Understand the solution architecture

The LAMP Production-Ready packaged by Bitnami deploys a highly available LAMP Production-Ready solution on AWS, as per the architecture diagram below:

These are the main elements of the solution:

• A highly-available (HA) architecture that spans two Availability Zones in the AWS region.
• A Virtual Private Cloud (VPC) with public and private subnets.
• An Internet Gateway that allows access to Bastion hosts.
• An Elastic Load Balancer (ELB) to distribute HTTP and HTTPS requests across the application instances.
• Elements in the public subnets are:
  • EC2 instances to act as Bastion hosts. An Auto Scaling group to ensure high availability.
  • Managed NAT Gateways to allow outbound traffic to application instances.
• Elements in the private subnets are:
  • EC2 instances that host the application servers. An Auto Scaling group to ensure high availability.
  • An Elastic File System (EFS) to share assets across instances.
  • Aurora DB instances (via Amazon RDS).
  • An ElastiCache cluster with Memcached for caching database queries.

Benefits

This particular solution is designed for production environments and provides improvements in performance and security. The following sections discuss the main benefits.

Performance benefits

• HA architecture that ensures your cluster can continue working if a node (or a whole AWS zone) is down.
• Replication model that allows workload distribution across multiple application services.
  • The Auto Scaling Group allows you to scale dynamically the number of on-demand instances. For more information about scaling the solution, refer to the Autoscaling section.
• Log rotation included by default on instances.
• Database cache performance improved with an ElastiCache cluster.
• System monitoring (via Gonit) is included by default on instances. Gonit monitors the processes and restart them if required.

Security benefits

• Application instances are isolated in the private subnets. By configuring the corresponding security groups, inbound traffic is exclusively allowed from Bastion hosts, through Secure Shell Access (SSH) on port 22 and the Elastic Load Balancing, HTTP and HTTPS traffic on ports 80 and 443. Learn about how to access private subnets safely.
• Data and code (Aurora database and application servers) are provisioned on separate instances to help improve security and access control.