How to create Three-tier highly available architecture in AWS Cloud using AWS Console
All credit goes to @Piyush Sachdeva and his great team in the discord who are ready to help and make sure you understand the issue
## This is the week 2 project from Piyush’s weekly challenge, by this time his community had already gone to week 8 challenges, and Piyush himself put up videos on how to do stuff up to week5.
In case you are wondering what am talking about then visit Piyush’s GitHub- https://github.com/piyushsachdeva/10weeksofcloudops and follow his YouTube channel for the same
Things that need to be considered for a three-tier architecture:
Outside AWS:
- Apptier,webtier code or package for installation
- Nginx server
- Pm2 process for Javascript high availability
- Mysql software on EC2 Linux instance
Inside AWS:
- AWS EC2 instances with Autoscalinggroup
- VPC , Subnet and route table (1. 2subnets for Apptier in 2 AZ, 2. 2 subnets for web tier in 2 AZ, 3. 2 subnets for DB Tier in 2 AZ, 4. Internal and External load balancer)
- Security group(1. 1 for Apptier, 2. 1 for Webtier 3. One for load balancer 4. 1 for the Database 5. Lodbalancer 6. Internal load balancer)
- Security group is the stateful firewall for AWS services, hence it is important to restrict the Allow access only between security groups
i.e make sure the Inbound connect allow http in this order “internet SG -> Webtier SG -> Internel SG-> App Tier SG -> DB Tier SG”
what it means is that the Webtier SG will have Inbound as “HTTP from internet facing Security group only, this essentially avoids unwanted connection from the internet”
5. NAT Gateways for each App tier Security Group
6. Launch the template with the AMI created for Apptier and Webtier host after installing the necessary software on the server and testing if the connection is good
7. Target group for creating web and app server
8. RDS Aurora Database cluster
Follow the steps on the AWS page for creating a three-tier and follow the Youtube video of Piyush
There are some challenges during the course of the project
- Session manager with an IAM role might not work for some instances while it works for some or if you re-start the instance or re-create an instance may work
- pm2 start index.js — start backend- when installing Pm2 use this command before doing pm2 save as the actual command in the steps is not effective when you re-start the machine
Created my custom VPC
Glance of how many VPC, Subnets, Security groups , Route table etc.,
Set of subnets
Set of Route tables
Subnet within the RDS console for the RDS Aurora cluster
Set of Security groups
Enable public IPv4 allocation on Public subnet incase the instances are not coming with Public IP address through autoscaling
Here are the instances:
AMI from the instances that have required tools and software installed
Launch templates from AMI
Autoscaling group
Target group