Executive Summary
A regulated UK online pharmacy was running three production databases (containing patient PII) on self-managed EC2 instances with no encryption at rest, no automated backups, no automated patching, and no HA. The platform operates 24/6 with minimal tolerance for downtime. Logicata migrated all three databases to Amazon RDS using AWS DMS with Change Data Capture, achieving zero data loss and under 30 minutes of cutover downtime per database. Total infrastructure cost: around $180 per month. Delivered in three weeks.
Customer Overview
Sector: Healthcare / Online Pharmacy
Location: United Kingdom
The customer is a regulated UK online pharmacy operating multiple production applications, including a public-facing patient platform and internal B2B systems. Their databases hold PII subject to data protection legislation and pharmacy regulatory requirements. Data security and availability are not optional features.
The Challenge
The legacy database posture had several issues that compounded one another:
- No managed backup. Manual backup scripts ran with no automated verification. Recovery was a hope, not a guarantee.
- No encryption at rest. PII stored unencrypted. A compliance risk that grew worse the longer it persisted.
- No automated patching. Database servers required manual security updates, which often meant they did not happen on schedule.
- No high availability. Single instances with no failover capability. One bad hardware day was a business outage.
- 24/6 operational window. Applications active Monday through Saturday, 24 hours, with minimal tolerance for downtime. The migration had to fit around that.
- Cross-account complexity. One of the three databases needed to migrate between separate AWS accounts.
The Solution
Logicata designed a phased migration using AWS Database Migration Service with homogeneous data migration.
1. Staging-first validation
The non-production database was migrated first. This validated every piece of DMS configuration, IAM roles, network connectivity, and the application switchover procedure before any production data was touched.
2. Production migration with Change Data Capture
DMS Full Load plus Change Data Capture replication allowed applications to remain operational during bulk data transfer. Only the final cutover (stop CDC, update connection strings) required a brief maintenance window.
3. Cross-account migration
One database needed to migrate between AWS accounts. This required AWS Transit Gateway for cross-account network connectivity plus cross-account security group configuration.
Hardening at the destination
All Amazon RDS instances were configured with:
- KMS encryption at rest
- Automated backups with 7-day retention
- Deletion protection
- Maintenance windows aligned to the minimal-traffic period
AWS Secrets Manager secured every database credential. The legacy “credentials in config files” pattern was retired alongside the EC2 instances.
Results
- Zero data loss across all three databases, confirmed via custom row-count validation scripts
- Under 30 minutes of downtime per database during production cutover
- PII now encrypted at rest via KMS on managed RDS instances
- Automated backups with point-in-time recovery, no manual scripts
- Automated patching and maintenance handled by RDS
- Cross-account migration delivered successfully via Transit Gateway
- Around $180 per month total infrastructure cost for all three managed RDS instances
- Delivered in three weeks start to finish
AWS Services Used
- AWS Database Migration Service (DMS)
- Amazon RDS (MySQL)
- Amazon RDS (MariaDB)
- AWS Secrets Manager
- AWS Transit Gateway
- AWS KMS
- Amazon CloudWatch
About Logicata
Logicata is an AWS Advanced Partner holding the AWS Cloud Operations Management Competency, validated through an independent third-party audit. Logicata helps organisations build and operate secure, well-governed cloud platforms on AWS, enabling customers to reduce operational risk, meet assurance expectations, and scale with confidence.
