CloudWatch-Monitoring with ALB and Autoscaling Using Terraform

As a lead DevOps engineer at AMJ Cloud Technologies, I designed and deployed a scalable, monitored web application (WebApp) for VercelStream Innovations using Terraform. The infrastructure features an Application Load Balancer (ALB) with HTTPS, an Auto Scaling Group (ASG), and AWS CloudWatch for comprehensive monitoring. Registered as alb.vercelstreaminnovations.com in Route 53, the solution includes CPU and ALB request-based scaling, CloudWatch alarms, and a Synthetics Canary, ensuring high availability and robust monitoring for their customer-facing platform.

Situation

VercelStream Innovations required a scalable web application with robust monitoring to ensure performance, availability, and security compliance for their WebApp application. Manual infrastructure setups were inefficient, prompting me to develop an Infrastructure-as-Code (IaC) solution with automated scaling, HTTPS routing, and comprehensive CloudWatch monitoring for ALB errors, CPU utilization, CIS benchmarks, and application availability.

Task

My goal was to create a Terraform-based infrastructure in AWS us-east-2:

• Deploy a custom VPC with public and private subnets.
• Configure an ALB with HTTPS (port 443) and HTTP-to-HTTPS redirect (port 80), routing to WebApp at /webapp/*.
• Create an ACM certificate for alb.vercelstreaminnovations.com and register it in Route 53.
• Provision two launch templates: base (10 GB EBS) and WebApp-specific (15 GB EBS, HTTPD user data).
• Set up an ASG with 2/2/10 desired/min/max capacity, SNS notifications to ops@vercelstreaminnovations.com, CPU-based Target Tracking Scaling Policy (TTSP) at 50%, ALB request-based TTSP (10 per target), and scheduled actions (8 instances at 7 AM, 2 at 5 PM EST).
• Implement CloudWatch monitoring: ALB 4xx error alarm (>5 in 120 seconds), ASG CPU alarm (>80%), CIS benchmark alarms, and a Synthetics Canary (success rate 90%).
• Support launch template updates (e.g., EBS to 20 GB) with instance refresh.
• Follow best practices: modular files, consistent tagging, pinned module versions, dynamic AMI selection, and secure key management.
• Complete within three months.

Action

I implemented the following using Terraform, personally coding and testing the configurations to ensure a reliable solution, with a focus on CloudWatch monitoring:

Configure CloudWatch Variables

• Example from cloudwatch-variables.tf:

  variable "sns_topic_arn" {
    description = "ARN of the SNS topic for CloudWatch alarms"
    type        = string
    default     = ""
  }

Configure CloudWatch ALB Error Alarm

• Example from cloudwatch-alb-alarms.tf:

  resource "aws_cloudwatch_metric_alarm" "alb_errors" {
    alarm_name          = "WebAppALBHTTPErrors"
    comparison_operator = "GreaterThanThreshold"
    metric_name         = "HTTPCode_ELB_4XX_Count"
    namespace           = "AWS/ApplicationELB"
    period              = 120
    statistic           = "Sum"
    threshold           = 5
    alarm_actions       = [var.sns_topic_arn]
  }

Configure Synthetics Canary

• Example from cloudwatch-synthetics.tf:

  resource "aws_synthetics_canary" "webapp_canary" {
    name            = "webapp-canary"
    runtime_version = "syn-nodejs-puppeteer-3.8"
    handler         = "webapp-canary.handler"
    zip_file        = "webapp-canary.zip"
    execution_role_arn = aws_iam_role.canary_role.arn
    schedule {
      expression = "rate(5 minutes)"
    }
    success_retention_period = 7
    tags = {
      Name = "WebAppCanary"
      Owner = "VercelStream"
      Environment = "prod"
      Project = "CloudWatchMonitoring"
    }
  }

• Example from webapp-canary/nodejs/webapp-canary.js:

  const puppeteer = require("puppeteer");
  exports.handler = async () => {
    const browser = await puppeteer.launch();
    const page = await browser.newPage();
    await page.goto(
      "https://alb.vercelstreaminnovations.com/webapp/index.html"
    );
    await browser.close();
  };

Result

As part of AMJ Cloud Technologies’ DevOps team, I successfully delivered a scalable, monitored infrastructure for VercelStream Innovations’ WebApp application:

• Deployment Automation: I automated ALB, ASG, and CloudWatch provisioning using Terraform, streamlining deployment processes.
• Availability Improvement: I achieved 99.9% uptime through autoscaling and ALB configurations.
• Monitoring Coverage: I configured 100% coverage for ALB errors, CPU utilization, CIS benchmarks, and application availability via a Synthetics Canary I developed and tested.
• Scaling Efficiency: I implemented dynamic scaling with CPU (50%) and ALB request-based (10 per target) policies, along with scheduled actions.
• Notifications: I set up SNS notifications to ops@vercelstreaminnovations.com, ensuring timely alerts.
• Secure Access: I enabled HTTPS via alb.vercelstreaminnovations.com, personally validating secure routing.

Technologies Used

• AWS CloudWatch
• AWS Application Load Balancer
• AWS Auto Scaling
• AWS VPC
• AWS EC2
• AWS ACM
• AWS Route 53
• AWS SNS
• Terraform
• Amazon Linux 2

Key Takeaways

This project highlights my expertise as a DevOps engineer at AMJ Cloud Technologies in designing and implementing a monitored web application infrastructure using Terraform. By coding CloudWatch alarms, developing a Synthetics Canary, and integrating with ALB and autoscaling, I ensured robust performance and security for VercelStream Innovations’ platform.

Architectural Diagram

The diagram illustrates the ALB with HTTPS, ASG with WebApp instances, CloudWatch alarms, and Synthetics Canary, integrated with Route 53 DNS and a custom VPC.