AWS 3-Tier Architecture

Long Ngan
5 min readDec 5, 2022


What is a 3-tier architecture?

It consists of three distinct layers that all interact with each other in your application. The first tier is the presentation layer or the frontend, this is where the consumer interacts with your application or web page. The frontend communicates with the application layer (backend) based on the consumer’s interaction. The second layer, the application layer, is everything behind the scene that we do not see. This layer processes and translate the consumer's action into business logic. The last tier, the database, is where all the information is stored and managed.

Note: At the end, all EC2 instances, auto-scaling group, NAT gateway, elastic load balancer, and more need to stop or you will be charged for running them.


Creating a VPC and more

AWS recently added a new feature that allows users to create not only VPC but dictates how many availability zones, the number of private and public subnets, and whether to include a NAT gateway or not.

I will be using the ‘VPC and more’ option

Review all your option and confirm. The creation of the VPC usually takes about 1–2 minutes to complete.

We need to enable auto-assign public IPv4 addresses for all our subnets.

Creating an Auto-Scaling Group

Go to EC2 → Auto-scaling group (all the way at the bottom)

Creating a new template, you may skip this step if you have an existing template

Select t2.micro for the instance type or any of your choosing.

Assign a key pair

Network setting to allow for SSH and HTTP from anywhere. The security group rule needs to be added

Expand ‘Advanced network configuration’ to enable auto-assign public IP

Scroll all the way down and expand ‘Advanced details’ and go all the way down to user data. We will bootstrap a script for the instance to use when it launches.

We need two Auto-Scaling Groups, one for our frontend (public) and one for our backend (private). The last two private subnets are for our database tier.

We will add a load balancer to this auto-scaling group.

The process for creating an auto-scaling group is repeated to make one for our private subnet (backend).

In total, you should have 2 auto-scaling groups and each group is running 2 EC2 instances. I copied the address from the load balancer and your webpage should appear.


Before I got this page I actually got a ‘503 service temporarily unavailable.’ According to AWS I forgot to register the EC2 instance under ‘Target Group.’ The error was resolved afterward.

Creating a Database

We are going to use Amazon RDS and create a DB subnet group first.

Pick the last two private subnet that has not been used yet. You need to keep track of which one has been used so far. Click create afterward.

Go back to the ‘Dashboard’ and create a Database.

We’re selecting MySQL for our free tier

Make a password

Leave the rest standard and scroll to ‘Connectivity’ then

Edit inbound rules to add ‘MySQL/Aurora’ and include the security group. This will allow us to ping our private servers.

The ping was successful!