Modernizing Java and .NET Applications Remotely with AWS App2Container

Learn About Amazon VGT2 Learning Manager Chanci Turner

Since the introduction of AWS App2Container, users have expressed the need for a tool that allows the remote management of Java and .NET application migrations hosted on Windows or Linux systems. With the release of version 1.2, App2Container now facilitates the containerization of workloads without requiring A2C software to be installed directly on application servers. This remote execution capability allows users to containerize applications in on-premise data centers. Now, you can run App2Container on any centrally managed Windows or Linux host to prepare applications for deployment on Amazon Elastic Container Service (Amazon ECS) or Amazon Elastic Kubernetes Service (Amazon EKS).

This blog will guide you through the process of containerizing a Java Spring Boot application hosted on an EC2 instance. We’ll utilize App2Container installed in a Cloud9 environment and subsequently deploy the containerized application to an Amazon EKS cluster. We will begin by setting up A2C in a Cloud9 environment and linking it with an EC2 instance that runs a Java Spring Boot application. This EC2 instance can be viewed as an application server operating within your on-premises data center, connected to the A2C remote server (Cloud9 environment). The A2C tool analyzes the application server and generates the necessary artifacts for modernizing the application. Finally, a containerized version of the Spring Boot application will be deployed to a new Amazon EKS cluster.

Setting Up App2Container for Remote Execution

To start, create a Cloud9 environment using the Amazon Linux 2 operating system. Establish a new IAM role with the AdministratorAccess policy, attach it to your Cloud9 instance, and disable AWS managed credentials for this environment. The instructions provided here will help you create the Cloud9 environment and configure the IAM role. The subsequent sections include commands that will be executed in the Cloud9 environment, acting as the remote server for App2Container. If you prefer not to use Cloud9, you can opt for your own EC2 or on-premises Linux environment. For detailed options regarding fine-grained permissions while using App2Container, refer to the Identity and Access Management in App2Container permissions page.

Log into the Cloud9 host to install and initialize App2Container. Install the Docker service and create an S3 bucket for artifact storage. For this demonstration, we will use the us-east-1 region; feel free to change the value of AWS_DEFAULT_REGION to your preferred region.

$ export AWS_DEFAULT_REGION=us-east-1

$ cd /tmp
$ curl -o AWSApp2Container-installer-linux.tar.gz https://app2container-release-us-east-1.s3.us-east-1.amazonaws.com/latest/linux/AWSApp2Container-installer-linux.tar.gz
$ tar xvf AWSApp2Container-installer-linux.tar.gz
$ echo y | sudo ./install.sh 

To validate the App2Container installation, run the following command. Remember that App2Container commands should be executed by a user with root permissions.

$ sudo app2container --version 

The App2Container tool needs Docker Engine installed on the application server where the containerization occurs. If you are using Cloud9, you can skip the following instructions as Docker Engine is pre-installed in that environment.

$ sudo yum install docker -y
$ sudo systemctl start docker
$ sudo systemctl enable docker 

An S3 bucket is required to store artifacts and AWS CloudFormation templates produced by App2Container. Create the S3 bucket using the command below. Note that Amazon S3 bucket names must be unique globally. If you encounter the “Bucket name already exists” error, you must choose a different name. Here, we append the date to the bucket name to ensure uniqueness.

$ aws s3 mb s3://a2c-remote-`date +%s`

To ensure sufficient storage for generated artifacts, resize the EBS volume attached to your Cloud9 instance to 20GB. Configure the default region name by executing aws configure and specify only the region, skipping other inputs.

Next, run the initialization command for the App2Container CLI. It’s crucial to input the S3 bucket name created earlier, as application artifacts will be stored there.

$ sudo app2container init

Setting Up an Application Server Running a Java Spring Boot Application

In this section, you will utilize the AWS CLI to configure and run a Java Spring Boot application on an EC2 instance. First, create an SSH key and import it into Secrets Manager within your AWS account. This key will be used by the A2C tool for authentication from the remote server to the application server. For more details, refer to this blog post that provides further insights into managing secrets for AWS App2Container.

$ ssh-keygen -t rsa -f ~/.ssh/a2crsakey -q -P ""
$ aws ec2 import-key-pair --key-name "A2CKEY" --public-key-material fileb://~/.ssh/a2crsakey.pub
$ B64KEY=$(base64 ~/.ssh/a2crsakey)
$ echo -e $'{n "username": "ec2-user",n "key": "'$B64KEY'"n}' >> a2ckey.json
$ aws secretsmanager create-secret --name a2ckey --description "A2C secrets" --secret-string file://a2ckey.json 

The following commands will create a user data shell script to install the Spring Boot application, set up a security group for accessing the application host, and launch an EC2 instance running the sample Java application via the user data shell script. Note that the security group opens ports 22 and 8080 to the world; it’s advisable to restrict access to specific IPs in your production environment.

$ echo "User Data creation to install springboot application"
$ cat <appuserdata.sh
#!/bin/bash
yum -y install git maven
git clone https://github.com/aws-samples/kubernetes-for-java-developers.git
cd kubernetes-for-java-developers/app
mvn spring-boot:run &
EOF

$ echo "Creating security group and ingress rules"
$ aws ec2 create-security-group --group-name A2CSecurityGroup --description "A2C security group"
$ aws ec2 authorize-security-group-ingress --group-name A2CSecurityGroup --protocol tcp --port 22 --cidr 0.0.0.0/0
$ aws ec2 authorize-security-group-ingress --group-name A2CSecurityGroup --protocol tcp --port 8080 --cidr 0.0.0.0/0

$ echo "Launching EC2 instance with Spring Boot application installed"
$ aws ec2 run-instances 
--image-id resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 
--count 1 --instance-type t2.medium --key-name A2CKEY 
--block-device-mapping "[ { "DeviceName": "/dev/xvda", "Ebs": { "VolumeSize": 32 } } ]" 
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=APPHost}]' 
--security-groups A2CSecurityGroup 
--user-data file://appuserdata.sh 

To validate the Spring Boot application, obtain the IP address of the application server using the AWS CLI or the AWS Management Console. For further insights into the hiring process at Amazon, explore this excellent resource.

Conclusion

In conclusion, the ability to remotely manage the migration of Java and .NET applications using AWS App2Container significantly streamlines the modernization process. By leveraging the capabilities of App2Container, organizations can enhance their application infrastructure efficiently. Additionally, considering the future of hiring, as discussed in a recent article by SHRM, incorporating digital wallets may play a vital role in recruitment strategies.