EC2-classic.
A new RDS security group (VPC) will be created having similar permissions as the old security group.
A new DB subnet group and parameter group for new RDS instance will be created which will be same as the RDS security group and parameter group in EC2 classic.
In the source RDS, a user with necessary permissions for replication will be created.
Read replica will be created using the source RDS instance.
The snapshot of read replica will be created and new RDS instance will be launched from the snapshot in one of the VPC subnets.
Note: The new RDS instance launched will be publically accessible so as to fetch new writes from the source RDS instance. (Basically a master-slave configuration). Once all data is synchronized, the subnet of the RDS instance can be made private.
Task 6: Updating the application server to point to the new RDS.
Task 7: Stopping replication
Stop replication between the RDS instances.
Now check if the site is working properly or not by entering its URL in the browser. If yes, then migration from EC2 classic to VPC has completed successfully.