Support Mobycast
-> https://glow.fm/mobycast <-

In this episode, we explain how to move an existing ECS application to private subnets. We cover the following topics:

• We describe the existing application, which is a typical two-tier web application, with a web service fronted by an Application Load Balancer (ALB) and database hosted on MySQL using RDS.
  • The current application is containerized and running under ECS.
  • Everything (the load balancer, ECS cluster, RDS instance) is running on public subnets.
• The goal is to leave only the ALB public-facing, with all other resources protected on private subnets.
• There are two phases to moving the application to private subnets. First, we need to move the ECS cluster to private subnets. Then, we can move the RDS instance to private subnets.
• We detail step-by-step two deployment approaches for moving our ECS cluster to private subnets, both of which involve zero downtime.
  • Rolling deployment, which updates the existing cluster in-place.
  • Blue/green deployment, which creates a new cluster to replace the existing one.
• We discuss the steps on moving the database instance to private subnets, including application downtime considerations.
• As a bonus, we explain how to add encryption-at-rest to the RDS instance during the migration.

Links

• VPC with Public and Private Subnets (NAT)
• Changing the Launch Configuration for an Auto Scaling Group
• Add Encryption to an Unencrypted RDS DB Instance
• Amazon ECS-optimized AMIs
  
  

End Song

The Runner (Lost Lake Remix) by Fax

More Info

For a full transcription of this episode, please visit the episode webpage.

We'd love to hear from you! You can reach us at:

• Web: https://mobycast.fm
• Voicemail: 844-818-0993
• Email: [email protected]
• Twitter: https://twitter.com/hashtag/mobycast
• Reddit: https://reddit.com/r/mobycast