Customer: Edelweiss Group
Edelweiss Tokio is planning to migrate the applications one by one to AWS. Before
the Migration Edelweiss team wants to set up the AWS Landing Zone and migrate 2
applications called Web BI & Pragathi to AWS. There will be 2 environments on AWS
->UAT & Production.
- AWS Landing Zone was set up with the following Accounts – Organization
Account, Shared Services Account, Centralized Logging Account, UAT Account
& Production Account.
- Transit Gateway is deployed in the Shared Services account.
- VPN tunnel will be setup between Edelweiss House to AWS Transit Gateway.
- Active Directory will be deployed in the Shared Services account and on-premise AD forest will be replicated to AWS.
- Sensu Monitoring Server will be deployed in the Shared Services Account.
- AWS Best Practices will be done to all AWS Accounts → Enabling CLoudtrail, Config, Gaurduty, Deleting the default VPCs etc.
- S3 bucket will be created in the Shared Services account and all logs will be sent to the centralized S3 bucket.
- Palo Alto Firewall will be deployed in the shared services account.
- Bastion Host will be deployed in the Shared Services Account to securely SSH into the EC2 instances.
- Both the applications will be deployed in the UAT account and Production.
- Application Servers will be deployed on EC2 across 2 AZs with .NET & IIS installed.
- SQL Server Database is deployed on EC2 across 2 AZs and database schema will be imported. Always ON replication will be used to setup high availability to the SQL Server DB.
- Both Application & DB Servers will be deployed in a private subnet for security reasons.
- Application Load Balancer is deployed in the public subnet and all user requests will be routed via the Load Balancer.
- SSM will be used for all patch management of EC2 instances.
- All backups will be centrally managed using AWS Backup Manager.