Open in app

Sign in

Write

Sign in

3-Tier Architecture with High Availability

Antrameca Mathis ( Ann-Trah-Mee-Kah)
11 min readApr 30, 2023

--

Initiative:

Week 9 Project. Design and create a highly available 3-Tier architecture for a new web application.

Layer 1: Web Tier

  1. 2 public subnets
  2. Minimum of 2 EC2 instances with an OS of your choice (free tier) in an Auto Scaling Group.
  3. EC2 Web Server Security Group allowing inbound permission from the internet.
  4. Boot strap static web page or create a custom AMI that already includes the static web page.
  5. Create a public route table and associate the 2 public subnets.

Layer 2: Application Tier

  1. 2 private subnets
  2. Minimum of 2 EC2 instances with an OS of your choice (free tier) in an Auto Scaling Group.
  3. EC2 Application Server Security Group allowing inbound permission from the Web Server Security Group.
  4. Associate with private route table.
    Note: This is not a true application tier as we don’t have any provided code to run on the EC2 instances.

Layer 3: Database Tier

  1. Use a free Tier MySql RDS Database.
  2. The Database Security Group should allow inbound traffic for MySQL from the Application Server Security Group.
  3. 2 private subnets.
  4. Associate with private route table.
    Note: No need to use Multi-AZ but be sure to document how you would add it
  5. Remember that when diagraming this tier you are only creating one RDS instance in one subnet even though you are creating two subnets. If you use multi-az or a read replica then and only then should you have a second instance. Make sure to label accordingly.

Define Stages of 3-Tier Architecture:

*Presentation/Web Tier

In this tier, the user interface and communication layer of the application, where the end user interacts with the application. Its main purpose is to display information to and collect information from the user.

*Application/Logic/Middle Tier

In this tier, information collected in the presentation tier is processed. The application tier can also add, delete or modify data in the data tier.

*Data/Database Tier

In this tier, the information processed by the application is stored and managed. This can be a relational database management system or in a NoSQL Database server.

Prerequisites:

AWS Account * Knowledge of AWS and CLI * Computer

Step 1: Log into your IAM Role for your AWS Account

Step 2: Create a VPC

Create your VPC name, manually enter your IPv4 CIDR block, and then click “Create VPC.”

Success!

Step 3: Create 6 Subnets: 2 public subnets and 4 private subnets.

Select “Create Subnet” under the subnets category and choose he VPC your created for this project.

Two Public Subnets will be created for the Web Tier:

Subnet #1: WebTierPublicSubnet1 * AZ us-east-1a * IPv4 CIDR block 10.0.1.0/24

Subnet #2: WebTierPublicSubnet2 * AZ us-east-1b * IPv4 CIDR block 10.0.2.0/24

Two Private Subnets will be created for the Application Tier:

Subnet #3: AppTierPrivateSubnet1 * AZ us-east-1a * IPv4 CIDR block 10.0.3.0/24

Subnet #4: AppTierPrivateSubnet2 * AZ us-east-1b * IPv4 CIDR block 10.0.4.0/24

Two Private Subnets will be created for the Database Tier:

Subnet #5: DBTierPrivateSubnet1 * AZ us-east-1a * IPv4 CIDR block 10.0.5.0/24

Subnet #6: DBTierPrivateSubnet2 * AZ us-east-1b * IPv4 CIDR block 10.0.6.0/24

Select each public subnet one at a time, and under “Actions” click “Edit Subnet Settings.” Then, Enable auto-assign public IPv4 address for both the public subnets and click “save.”

Step 4: Create an Internet Gateway

Attach the VPC you created for this project.

Success! The internet gateway has been created and the VPC has been attached.

Step 5: Create 2 route tables

Create 1 public route table and associate the two public subnets. Then, create 1 private route table and associate the four private subnets. Also, associate both route tables with the VPC for this project. When each route table has been created successfully, then under “Actions” select “Edit subnet associations.” Click “Save Associations.”

Step 6: Create 2 NAT Gateway

Create NAT Gateway and associate the Web Tier Public Subnet #1 that you create for this project . Then, select “Ellocate Elastic IP” Click “Create NAT Gateway.”

Step 7: Associate the Public Route Table with the Internet Gateway

Select public route table that you created for this project. Under “Actions” Select “Edit Routes.” Then, click “Add route.” Under Target, select the Internet Gateway that you created for this project. Click, “Save Changes.”

Successful association!

Step 8: Associate the Private Route Table with the NAT Gateway

Select private route table that you created for this project. Under “Actions” Select “Edit Routes.” Then, click “Add route.” Under Target, select the NAT Gateway that you created for this project. Click, “Save Changes.”

Step 9: Create Launch Templates For Web Tier and Application Tier

For Web Tier, Search “EC2 Launch Template” in the search box and select “Create launch template.”

Name the template and version description. Select “Provide guidance to help me set up a template that I can use with EC2 Auto Scaling.”

p

Under Quick Start, choose Amazon Linux 2023 AMI.

Under Instance type, choose t2.micro Free tier eligible. For key pair, make a new or use one that you already created.

Under Network settings, choose “Create security group,” name the Security group and give it a description. Choose the VPC that you created for this project.

Click “Add Security group rule.”

To create a static web page, under the User Data section, enter the script below. Then, click “Create template.”

For Application Tier, repeat the steps to create a Launch template. The difference will be the change in the security group.

Security Group Rule 1 choose for Type: SSH and Source: Your Public Security Group that you created for this project.

For Security Groups Rule 2 choose for Type: ALL ICMP and Source: 0.0.0.0/0

Click, “Create launch template.” It the App Tier Launch Template was a success.

Step 10: Create an Auto Scaling Group and Application Load Balancer for Web Tier and Application Tier

Go to Launch Template. Under “Actions,” click “Create Autoscaling group.”

Create a name for the Auto Scaling group and use your launch template. Click “Next.”

Select the VPC and Web Tier from subnets created earlier in the project. Then, select “Next.”

For Load balancing, select “Attach to a new load balancer”. Then select, “Application Load Balancer.”

Create a name for the autoscaling group. Click “Internet-facing.” Select the VPC and Web Tier subnets created earlier in the project.

Select “Create a target group.” Then select “Next.”

For Group Size, choose 2 as the desired capacity, minimum, and maximum capacity. Click “Next” through each screen until you get to “Create Auto Scaling Group” button and click it .

Successful Auto Scaling Group creation for the Web Tier!

For Application Tier, go to Launch Template. Under “Actions,” click “Create Autoscaling group.” Create a name for the Auto Scaling group and use the App Tier launch template. Click “Next.”

Select the Project VPC and Application Tier subnets created earlier in the project. Then, select “Next.”

For Load balancing, select “Attach to a new load balancer”. Then select, “Application Load Balancer.” Create a name for the autoscaling group. Click “Internet-facing.” Select the VPC and Application Tier subnets created earlier in the project. Select “Create a target group.” Then select “Next.”

For Group Size, choose 2 for the desired capacity and minimum, and 4 for maximum capacity. Click “Next” through each screen until you get to “Create Auto Scaling Group” button and click it .

Launch Template and ASG creation were successful

Step 11: Create the Database Tier

Search “RDS,” click “Create database.”

Master username is “admin” and create a Master password.

For Connectivity, choose the VPC for this project and subnet group. Don’t allow Public access.

Database port chooses 3306 automatically. Click “Create database.” It may take a few minutes to create the database.

Database has successfully been created.

Step 12: Connect Security Group to Database

Search “Security Groups” and select the Database Security Group that you created for this project. Under Action, select Edit inbound rules.

Click “Add rule.” For “custom,” click the 3 Tier Database Security Group that you created for this project and delete the default security group rule. Click “Save rules.” Now, let’s move on to testing, because you cannot ping the Application Tier without it.

Add Security Group to Application Tier in order to ping the instance from the Web Tier.

FINAL STEP: TIME TO TEST!!!

Test #1: Web Tier instance Public IP Address. Copy the IPV4 address from one of the Web Tier instances into your web browser.

Test #2: Access Web Tier via the CLI. SSH into the terminal with keypair path and use the command [curl http://localhost]

Test #3: Ping the Application Tier via the CLI. Type [ping <private IPV4 address>]. Type Ctrl + c to stop the pinging. When you see the pinging such as the one below, then it is successful.

You have officially succeeded in passing all three tests. Most importantly, you have built the 3-Tier Architecture.

Now to prevent incurring charges, you must delete/stop the components of the 3 Tier Architecture: NAT Gateways, Elastic IPs, and ALBs and EC2.

3 Tier Architecture

--

--

Antrameca Mathis ( Ann-Trah-Mee-Kah)

Written by Antrameca Mathis ( Ann-Trah-Mee-Kah)

13 Followers

DeveOps- Level Up in Tech Student

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams