Create a Highly Available 3-Tier Architecture using Terraform

The 3-tier architecture consists of a Presentation tier , Application tier and a Database Tier.

The Presentation tier — This is the user interface and communication layer of an application.

The Application tier — This is the heart of the architecture. It is where information is processed.

The Database Tier — This is where information will be stored and managed.

What is Terraform?

Terraform is an open source infrastructure as code that allows you to automate and manage your infrastructure and your platform and services that run on that infrastructure. It also uses declarative language.

Now let us deploy a 3-tier application in AWS using Terraform. It is advisable to use the terraform documentation for guidance.

3-Tier Architecture

Prerequisites:

• An AWS Account.
• AWS Access and Secret Key. Hint: Create an IAM role that allows programmatic access.
• Configure your IAM user on Visual Studio Code.
• Basic knowledge of AWS services and Terraform.
• Terraform version- v1.2.8

Step 1: Create provider.tf file using the code below:

provider.tf

• The Amazon Web Services provider is used to interact with the many resources supported by AWS
• Choose your preferred Region and the name of the IAM user you created.

Step 2: Create a vpc.tf file using the code below:

VPC resource using variables

• Make sure the enable_dns_hostnames attribute is set to true.

Step 3: Create a igw.tf file for the Internet Gateway as shown below:

Internet Gateway

• Attach the Internet Gateway to the VPC using the above VPC id.

Step 4: Create a subnets.tf file for the Public and Private Subnets as shown below;

a) Public subnets:

Public subnets

• Two public subnets are created with the attribute map_public_ip_on_launch set to true. The public IP will be needed to access the user data.

Create a route_public.tf file for the public subnet as shown below;

Route table and Route table Association

b) Private subnet (Application Tier)

Private subnets for Application tier

c) Private subnet (Database Tier)

Private Subnets for Database Tier

The private subnets for both application and database tier are set. Lets create a route table and route associations for these subnets. First, we need to create a NAT gateway for access to the internet.

Create a nat_gateway.tf file as shown below:

NAT Gateway

Next, create a route_private.tf file for the private subnets as shown below:

Route table for Private Subnets

Route table associations for App and DB tier

Step 5: Create a file for Security Group for the Presentation Tier

• create a alb_sg.tf file and add the below code

Inbound rules for Application Load Balancer

Outbound rules for Application Load Balancer

• Ports 80 and 443 are opened for the inbound connection and all ports was opened for the outbound connection

Step 6: Create a file for Security Group for the Application Tier

• create a app_sg.tf file and add the below code

Security group for Application Tier

• Port 22 is opened for SSH access for incoming connections and the CIDR block should be your IP address. Check your IP address here

Step 7: Create a file for Security Group for the Presentation Tier

• create a web_sg.tf file and add the below code

Inbound rules for Presentation Tier

Outbound rules for Presentation tier

• Ports 80, 443 and 22 were opened for the inbound connection and all ports were opened for outbound connection. The security groups for application load balancer and application tier was used as security groups for inbound connection.

Step 8: Create a file for Security Group for the Database Tier

• create a db_sg.tf file and add the below code

Security group for Database Tier

• Ports 3306 were opened for the inbound connection and all ports were opened for outbound connection. The security groups for presentation layer was used as a security group for inbound connection.

Step 9: Create EC2 instances for Presentation and Application tier.

• Create ec2.tf file and add the below code:

EC2 instances for Presentation and Application tier

• Under the user_data attribute, a file is attached to the public instance for configuration. This will help check if the web server is functioning.

Step 10: Create a file for Auto scaling groups.

• Create auto-scaling-group.tf file and add the below code:

Auto Scaling Group for Presentation Layer

Auto Scaling Group for Application Layer

• The maximum capacity is set to 2 instances for presentation and application tier. You can adjust it according to your preference.

Step 11: Create a file for Application Load Balancer.

• Create alb.tf file and add the below code:

Application Load Balancer

Application Load Balancer

• The load balancer is an application load balancer that listen to requests on port 80 and redirect traffic on port 443.
• The aws_lb_target_group_attachment resource attaches the public instance to the Target Group.

Step 12: Create a file for the Database Instance.

• Create a rds.tf file and first, create a database subnet group as shown below

Database subnet group

Database Instance

• From the above code, you could make changes to the engine_version attribute, the username attribute and the password attribute(it should be at least 8 in length)
• The multi_az attribute is set to true for high availability. Check the variable.tf below for reference

Step 13: Create a file for the outputs.

• Create an output file for the Application Load Balancer

Output file for Application Load Balancer

• The DNS of the application load balancer will be used to send requests to the public instance.

Step 14: Create a file for the variables.

• Create variables.tf file and add all the variables values used from the above code blocks

Variables file for Presentation Tier CIDR Blocks

Variables for Application and Database CIDR blocks

Variables file

• Note , you can make changes to the variable file as your wish.

Step 15: Create a file for the user data.

• Create install-apache.sh file as shown below

Bash script to install Apache server

• The code above will install apache webserver and a html file is added to the web page.

The entire code is ready. We need to run the following steps below to create the infrastructure on our AWS account. Open your terminal apply the following command

• terraform init It initialize the working directory and downloads plugins of the provider
• terraform fmt It formats our code to look clean and standard.
• terraform plan It creates the execution plan of our code. Check each resource to confirm the exact resource is what you intend to provision. If there are errors, read out the error as terraform makes it easy to debug.

Terraform plan

• terraform apply It creates the actual infrastructure
• terraform destroy It destroys all the resources you provisioned on your AWS account

Step 16: Verify these resources on your AWS account;

• Terraform will create resources below

1. VPC
2. Internet Gateway
3. Public and Private Subnets
4. Route Table and Route associations
5. Security Groups for Application Load Balancer, Application Tier, Presentation Tier and Database Tier
6. EC2 Instances
7. Auto Scaling Groups
8. Application Load Balancer
9. RDS Instance

Once all the resources are created you check code the Public IP address from your presentation tier and check if your code in install-apache.sh shows on your web browser.

Note, if you are using Windows you can download Putty to enable SSH into your web instance.

Finally, you have learnt how to provision a highly available 3-tier architecture on AWS using Terraform. There is more you can do using Terraform. I will writing more articles on how to use Terraform.

You can find the complete code on my GitHub account. Feel free to check out my other repositories.

If you found this guideline helpful, click on the like button or you can drop a comment.

Follow for more interesting stories.