3-Tier Architecture in AWS
For this article, we will be creating a 3-tier architecture, which will consist of a web tier, an app tier and a data tier.
Step 1: VPC
In the AWS console, go to the VPC dashboard and click “Create VPC”.
We will want to use the configuration settings shown below (the nametag can be personalized). Once done, click on “Create VPC”.
Our VPC has been created. Now click the “Actions” button and select “Edit VPC settings”, and select “Enable DNS hostnames.”
Step 2: Internet Gateway
Since the VPC is a private network, we will require a method of connecting to networks outside of the VPC. For this reason, we need an Internet Gateway.
Select “Internet Gateway” from the VPC dashboard.
Click “Create internet gateway”.
On the following page under the “Actions”, drop-down menu click “Attach to VPC”.
Select the newly formed VPC after that, and then click “Attach internet gateway.”
Step 3: Public Subnets
The infrastructure we are designing today will have three tiers. For each of the three levels, we must establish two subnets. Additionally, our services will be spread across two availability zones.
Under the VPC dashboard select “Subnets” and then click “Create Subnet” and select the VPC we created in step 1 under the VPC ID
Six subnets will be made, in total. Imagine it as each tier having two subnets. We will then require two availability zones for each tier us-east-1a and us-east-1b. We will begin with the address below for the IPv4 CIDR block and increase it by one number for each subnet we build.
Repeat the same steps for the next 5 subnets.
Make sure “allow auto-assign public IPv4 address” is checked for the two subnets in the web tier. To do so go to the subnets and select the web ones, click on “Actions” and the “Edit subnet settings”, then click “Save.” This will enable us to check the web server’s functionality via the internet.
Step 4: NAT gateway
We must deploy a NAT gateway in order to access resources from outside the VPC.
Go to the VPC dashboard and click on NAT gateways.
On the following page, give the NAT gateway a name, pick a web subnet, assign an elastic IP address, and then click “Create NAT gateway.” To assign an elastic IP just click on “Allocate Elastic IP”.
Step 5: Route tables
The task of guiding traffic within the subnet falls to a route table. For that reason, we need to create two route tables, one for private subnets and another for public subnets.
In the VPC dashboard select “Route tables” and then click “Create route table.”
Choose the VPC we made for the project from the drop-down menu, give the route table a name, and then click “Create route table.”
The two public subnets must then be explicitly linked to the newly established route table. After selecting the “Subnet affiliations” tab click “Edit subnet associations”. On the next page select the web subnets and hit “Save associations”.
Under the routes tab, click “Edit routes”. The internet gateway that we previously created should be added as the target, along with the following IP. Afterward, select “Save changes.”
Just like that, we created the public route table. It’s time for the private.
Return to the VPC dashboard and after selecting “Route tables”, click “Create route table” and follow the same steps as above for the public route table. When we get to the “Subnet associations” step and have to “Edit subnet associations” select all the remaining subnets (app tier and database tier). Following that, we will have to add the route and keep the same IP as the previous step but instead of targeting the Internet gateway we need to target the NAT.
Step 6: Web tier
In this step, we will build our web tier. We need to create our instances, security groups, auto-scaling group and application load balancer.
Go to the EC2 dashboard, choose “Create launch templates,” then choose “Launch templates.”
The template needs a name and a description, so we must do that first. Check the option for auto Scaling guidance. We must choose an AMI and an instance type next. I’ll be using a t.2 micro instance type with a free tier AMI. Your AMI and instance type are completely up to you, but you should always be mindful of services that are not included in the free tier.
Next, choose a key pair from the drop-down option. If needed, create one, then save the “.pem” file. We will also create our security groups as shown below. Make sure to associate the correct VPC.
Expand the “Advanced network configuration” and then click “Add network interface.” Here we will enable the “Auto-assign public IP.”
Under the advance details section, enter a script so apache is installed on our instances.
#!/bin/bash
yum update -y
yum install httpd -y
systemctl start httpd
systemctl enable httpd
amazon-linux-extras install epel -y
yum install stress -yNow we will create an Auto Scaling group. From the side menu select “Auto scaling group” and then click on “Create Auto Scaling group”. Name the ACG and select the template we just created.
After hitting next, select the VPC and the two web tier subnets.
Then a load balancer will be attached. Choose “Attach to a new load balancer.”
Press Next through the prompts and we are done with this step.
Step 7: App tier
Let’s get started by creating a launch template just like we did above but for our App tier (all steps remain the same). Don't forget to select the app subnets instead of the web ones.
Step 8: Data tier
Now we will configure our database. Go to the Amazon RDS page, click on the Databases tab and then hit “Create database”.
Create a login name and password for the database and give it a name.
From our Databases menu select “Connectivity & security”, and then select the security group that was set up for the database. The inbound rules for the security group will then need to be modified so that the application tier can connect with the database tier. Choose the appropriate security group. Then select “Edit inbound rules” from the “Inbound rules” menu.
Delete the current rule.
After that, set up the rule as follows. Make sure to select Custom for the source and the Application Security group.
The last step is to test each tier.
First, let’s confirm that the web tier web page is reachable from the internet.
Let’s take a public IP address from a web tier instance from our Instance list, paste it into the browser and if everything is correctly done we should see Apaches landing page.
Let's verify the connectivity between the web tier and the app tier. To accomplish this, we will SSH into a web tier instance and then ping the IP address of the app tier instance.
And that's all, we’ve done it!!
