Designing and Creating a Highly Available 3 Tier Architecture Using AWS
Objectives:
- Make sure you can access the web tier web page from the internet.
- From the web tier verify that you can ping the application tier from the web tier by running the ping command from an EC2 instance in the web tier.
- Create three-tier architectural diagram.
**Web Tier**
1. 2 public subnets
2. Minimum of 2 EC2 instances with an OS of your choice (free tier) in an Auto Scaling Group.
3. EC2 Web Server Security Group allowing inbound permission from the internet.
4. Boot strap static web page or create a custom AMI that already includes the static web page.
5. Create a public route table and associate the 2 public subnets.
**Application Tier**
1. 2 private subnets
2. Minimum of 2 EC2 instances with an OS of your choice (free tier) in an Auto Scaling Group.
3. EC2 Application Server Security Group allowing inbound permission from the Web Server Security Group.
4. Associate with private route table.
Note: This is not a true application tier as we don’t have any provided code to run on the EC2 instances.
**Database Tier**
1. Use a free Tier MySql RDS Database.
2. The Database Security Group should allow inbound traffic for MySQL from the Application Server Security Group.
3. 2 private subnets.
4. Associate with private route table.
Note: No need to use Multi-AZ but be sure to document how you would add it.
What You Will Need:
- An AWS Account
- Patience!
LET’S GET STARTED!!!
First, we will create a VPC. Navigate to the VPC creation dashboard, select VPC and more. Once that is selected and you’ve provided a naming convention for your VPC, select Create VPC.
Next, provide a name for your architecture. We will build this across two availability zones for high availability, 2 public subnets, and 4 private subnets. Finally, add 1 NAT gateway per AZ. Click Next to begin the VPC Workflow. After our workflow is complete, we will confirm that our environment has a total of 6 subnets (4 private, 2 public). Next, we will configure our public subnets to get the automatically assigned IPs. Navigate to VPC > Subnets > (new public subnet). Click Actions in the top right corner, then “Edit Subnet Settings”. We will then enable the setting to auto-assign public IPv4, then save the settings.
- REPEAT FOR THE OTHER PUBLIC SUBNET
BUILDING THE WEB TIER
First, we will create an Auto Scaling Group via launch template. Enter a name for your ASG and select “Create a Launch Template.” Next, run through the standard options and provide a naming convention for your launch template, choose the AMI, instance type, create a key pair, etc. This can be any AMI/instance type of your discretion, however for this project I chose Amazon Linux and t2.micro.
In the Network Settings section create a security group that allows our instances inbound access to HTTP and SSH, which will provide the SG access to our instances in the public subnets that we previously created. Be sure to select the VPC that you previously created in the dropdown menu.
In the User Data Section place the following BASH scripting:
Next, we will launch our template.
Click next. Leave the settings on the next page in a default status. Now we will configure our group size and scaling polices. Once this has been pushed through, we will navigate to the EC2 section to verify that our instances are running.
Building The Application Tier
First, we will start by creating a launch template for the Application-tier to do this, follow the above instructions. The only difference is You will add Port 3306 for MYSQL/Aurora and for Port 22 you will add your web-tier Security Group under source. We do not need to add a script to the user data field. To create an Auto Scaling Group, navigate to the Auto Scaling Group page, Click on the Create Auto Scaling Group button. Create a name and choose your Application template, then click next. Select your 3-tier VPC and app-tier private subnets then click next. We will not add a load balancer, therefore, click next again. Select the group size of your choosing (I chose desired 2 and max 4). Review all of your information and create auto-scaling group. Verify that the instances are running for both the web and application tiers.
Building The Database Tier
In the search type RDS →create database, select Standard create and MySQL as the Engine type.
Stay within the free tier Template option
In settings Select (DB cluster identifier) : PrivateDB-Instance
Credentials (Master username) : admin
Master password: **************
We are now in the last few steps. First, change the Burstable classes from db.t3.micro to db.t2.micro, for storage make sure to unclick enable storage autoscaling, for connectivity select your 3-tier VPC and select no for public access, for your VPC security group provide a name and ensure that in the Database port you select 3306 which is the port number for MySql. Review all your information and create the database. Update connectivity between the Database and the Application tiers. Navigate to your Application-SG and Under Connectivity and Security, click on the hyperlink under VPC Security groups.
- Under Inbound rules, Click Edit Inbound rules
- Click Add rule
- Type 3306 in the port range (MySQL protocol)
- For the source, select your Application tier security group
- Delete the default rule that was listed.
Now let’s verify! We transmitted six packets and received six packets from both private ip addresses, so yes, we can ping the application tier from the web tier.
Congratulations!!! You have successfully created a three-tier architecture!!!
