Building a 3-Tier Architecture in AWS

9 min readMar 9, 2023

Hey, Hey, Hey!

That’s a Hey for each tier. Yes, I’m corny. This is DevOps you need a sense of humor to get through the day.

So this project, we’re doing a 3-tier Architecture in AWS. A 3-tier application architecture is a modular client-server architecture that consists of a presentation tier, an application tier, and a data tier. The data tier stores information, the application tier handles logic and the presentation tier is a graphical user interface (GUI) that communicates with the other two tiers. The three tiers are logical, not physical, and may or may not run on the same physical server.

Web tier: This tier, which is built with HTML5, cascading style sheets (CSS), and JavaScript, is deployed to a computing device through a web browser or a web-based application. The presentation tier communicates with the other tiers through application program interface (API) calls.

Application tier: The application tier, which may also be referred to as the logic tier, is written in a programming language such as Java and contains the business logic that supports the application’s core functions. The underlying application tier can either be hosted on distributed servers in the cloud or on a dedicated in-house server, depending on how much processing power the application requires.

Data tier: The data tier consists of a database and a program for managing read and write access to a database. This tier may also be referred to as the storage tier and can be hosted on-premises or in the cloud. Popular database systems for managing read/write access include MySQL, PostgreSQL, Microsoft SQL Server, and MongoDB.

Enough of the techy talk, let’s begin!

Scenario:
You have been asked to design and create a highly available 3 Tier architecture for your company’s new web application.

Let’s execute!!

Let’s open the AWS console. Once there open the VPC tool. Let’s create a VPC.

Once there, select VPC and more. A wider view of the page will come up with more options. Below will be a list of the settings you should select.

☁️Name your VPC

☁️IPv4 CIDR block: 10.0.0.0/16

☁️No IPv6 CIDR block

☁️Tenancy: Default

☁️Number of Availability Zones (AZs): 2

☁️Number of public subnets: 2

☁️Number of private subnets: 0

☁️NAT gateways ($): None

☁️VPC endpoints: None

☁️DNS options: Enable both hostnames & resolution

The visual will look something like this.

Now click Create VPC.

Here are the details of what was created from the workflow.

We should have 2 public subnets and 2private subnets.

Let’s take a look at the VPC we just created.

Create an EC2 launch template.

In the AWS Console, go to the EC2 tool. Under Instance, select Launch Template.

Create Launch.

Name the template and type a description for it. Check the box where it says Auto Scaling Guidance.

Choose Amazon Linux for the AMI.

Instance type should be t2.micro.

Create new key pair for added security.Once it’s created, you’ll get a download file of the key pair.

Under Network Settings, select Create security group, name your Security group, and type in a Description. Now select the VPC you’ve created.

Under Inbound security groups rules, make these selections…

Security group rule 1 & 2

In the User Data section under Advanced details, we will input a Bootstrap Script:

#!/bin/bash

yum update -y

yum install -y httpd

systemctl start httpd

systemctl enable httpd

echo “<html><body><h1>Building a 3-Tier Architecture for you to see!</h1></body></html>” > /var/www/html/index.html

Now Create launch Template.

Success!!

Now let's create an Auto Scaling Group. Go to the EC2 tool and select Auto Scaling Group.

Name your group and choose the launch template that was created earlier, it should be in the dropdown menu. Click Next.

Select your VPC and zones under Network. Then skip all the way until you see the review page. Click Create Auto Scaling Group.

Now to Create Load Balancer.

Click on Create under Application Load Balancer.

Under Baic configuration, name your Load balancer and select the options you see below.

Under Network mapping, choose your VPC.

Select the subnets attached.

Select your security group.

Next, create a target group.

For the target type, select Instances.

Name the target group and choose our VPC. Click Next.

Select the available instance. Create target group.

Under listeners and routing, select HTTP for the protocol and 80 for the port. Choose the target group you created under Default action. Create load balancer.

Now let’s go to the VPC tool to Enable auto-assign Public IPv4.

Click on Subnets

Locate your VPC you’ve created and select the box. Under Actions, click Edit subnet settings.

Once there, where it says Auto-assign IP settings, check the box that says Enable auto-assign public IPv4 address. And save.

Now to create the private subnets.

Head on over to the VPC tool and go to subnets.

Click on Create subnets and select the VPC that was created.

Subnet 1 & 2

Click on Create subnet.

Create the Route table.

Name your Route Table, select your VPC, and Create.

Create the Auto Scaling Group.

Head over to the EC2 tool. Select Auto Scaling Groups and Create.

Name your Auto Scaling Group and select the launch template. Hit Next.

Under Network, select your VPC and also select the two private subnets that were just created. Skip to Review and click Create.

Now to Create the Database Subnet Group. Go to the RDS tool in the AWS Console and click Subnet groups on the left.

Create DB subnet group.

Name the group. give it a description, and select the VPC.

Select the two AZ and the two subnets we recently created. Now click on Create.

Create Database

Back at the main RDS tool, click Create Database.

Once the page opens up, select Standard create and MySQL.

Under Templates, select Free Tier

For Settings, create your own passcode.

Bypass Instance configuration

Storage, uncheck the box where it says Enable storage autoscaling.

Connectivity, select the first option and select your VPC. Your DB subnet group should already be entered by default.

For Public access, select No. Create a new VPC security group name and choose AZ. And Create database.

Configuring the NAT Gateway

The use for the NAT Gateway is so that instances in a private subnet can connect to services outside your VPC, but external services cannot initiate a connection with those instances.

Go to the VPC tool and select NAT Gateway, Create.