Designing 3-Tier Architecture in AWS

Three-tier architecture in AWS is defined as the most popular implementation of a multi-tier architecture and consists of a single presentation tier, logic tier, and data tier.

The benefits of a three-tier architecture includes:

  • Improved data integrity
  • Higher level of security
  • Ability to update or scale one tier without impacting others
  • Simultaneous development of all tiers for faster delivery

Objectives:

Web Tier

  1. Two public subnets associated with a public route table
  2. Minimum of 2 EC2 instances with an OS of your choice in an Auto Scaling Group
  3. EC2 Web Server Security Group allowing inbound permission from the internet
  4. Boot strap static web page

Application Tier

  1. Two private subnets associated w ith a private route table
  2. Minimum of 2 EC2 instances with an OS of your choice in an Auto Scaling Group
  3. EC2 Application Server Security Group allowing inbound permission from the Web Server Security Group

Database Tier

  1. Use a free Tier MySQL RDS Database
  2. The Database Security Group should allow inbound traffic for MySQL from the Application Server Security Group.
  3. Two private subnets associated with a private route table

Prerequisites:

AWS Account

Terminal

For starters, we will be creating our VPC as well as our two public subnets for our web tier. If you're wondering how I came up with the CIDRs, I just used the ones that were provided. If you want to create your own, just use a CIDR calculator. They can be found easily on Google:

10.0.0.0 /16 as the VPC CIDR with two availability zones: us-east-1a and us-east-1b
Two public subnets, no private subnets, no NAT gateways, no endpoints. Click next

Now we will create the launch template for our web tier. Navigate to the Launch Template pane in the EC2 service:

Check the box for "Auto scaling guidance"
Free-tier Amazon Linux image and t2.micro instance type

Create or use an existing key pair. For the network settings, create a new security group and select the VPC you just created:

For the security group rules, set the SSH and HTTP source type to anywhere:

Note: This is for project purposes only. DO NOT do this in a real-world setting!
Enable the option to "Auto-assign public IP"

We will be using an Apache web server that was created from a BASH script as our user data. In the Advanced Details section, input the following script, then create your template:

Now we will create the auto-scaling group for our web tier:

Name the auto-scaling group and select your recently created launch template
Choose your recently created VPC and the two public subnets
Attach an application load balancer that is internet-facing
Create a new Target Group and make sure your subnets are correctly selected, as well as your listener set to HTTP
Configure your group size for a minimum capacity of 2 instances and create you auto-scaling group

After your auto-scaling gr oup has been created, let's head over to our Instances pane and select an IP address to copy and paste in our web browser:

SUCCESS!

For our application tier we will be creating two subnets under the same VPC we recently created. Navigate to the Subnets pane in the VPC service and create your subnets:

After you've created the subnets, you'll need to create a routing table and associate those subnets with it:

Nam e your route table and choose the same VPC
After creating the route table, edit the subnet associations by selecting the two private subnets you just created. Save the associations

Now we will create another launch template for our application tier. This launch template will be the same as the one for our web tier, only the security group settings will be different. We want to allow inbound permissions from our web server security group in the source field:

Now let us create another auto-scaling group for our application tier. Repeat the same process as before:

After both auto-scaling groups have been created, let's go over to the Instances pane to see how they're doing:

Four instances are now running

Now we will create the subnets for our database tier:

After creating the subnets, create a route table and associate the subnets with said route table:

We now have one public route table and two private route tables with the correct associations:

Let's now head over to the RDS service and set up our database tier. Click on databases, then click create a database and follow the images below for correct setup:

Choose a password for the database
Uncheck storage auto-scaling as we won't be storing any items in this database
Select your created VPC
Create a new security group and make sure it is in the correct availability zone. Also check that the correct database port is set. The port should be 3306

After your database has been created, head over to actions and inbound rules. We want to allow inbound traffic to MYSQL from our application tier security group:

We will select our AppTier Security Group, then save the rules

Now that all three tiers have been created, we want to create a NAT gateway to route all traffic from the private route table. Choose a subnet in which to create the gateway, and make the connectivity type public. Also allocate an elastic IP for the NAT:

Now you want to go to your private route tables, being the Application tier and Database tier, and route the traffic to the NAT gateway. Go to Edit Routes and input the following for both:

And with that you have just created your 3-tier architecture in AWS! Now for our last step, let's see if we can ping our application tier from our web tier. Pick any public EC2 instance and SSH into it through your terminal:

Now you want to run the ping command for a private IP in one of your public instances :

ping <private IP of application tier instance>

Roadblocks:

I ran into some problems with my security groups while creating the launch template for the application tier. I was trying to create a launch configuration within the auto-scaling group and that messed with everything. This one problem caused me to have to delete everything twice and start over because I couldn't figure out what the problem was. I decided to just create another launch template, and that worked fine . Will have to look into it more, but I believe launch configurations are obsolete.

Thank you to all who took the time to read! Feedback is much appreciated!

Designing 3-Tier Architecture in AWS was originally published in Towards AWS on Medium, where people are continuing the conversation by highlighting and responding to this story.

Namaste Devops is a one stop solution view, read and learn Devops Articles selected from worlds Top Devops content publishers inclusing AWS, Azure and others. All the credit/appreciations/issues apart from the Clean UI and faster loading time goes to original author.

Comments

Post a Comment

Did you find the article or blog useful? Please share this among your dev friends or network.

An android app or website on your mind?

We build blazing fast Rest APIs and web-apps and love to discuss and develop on great product ideas over a Google meet call. Let's connect for a free consultation or project development.

Contact Us

Trending DevOps Articles

Working with System.Random and threads safely in .NET Core and .NET Framework

In this post I look at some of the ways you can misuse System.Random, comparing .NET Framework, NET Core, and .NET 6 implementations. In this post I look at some of the ways you can misuse System.Random for generating random numbers, specifically around thread safety. I start by showing how to use the built-in thread-safe Random generator in .NET 6. I then step back to previous .NET Core implementations, before the thread-safe Random generator was added, and show how to add your own. Finally, we take one more step back to .NET Framework, and look at he issues that arise there. tl;dr; If you're using .NET 6, then always use the static property Random.Shared if possible. If (like me) you need to support older version of .NET Core and .NET Framework, then read on! Generating random numbers from multiple threads in .NET 6+ It's a common requirement to be able to generate some sort of random number in .NET. If you don't need this to be a cryptographically secure ran...
Read more

Popular DevOps Categories

AWS Devops aws devops use cases best devops tutorial for beginners AWS DevOps Guru Azure Business Analytics DataOps DataOps Automation DevOps Interview Questions
Docker aws cdk application load balancer AWS CDK Application security AWS CDK application Application Load Balancers with DevOps Guru Auto scale group Automation Autoscale EC2 Autoscale VPC Autoscaling AWS Azure DevOps Big Data BigQuery CAMS DevOps Containers Data Observability Frequently Asked Devops Questions in Interviews GCP Large Table Export GCP Serverless Dataproc DB Export GTmetrix Page Speed 100% Google Page Speed 100% Healthy CI/CD Pipelines How to use AWS Developer Tools IDL web services Infrastructure as code Istio App Deploy Istio Gateways Istio Installation Istio Official Docs Istio Service Istio Traffic Management Java Database Export with GCP Jenkin K8 Kubernetes Large DB Export GCP Linux MSSQL March announcement MySQL Networking Popular DevOps Tools PostgreSQL Puppet Python Database Export with GCP Python GCP Large Table Export Python GCP Serverless Dataproc DB Export Python Postgres DB Export to BigQuery Sprint Top 100 Devops Questions TypeScript Client Generator anti-patterns of DevOps application performance monitoring (APM) aws amplify deploy blazor webassembly aws cdk application load balancer security group aws cdk construct example aws cdk l2 constructs aws cdk web application firewall aws codeguru reviewer cli command aws devops guru performance management aws service catalog best practices aws service catalog ci/cd aws service catalog examples azure Devops use cases azure devops whitepaper codeguru aws cli deploy asp.net core blazor webassembly devops guru for rds devops guru rds performance devops project explanation devops project ideas devops real time examples devops real time scenarios devops whitepaper aws docker-compose.yml health aware ci/cd pipeline example host and deploy asp.net core blazor webassembly on AWS scalable and secure CI/CD pipelines security vulnerabilities ci cd pipeline security vulnerabilities ci cd pipeline aws smithy code generation smithy server generator
Show more