The Challenge
An enterprise cloud provider needed to decommission its legacy, high-maintenance on-premises datacenter hosting in Ireland. More than 50 critical business services running on mixed Linux/Windows fleets had to be moved to AWS Europe (Dublin). The primary constraint was to achieve zero downtime for end-users, avoid transactional data loss, and automate the provisioning of golden operating system images to maintain consistent compliance baselines.
The Solution
Architected and executed a blue/green migration workflow. Created a replica database layer in AWS RDS, syncing logs in real time from the Ireland datacenter. Used **HashiCorp Packer** to build immutable golden machine images (AMIs) with security patches pre-installed, and automated infrastructure provisioning using **Terraform**. Leveraged **AWS Route 53** weighted DNS policies to execute canary testing and shift end-user traffic dynamically with zero downtime.
Key Business Outcomes
- Zero Downtime Cutover: Successfully migrated all 50+ business services with 0 minutes of user-facing downtime during transition.
- Automated VM Image Builds: Cut base OS patching and VM configuration times by 90% via automated Packer pipeline templates.
- Rigorous Disaster Recovery: Designed and documented RPO/RTO metrics and automated backup recovery procedures, testing and securing business continuity.
- FinOps and Optimization: Established identity security frameworks (IAM policies) and proactive monitoring that optimized resource allocations, reducing cloud waste.
Core Technologies
Image & Build Automation
HashiCorp Packer, AWS AMI, Ansible, CentOS, Windows Server Sysprep
DNS & Traffic Management
AWS Route 53 (Weighted and Latency Routing), Application Load Balancers
IaC & Databases
HashiCorp Terraform, AWS RDS PostgreSQL, AWS RDS SQL Server (Multi-AZ)
SRE & Disaster Recovery
AWS Backup, AWS CloudWatch Alerts, RPO/RTO verification, Shell scripts
Zero-Downtime Migration Route 53 Canary Setup
The diagram below illustrates the migration sequence: establishing a continuous DB replica sync from the legacy Ireland datacenter to AWS Europe (Dublin). Users query AWS Route 53, which is configured to route traffic via weighted rules, enabling gradual migration testing before a final 100% cutover.
Packer Template for Golden CentOS AMI
The following Packer HCL configuration demonstrates how golden CentOS images were built, hardened, and pushed to AWS for deployment.
packer {
required_plugins {
amazon = {
version = ">= 1.2.0"
source = "github.com/hashicorp/amazon"
}
}
}
source "amazon-ebs" "centos" {
ami_name = "centos-golden-{{timestamp}}"
instance_type = "t3.medium"
region = "eu-west-1"
source_ami_filter {
filters = {
name = "CentOS Stream 9*"
root-device-type = "ebs"
virtualization-type = "hvm"
}
most_recent = true
owners = ["123456789012"] # AWS Account ID
}
ssh_username = "centos"
}
build {
sources = ["source.amazon-ebs.centos"]
provisioner "shell" {
inline = [
"sudo dnf update -y",
"sudo dnf install -y htop wget curl epel-release",
"sudo systemctl enable firewalld"
]
}
}Route 53 Weighted Record (Terraform)
Terraform code used to declare weighted routing rules for canary releases during the database switchover.
resource "aws_route53_record" "app_canary_old" {
zone_id = var.route53_zone_id
name = "app.enterprise-services.com"
type = "A"
ttl = "60"
weighted_routing_policy {
weight = 90
}
set_identifier = "legacy-ireland-datacenter"
records = [var.legacy_datacenter_public_ip]
}
resource "aws_route53_record" "app_canary_new" {
zone_id = var.route53_zone_id
name = "app.enterprise-services.com"
type = "A"
ttl = "60"
weighted_routing_policy {
weight = 10
}
set_identifier = "aws-dublin-cloud"
records = [aws_lb.production_alb.dns_name]
}