Deploying a 3-Tier Architecture using Terraform Modules & Terraform Cloud

James Banks
6 min readOct 23, 2021

--

What is a 3 Tier Architecture?

Three-tier architecture is a well-established software application architecture that organizes applications into three logical and physical computing tiers: the presentation tier, or user interface; the application tier, where data is processed; and the data tier, where the data associated with the application is stored and managed.

The chief benefit of three-tier architecture is that because each tier runs on its own infrastructure, each tier can be developed simultaneously by a separate development team, and can be updated or scaled as needed without impacting the other tiers.

What is Terraform?

Terraform is an open-source infrastructure as code (IaC) software tool that provides a consistent CLI workflow to manage hundreds of cloud services. Terraform codifies cloud APIs into declarative configuration files.

What are Terraform modules?

A Terraform module is a set of Terraform configuration files in a single directory. Even a simple configuration consisting of a single directory with one or more .tf files is a module. When you run Terraform commands directly from such a directory, it is considered the root module. A Terraform module (usually the root module of a configuration) can call other modules to include their resources into the configuration. A module that has been called by another module is often referred to as a child module.

What is Terraform Cloud?

Terraform Cloud is an application that helps teams use Terraform together. It manages Terraform runs in a consistent and reliable environment, and includes easy access to shared state and secret data, access controls for approving changes to infrastructure, a private registry for sharing Terraform modules, detailed policy controls for governing the contents of Terraform configurations, and more.

In this scenario we are being tasked with the following:

  1. Create a three tier VPC with a public subnet with an auto scaling EC2 target group which will serve as bastion hosts, a private subnet with an auto scaling EC2 instance group, and a network load balancer.
  2. Deploy this infrastructure using Terraform Cloud as a CI/CD tool to check your build.

Prerequisites:

To execute this we’ll be referencing an example from Chapter 4 of Scott Winkler’s book Terraform in Action but with a few simple tweaks.

Let’s get started…

First things first, you’ll need to fork this GitHub repository to your account and then clone the repository to your local terminal.

Within this infrastructure you can see that we have our root module and within the root module we have a modules folder which includes our autoscaling, database, and networking modules. Within each of the modules you’ll find all of the correspoding .tf files that will work together to build our 3-Tier Architecture.

Before we run the terraform initcommand to get started, make sure that you update the region in the variables.tf and terraform.tfvars file to correspond with the region you’re working in. Upon doing this you’ll need to push those changes back to your local GitHub repository.

Now let’s run terraform init.

The terraform init command is used to initialize a working directory containing Terraform configuration files. This is the first command that should be run after writing a new Terraform configuration or cloning an existing one from version control. It is safe to run this command multiple times.

Now that all of our configuration files have been initialized we’re going to head over to Terraform Cloud. Here we can deploy our infrastructure and monitor it’s build just as we would in our local terminal.

First, you’ll create an organization.

Next, we’ll need to establish a connection between our GitHub account and our Terraform Cloud account. You can do this by going to your organization settings and under Providers select Add a VCS Provider. Select Github (Custom) as the provider.

Under step 1 click the link to connect to your GitHub account and follow the instructions to register a new OAuth Application.

Upon registering the application you’ll see your Client ID. Copy and pasted under Client ID back in Terraform Cloud. Finally, back in your GitHub window you’ll need to generate a Client Secret. Then copy and paste it back into Terraform Cloud. Then click Connect and Continue. You can skip the SSH keypair and go ahead and authorize the connection to your GitHub account.

Now let’s create our workspace that we’ll be building our infrastructure from. Select Workspaces and then New Workspace. Select Version control workflow. You should see your GitHub account. Select that and then select the repository that you’ll be deploying. Then create your workspace.

Next we’ll need to set up our variables. Under Terraform Variables we’ll input our namespace and region variables which can be found also in our terraform.tfvars. Under Environment Variables you will need to input your AWS Access Key and Secret Access Key. Be sure to mark your access keys as sensitive. You can get your access key information by going to the Security Credentials under your username in the IAM Console in your AWS account. Here you can create an access key and save the information to your local machine for future use. You can find more information on configuring your AWS CLI here.

Now that we’ve configured our variables, let’s deploy our infrastructure! Under Actions select Start New Plan. Then select Start Plan. Once your plan is complete you’ll need to select Confirm & Apply. This may take a while to complete.

Once your Apply has complete you can scroll to the bottom to the Outputs and copy the lb_dns_name and paste it into a new tab to verify. You can also head to your AWS account to check out the different resources that were created.

And there you have it. Our 3-Tier-Architecture has successfully been deployed!

Next, you’ll want to destroy the infrastructure to avoid any unwanted charges to your AWS account. You can do this in Terraform Cloud under your workspace settings by selecting Destruction and Deletion. Then select Queue destroy plan.

You’ll need to confirm that you want to destroy.

After the destroy has completed you can then delete your workspace.

--

--