Creating a Highly Available 3 Tier Architecture

photo credit: Janita Williamson via

A three-tier architecture shows the structure or pattern of how an application is layered. There are 3 tiers the web tier, application and database tier. Each tier has specific task that can be managed independently from one another. This week in my bootcamp we were tasked to create a highly available 3 tier architecture for a company. So, let’s begin the process and get a further understanding of the task being given.

You have been asked to design and create a highly available 3 Tier architecture for your company’s new web application.

The project:

You have been asked to design and create a highly available 3 Tier architecture for your company’s new web application.

Create the following tiers:

Web Tier

  1. 2 public subnets
  2. Minimum of 2 EC2 instances with an OS of your choice (free tier) in an Auto Scaling Group.
  3. EC2 Web Server Security Group allowing inbound permission from the internet.
  4. Boot strap static web page or create a custom AMI that already includes the static web page.
  5. Create a public route table and associate the 2 public subnets.

Application Tier

  1. 2 private subnets
  2. Minimum of 2 EC2 instances with an OS of your choice (free tier) in an Auto Scaling Group.
  3. EC2 Application Server Security Group allowing inbound permission from the Web Server Security Group.
  4. Associate with private route table.
    Note: This is not a true application tier as we don’t have any provided code to run on the EC2 instances.

Database Tier

  1. Use a free Tier MySql RDS Database.
  2. The Database Security Group should allow inbound traffic for MySQL from the Application Server Security Group.
  3. 2 private subnets.
  4. Associate with private route table.

Verification and Deliverables:

  1. Make sure you can access the web tier web page from the internet.
  2. From the web tier verify that you can ping the application tier from the web tier by running the ping command from an EC2 instance in the web tier.
  3. Send diagram to coaches

Step 1.

  • Create a VPC. Name it> enter a CIDR> leave everything else as it default> click create VPC.

Let’s create our subnets.

-Web tier — 2 public subnet are to created

(myweb-pub1 , myweb-pub2)

-Application Tier- 2 private subnets

myapp-priv1 myapp-priv2

-Database Tier- 2 private subnets

mydatabase-priv1 mydatabase-priv2

  • For the public subnets we need to enable Auto Assign IP settings . Click Actions > Edit Subnet Settings > enable Auto Assign IP settings> save.

Step 2. Create Internet Gateway

An internet gateway is a virtual router that connects a VPC to the internet. To create a new internet gateway specify the name for the gateway below.

Internet Gate > select Create Internet Gateway ( THEN STOP…because the next step is on the next screen)

Step 3. Attach the Internet Gateways to the VPC

  • From this page click Actions, Attach to VPC
  • Select the VPC we created earlier > Attach Internet Gateway
Make sure the state says “Attached” for confirmation

Step 4. Create a public route table and associate the 2 public subnets

  • I repeated the same steps to associate the Application Private Subnet & Route Table.
  • Now we need to associate the Route Table to the public subnets. (You will refer back this section after creating the Nat Gateway, and to associate the private subnet)
  • Select the Route Table you just created> Actions> Edit subnet associations. on the next page select your subnets and click save associations.

Let’s now connect the Internet Gateways to our Route Table.

  • Select the route table > Edit Route > Add Route > under Destination enter “” >under Target select Internet Gateway (once you select Internet Gateway they Internet Gateway you created will appear. Click it to populate it into the Target field) > save changes.

Create the NAT Gateway

To do this… select the NAT Gateway services on the left > Create NAT Gateway > give it a name of your choosing> under Subnet select the first public web subnet you created earlier from the drop down box)>click the Allocate Elastic IP (this will auto-populate an Elastic IP address to the Nat Gateway) **leave everything else as the default settings.

  • After creating the Nat Gateway, we need to allow our instances in the private subnets to update packages and patches. *scroll up and refer to the section on how to associate the Route Table to the public subnets*

Step 5. Creating a Launch Template

  • Let’s start with creating an EC2 instance. (this isn’t a post on how to create an EC2 instance. So, im not going to go into every detail on how to create one (ex. how to do keypairs)….just what we need to create this particular instance :) but I’ve add cute little pink boxes on everything that needs to be edited. I find it easier to follow when there’s a thousand steps.
  • Head over to the EC2 service> Launch Templates > click the orange Create launch template button.
  • Enter a name > under Auto Scaling guidance , select the box saying “Provide guidance to help me…..”
  • Under Advanced Details scroll down to user data and enter the commands then click create launch template :

yum update -y
yum install httpd -y
systemctl start httpd
systemctl enable httpd
echo ‘<!DOCTYPE html>’ > /var/www/html/index.html
echo ‘<html lang=”en”>’ >> /var/www/html/index.html
echo ‘<body style=”background-color:black;”>’ >> /var/www/html/index.html
echo ‘ <h1 style=”color:Gold;”>Week 9 project -Web tier of the 3 tier application is a success!</h1>’ >> /var/www/html/index.html
echo ‘</body>’ >> /var/www/html/index.html
echo ‘</html>’ >> /var/www/html/index.html

Next page should a confirmation showing the EC2 instance was created successfully!

Step 6. Setting up our Auto scaling group (ASG)

  • enter a name> under Launch template select the Launch template we created earlier. Then click Next.
  • Under VPC > select the VPC we created>
  • Under Availability Zone and subnet>select the 2 public subnets we created. Click next.
  • Under Group Size chose to run 2 for my desired & minimum, and 4 for my maximum. Click next until you get to Step 7 Review. Here you can double check your work here. Lastly, select Create Autoscaling Group.

Head over to the EC2 instances to check to see if the EC2 instances are running. Click the first instance> go down to the Public IPv4 address > click open address. From there you’ll be able to see if you script is working!

Alright, now lets do the second tier, the Application Tier

Auto scaling group

  • name it > select the launch template we created > hit next
  • Now head back over to the EC2 instances to see if the private auto scaling groups are created!

Okay, now lets do the third tier, the Database Tier

Click Create Database
  • Instance Configuration > Burstable classes > select db.t2.micro
  • Connectivity >Virtual Private Cloud (VPC)> select the VPC we created
  • Select Create New> enter the name of the VPC security group name we created earlier & make sure the port for MySQL is selected. Leave everything else as the default settings, and hit create. (The instance will take a minute to run.)
Great! Our database is up and running

Okay, it’s time to validate .

From the web tier instance >select the one of the public web tiers> click connect> from here we want to “ping” the CIDIR from one of the private application tiers “ & “

run the command into the CLI



and so we have it, we were able to ping both private IP addresses!

Aaaaand…we’re done! Thank you for reading my post even if you took a peek at it. I appreciate it.

Roadblocks/issues I had along the way.

A major roadblock I had was not associating my security correctly in reference to the inbound rules. Make sure you add under Type> All ICMP-IPv4 >CIDIR

My Linkedin profile:
My GitHub username: MrsTorres
A visual diary of my coffee induced journey transitioning from healthcare to the tech world! @caffeinatedtechie



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store