Replicate an Amazon Web Services (AWS) web application with AWS WAF in Azure Kubernetes Service (AKS)
In this article, you learn how to replicate an Amazon Elastic Kubernetes Service (EKS) web application with AWS Web Application Firewall (WAF) using Azure Web Application Firewall (WAF) and Azure Application Gateway in Azure Kubernetes Service (AKS).
This workload implements a WAF to protect a Yelb web-based application running in a Kubernetes cluster. Applications rely on WAFs to block unwanted traffic and protect apps from common vulnerabilities. A centralized web application firewall helps simplify security management and helps ensure better protection against threats or intrusions.
For a more detailed understanding of the AWS workload, see Protecting your Amazon EKS web apps with AWS WAF.
Important
Open-source software is mentioned throughout AKS documentation and samples. Software that you deploy is excluded from AKS service-level agreements, limited warranty, and Azure support. As you use open-source technology alongside AKS, consult the support options available from the respective communities and project maintainers to develop a plan.
For example, the Ray GitHub repository describes several platforms that vary in response time, purpose, and support level.
Microsoft takes responsibility for building the open-source packages that we deploy on AKS. That responsibility includes having complete ownership of the build, scan, sign, validate, and hotfix process, along with control over the binaries in container images. For more information, see Vulnerability management for AKS and AKS support coverage.
- Understand the conceptual differences: Start by reviewing the differences between EKS and AKS in terms of services, architecture, and deployment.
- Rearchitect the workload: Analyze the existing AWS workload architecture and identify the components or services, like the workload infrastructure, application architecture, and deployment process, that you need to redesign to fit AKS.
- Update the application code: Ensure your code is compatible with Azure APIs, services, and authentication models.
- Prepare for deployment: Modify the AWS deployment process to use the Azure CLI.
- Deploy the workload: Deploy the replicated workload in AKS and test the workload to ensure that it functions as expected.
- An active Azure subscription. If you don't have one, create a free Azure account before you begin.
- The Owner Azure built-in role, or the User Access Administrator and Contributor built-in roles, on a subscription in your Azure account.
- Azure CLI version 2.61.0 or later. For more information, see Install Azure CLI.
- Azure Kubernetes Service (AKS) preview extension.
- jq version 1.5 or later.
- Python 3 or later.
- kubectl version 1.21.0 or later
- Helm version 3.0.0 or later
- Visual Studio Code installed on one of the supported platforms along with the Bicep extension.
- An existing Azure Key Vault resource with a valid TLS certificate for the Yelb web application.
- An existing Azure DNS Zone or equivalent DNS server for the name resolution of the Yelb application.
The completed application code for this workflow is available in our GitHub repository.
Clone the repository to a directory called
aws-to-azure-web-app-workshopon your local machine using the following command:git clone https://github.com/azure-samples/aks-web-application-replicate-from-aws ./aws-to-azure-web-app-workshopAfter you clone the repository, navigate to the
aws-to-azure-web-app-workshopdirectory and start Visual Studio Code using the following commands:cd aws-to-azure-web-app-workshop code .
Microsoft maintains this article. The following contributors originally wrote it:
Principal author:
- Dixit Arora | Senior Customer Engineer
- Paolo Salvatori | Principal Customer Engineer
Other contributors:
- Ken Kilty | Principal TPM
- Russell de Pina | Principal TPM
- Erin Schaffer | Content Developer 2
Azure Kubernetes Service feedback
Azure Kubernetes Service is an open source project. Select a link to provide feedback: