Open in app

Sign in

Write

Sign in

Building a Highly Available, Fault-Tolerant AWS 3-Tier Architecture using CloudFormation Part — 1

Amudha Balamurugan
6 min readApr 16, 2024

--

In the ever-evolving landscape of cloud technology, AWS (Amazon Web Services) stands as a pioneer, offering a plethora of services to cater to diverse business needs. Among its many offerings, the 3-tier architecture remains a cornerstone for building scalable, secure, and highly available applications. Leveraging AWS CloudFormation, the Infrastructure as Code (IaC) service, not only streamlines the deployment process but also empowers professionals to architect robust solutions efficiently.

In this article, we will build a 3Tier Architecture on AWS using CloudFormation and Deploy a react app: Achieving High Scalability, high availability, and Fault Tolerance. This comes in two parts. In part — 1, we cover the infrastructure set up and data tier deployment. Part — 2 will cover the App Tier, Web Tier Deployments.

Prerequisite:

  • AWS Account
  • Basic knowledge of Linux

List of AWS services used

  • EC2
  • Autoscaling Group
  • RDS Aurora (MySql)
  • VPC
  • Application Load Balancer
  • AWS CloudFormation
  • Amazon S3

Understanding the 3-Tier Architecture

At its core, the 3-tier architecture divides an application into three logical tiers: presentation, application, and data.

  1. Presentation Tier: This tier is responsible for handling user interaction. It includes components such as web servers, content delivery networks (CDNs), and load balancers. By distributing the load and caching content closer to users, this tier enhances performance and scalability.
  2. Application Tier: Often referred to as the logic tier, this layer executes the business logic of the application. It comprises application servers and middleware responsible for processing user requests, orchestrating data flow, and implementing application-specific functionalities.
  3. Data Tier: As the name suggests, this tier manages data storage and retrieval. It typically includes databases, data lakes, and data warehouses. Ensuring data integrity, security, and scalability is paramount in this tier.
Architecture Diagram

This architecture uses a public-facing Application Load Balancer to forward client traffic to our web-tier EC2 instances. The web tier comprises Nginx web servers configured to serve a React.js website and redirect our API calls to the application tier’s internal-facing load balancer. The internal-facing load balancer forwards this traffic to the appl-tier written in Node.js. The appl-tier processes the data stored in an RDS MySQL multi-AZ database and returns it to our web tier. Load balancing, health checks, and autoscaling groups are set up at each layer to ensure the availability of this architecture.

Setup:

  1. Download the code from this repository into your local environment by running the command below. If you don’t have git installed, you can just download the zip. Save it somewhere you can easily access.
git clone https://github.com/aws-samples/aws-three-tier-web-architecture-workshop.git

2. Navigate to the S3 service in the AWS console and create a new S3 bucket. Give it a unique name, and then leave all the defaults as in. Make sure to select the region which you intend to run this whole lab. This bucket is where we will upload our code later.

3. Navigate to the IAM dashboard in the AWS console and create an EC2 role. When adding permissions, include the following AWS-managed policies. You can search for them and select them. These policies will allow our instances to download our code from S3 and use Systems Manager Session Manager to securely connect to our instances without SSH keys through the AWS console.

  • AmazonSSMManagedInstanceCore
  • AmazonS3ReadOnlyAccess

Infrastructure:

Now, we will be building out the VPC networking components as well as security groups that will add a layer of protection around our EC2 instances, Aurora databases, and Elastic Load Balancers.

I am using the Cloudformation template to deploy the required infrastructure for this project.

https://github.com/DevABM/LUIT3Tier/blob/main/vpc1.yml

With the use of this template, I will create an isolated network with the following components:

  • VPC — an isolated cloud environment with IPV4 CIDR: 10.0.0.0/23
  • Subnets — 2 public subnets and 4 private subnets

We will need six subnets across two availability zones. That means that three subnets will be in one availability zone, and three subnets will be in another availability zone. Each subnet in one availability zone will correspond to one layer of our three tier architecture.

The final subnet setup should be like this with three subnets across two availability zone.

Subnets
  • Route Tables — shows the subnet associations and flow of traffic
  • Internet Gateway — connects the public subnet to the internet directly
  • NAT gateway — enables the private subnet to access the internet indirectly through th NAT gateway present at the public subnet.
Infrastructure for the 3 tier architecture

Security Groups:

Security groups will tighten the rules for traffic to our tiers and EC2 instances. We will be using 5 security groups for this project.

  1. Internet-facing Load Balancer Security Group — Allows HTTP traffic from my IP
  2. Web Tier Security Group — Allows HTTP traffic from my IP and Allows HTTP traffic from Internet-facing Load Balancer SG
  3. Internal Load Balancer Security Group — Allows HTTP traffic from Web Tier
  4. App Tier Security Group — Allows TCP traffic from at port 4000 Internal LB SG and Allows TCP traffic from at port 4000 from my IP
  5. Database Security Group — Allows traffic from the App Tier SG to the MYSQL/Aurora port (3306)
Security Groups

With this, the infrastructure required for the project is complete. Now let us start the deployment from the data tier.

Database Deployment:

This involves two steps.

  1. DB Subnet Groups.
  2. Multi-AZ Database

DB Subnet Groups:

In AWS, a DB subnet group is a collection of subnets that are associated with an Amazon Relational Database Service (RDS) and an Elastic Compute Cloud (EC2) Virtual Private Cloud (VPC). This allows AWS to provide fault-tolerant network connectivity between the instances in the EC2 VPC and a database server running on an RDS.

To create the DB subnet groups, navigate to the RDS service and select the subnet groups and click Create DB Subnet Groups.

Provide a name for the subnet group and add subnets to the group. When adding subnets, make sure to add the subnets we created in each availability zone specifically for our database layer.

DB Subnet Group

Multi-AZ Database Deployment:

For this part, I am using Aurora MySql Compatible under Dev/Test template mode. Make sure to note down the username and password for the database which we will need later to interact with the data tier. Enable Aurora Replica under Multi-AZ deployment and choose the proper vpc, subnet groups, and DataTier Security Group we created earlier.

It will take a few moments for the database to be available. When your database is provisioned, you should see a reader and writer instance in the database subnets of each availability zone. Note down the writer endpoint for your database for later use

Data Tier

With the data tier deployment marks the completion of part — 1.

In part — 2, we will deploy and configure App and Web tiers. We will also add Load Balancers and Auto Scaling groups to achieve High Availability and fault tolerance.

Feel free to share your feedback and clap if this article is useful.

Reference:

GitHub - aws-samples/aws-three-tier-web-architecture-workshop

Contribute to aws-samples/aws-three-tier-web-architecture-workshop development by creating an account on GitHub.

github.com

LUIT3Tier/vpc1.yml at main · DevABM/LUIT3Tier

AWS 3-tier Architecture Project. Contribute to DevABM/LUIT3Tier development by creating an account on GitHub.

github.com

--

--

Amudha Balamurugan

Written by Amudha Balamurugan

105 Followers

AWS DevOps Engineer

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams