Building a Three - tier Architecture using the AWS Management Console | My Cloud Journey — Week 5

In this article, I will describe the process of building the VPC design discussed in my previous article. This article will primarily cover the manual steps using the AWS management console. In my upcoming article, I will showcase the implementation using Infrastructure as Code (AWS CloudFormation).

Initially, I intended to include both the manual and Infrastructure as Code implementations in one article. However, I have encountered some dependency issues with the CloudFormation template, and resolving these issues is taking longer than expected.

Let’s get started!

There are usually several ways to navigate AWS services. Here are the steps I took to build a simple, secure, and highly available VPC architecture.

Creating the VPC using AWS Console

Log in to your AWS account (preferably using your IAM credentials). After logging into your account, navigate to the VPC dashboard by clicking on “Services” in the top menu and then locate “VPC” under the “Networking & Content Delivery” section and click on it.

Setting Up a Virtual Private Cloud (VPC)

1. Click on the “Create VPC” button in your management console.
2. From the list of available VPC templates, select the “VPC with Public and Private Subnets” option. This option is ideal for scenarios where you need both public and private subnets.
3. Give your VPC a name that is meaningful to you, such as “XYZ-VPC”.
4. Define the CIDR block for your VPC. This is the IP address range that your VPC will use. For example, you can set it to “10.0.0.0/16”.
5. Next, define the CIDR blocks for your public and private subnets. AWS would have preconfigured them for you but they can be overridden.
6. Select whether or not you want a NAT Gateway to be created and in which Availabity Zone.
7. Once you have filled in all the necessary details, click on the “Create VPC” button to create your VPC along with the specified subnets.

Configuring Route Tables

To configure route tables in your VPC, follow these steps:

1. Navigate to the VPC dashboard and locate the “Route Tables” section.
2. You will find the route tables that have been automatically created: one for public subnets and one for each of the private subnets.
3. Confirm that there is a route with target ‘internet gateway’, and destination ‘0.0.0.0/0’. If not, click on the “Edit” option to add the route.
4. After configuring the route table for public subnets, proceed to edit the route table for private subnets.
5. Select the route table for private subnets that require internet access and choose the “Edit” option. In the editing interface, add a route to the NAT gateway (`0.0.0.0/0`).

Configure Security Groups and NACLs

1. In the VPC dashboard, select “Security Groups” from the left-hand menu.
2. Create security groups for your web, application, and database tiers, specifying inbound and outbound rules based on your security requirements.
3. In the VPC dashboard, select “Network ACLs” from the left-hand menu.
4. Create network ACLs for your public and private subnets, specifying inbound and outbound rules to control traffic flow.

Launch Instances and Test Connectivity
In the EC2 dashboard, launch instances for your web, application, and database tiers, selecting the appropriate subnets and security groups.

• Access your web application from the internet to ensure it’s accessible.
• Test connectivity between your application and database tiers to ensure proper communication within the VPC.

For efficiency, consistency and a whole bunch of other benefits, cloud engineers would be better off using Infrastructure as Code such as Terraform or in the case of AWS, CloudFormation in creating and maintaining cloud infrastructures.

In the next article I’ll be sharing how I implemented the architecture using CloudFormation.

Stay tuned!

Feel free to contact me to discuss Agile, cloud adoption, or anything tech-related. 🚀
You can also connect with me on LinkedIn.