Open in app

Sign in

Write

Sign in

Deploying a highly available 3- tier architecture in the AWS console

Michael-Alex Ojomoh
10 min readJul 16, 2022

--

A three tier architecture is a very popular implementation of the client-service software design. It consist of 3 different tiers that link together and provide different functions

The top-level tier is called the web tier. Web tier’s primary function is to show and gather user information. The application’s brains are located in the application tier. The business logic that handles user inputs is stored in this tier. The data or backend tier of a web application is the database tier. It is the location where the data handled by the program is maintained and saved.

Objective

  • We have been tasked to design a highly available 3-tier architecture
  • Create a VPC and configure it with route tables, an internet gateway and include subnets for your web, application, and database tier
  • Create the application and web tiers with EC2 auto-scaling groups and configure the security groups so that only trusted security groups from the tier above have access
  • Create the database tier using RDS
  • Verify the web tier can be accessed from the Internet and that it can ping the application tier.

Lets Begin

Step 1: Creating and Configuring a VPC

Our VPC will be hosting our 3 tier architecture. in this step we will be creating our VPC, configuring our subnets, attaching an internet gateway and NAT gateway, and assigning subnets to route tables within our VPC

VPC

Navigate to the VPC page in the AWS console and hit Create VPC. Choose VPC only, give your VPC a name, and enter your CIDR. After doing so, click Create VPC at the bottom.

Subnets

we will be creating 2 subnets for each layer of our architecture so in total 6 subnets for our VPC.

on the left hand side of the VPC page in the console click on subnets then click create subnet. we will first choose the VPC we just created under VPC ID. Each subnet must have a name, an availability zone, a CIDR. For this project I named the subnets for each tier, I also assigned the first subnet of each tier the same availability zone as well as the second.

Internet gateway

Our next step is to create our internet gateway and attach it to our VPC to allow public subnets traffic to the internet.

on the left hand side of the VPC page in the console click on internet gateways then click create internet gateways. Now that we have created out internet gateway we need to attach it to the VPC that was just created. Select the gateway that was just created and under actions select Attach to VPC. Choose the VPC that you previously created and hit attach internet gateway. The attached state should now be visible in your dashboard.

NAT gateway

our application layer will have instances in a private subnet. A NAT gateway will be used to ensure that instances in the application tier that are located in a private subnet can connect with those in the web tier. Our private subnets won’t permit unauthorized inbound connections and will be able to connect to the internet and other VPC services.

Just like our internet gateway on the left hand side of the VPC page in the console click on NAT gateways then click Create NAT gateways.

Specify a name, specify a public subnet and then under Connectivity type select public. after that you want to select Allocate Elastic IP once an IP address is generated click Create NAT Gateway

Route Tables

on the left hand side of the VPC page in the console click on Route Tables then click Create Route Tables. We will be creating a public and 2 private route tables. Select the VPC we created earlier to attach the route tables to and hit create route table. follow these steps for all route tables

Now that our route tables are created we need to assign routes to them so they can connect outside our VPC or other services within. To assign our routes we need to select either the private or public route table and under actions select edit routes. Once at the edit routes page both our private route tables will be given a rule that will allow it to connect anywhere (0.0.0.0/0) via the NAT Gateway, and assign the public route table a rule that will allow it to connect anywhere (0.0.0.0/0) via the Internet Gateway we constructed.

Make sure both private tables have this configuration

Step 2: Create Launch Template

With our VPC configurations set up we will now create our launch templates for our web tier and application tier

We will start with the web tier from the AWS console, navigate to Instances and click Launch templates then click Create launch template.

under Launch template name and description

  • Name your launch template
  • check the box under Auto Scaling guidance “Provide guidance to help me set up a template that I can use with EC2 Auto Scaling”

Application and OS Images

  • Amazon Linux 2 Kernel 5.10 AMI 2.0.20220406.1 x86_64 HVM gp2

instance type

  • select t2.micro

Key Pair

  • create a new or use an existing key pair

Network Settings

  • select “do not include in launch template” under subnet
  • create a security group and give it a name description and specify the VPC we created earlier.
  • under Inbound security groups rules select add security group rule.
  • create two rules for ssh and HTTP with 0.0.0.0/0 as the source. this will allow all IP addresses to access our instance. Please note that this isn't best practice we will only be making this configuration for demonstration purposes.
  • once the security group is configured under Advanced network configuration then under Network interface 1. select enable under Auto-assign public IP.

Under Advanced Details we will add our bootstrap script in the User Data field

#!/bin/bash
sudo yum update -y
sudo yum install -y httpd
sudo systemctl start httpd
sudo systemctl enable httpd

Now that everything is configured we can now hit create launch template

Next we will create our launch template for our application tier. follow the same steps we took for our web tier however under network settings

  • do not include a subnet
  • create a new security group
  • name the security group
  • assign the VPC we created earlier to it
  • and add 1 security group rule where the Type is ssh and the source is the name of the security group you used for you the web tier.

We will not need any advanced configurations for this launch template so next hit create launch template

Step 3: Create Auto Scaling Groups

Now that we have out launch templates we must create our auto scaling group for the web tier and the application tier.

Navigate to the EC2 page in the console and select Auto Scaling Groups on the left hand side of the bottom of the page. from there click Create Auto Scaling Group

In the Choose launch template or configuration tab name you auto scaling group and specify the launch template we just created

In the Network and Security tab specify the VPC we created earlier and the 2 public subnets for the web tier that we created earlier as well

In the Configure advanced options section we have the option to choose an Auto Load Balancer we do not have one created just yet so we will create one now.

  • To add a new load balancer Click Attach to a new load balancer
  • Choose a load balancer name
  • Under load balancer scheme. Click Internet-facing
  • for ip address type choose IPv4
  • attach the VPC we previously established
  • Choose your already built public subnets for our web tier.
  • Listeners and routing should be HTTP:80
  • under default routing have it set to create a target group
  • under new target group name choose the name of your load balancer

In the Configure group size and scaling policies tab under group size set your desired min and max capacity. check off Target tracking scaling policy and configure your target policy to 80 and the warm up seconds to 180

After everything is configured we can skip to review and hit create auto scaling group.

To create an auto scaling group for our application tier

  • Navigate to EC2
  • On the console’s left side, select Auto Scaling Groups and then click Create an Auto Scaling Group.
  • Click switch to launch configurations then click create launch configurations
  • Give your launch configuration a name.
  • Select the Amazon Linux 2 AMI (HVM) Kernel 5.10 free tier (you can use a different browser or tab to copy and past the image id to make the search easier)
  • Choose t2.micro under “Choose instance type.”
  • Create a new security group under Security groups and give it a name.
  • Next create a new key pair or select an existing one
  • Finally hit Create launch configuration

Now that you launch configurations are created go back to EC2

  • On the console’s left side, select Auto Scaling Groups and then click Create an Auto Scaling Group
  • Name your Auto Scaling group click switch to launch configurations and specify the launch configuration you just created
  • In the Choose instance launch options tab specify your VPC we created earlier and the corresponding subnets you created earlier for the application tier
  • Skip to the Configure group size and scaling policies tab and configure it the same way you configured the Web tier’s group size and scaling policies and click Create launch configuration

now that our auto scaling groups for our web tier and application tier are configured now would be a good time to stop and test if our web tier is working properly.

go to one of the web tier instances and copy the ipv4 address. use

http://< ipv4 address>

once the apache test page is installed we can see we have everything running smoothly

Step 4: Creating the Database tier

In our database tier we first want to create a subnet group for the Database tier

  • In the AWS Console navigate to RDS click Subnet groups on the left hand side and Create DB subnet group
  • Name your subnet group
  • Select the VPC we have been using
  • Select the AZ we will be using and the subnets we created earlier for your Database Tier
  • click create

Next we will create our database

  • Navigate back to RDS and click create database
  • Select Standard Create
  • select My SQL under the engine type
  • Under Templates, select Free Tier
  • Under settings then under credential settings create a password for the admin
  • Under storage then under storage autoscaling disable storage autoscaling.
  • In the Connectivity section specify the VPC we have been using that we created earlier and the subnet group we created earlier as well.
  • Click Create Database

Now that our database has been created we will now set up the connection with the database and the application tier

  • Navigate back to RDS and click databases
  • Click on the database we just created and in the connectivity and security tab, click the link under VPC security groups
  • This will take you to the security group for you database click the security group id and from there select Edit Inbound Rules in the Inbound Rules tab.
  • first delete the default rule they have set in place
  • Click Add rule
  • Type 3306 in the port range.
  • Then for the source, select your Application tier security group
  • Click Save rules

After this step is complete we will have completed setting up our database tier and also our final tier in our architecture.

Step 5: Test Network Connectivity

Now that our 3- tier architecture is complete we will now test the network connectivity and make sure each tier can connect to the tier directly above it.

Navigate to EC2 and to your web instance click connect go to the instance connect terminal

ping you app instance by running the following command

ping <private IP address of private app instance>

SUCCESS!!!! congratulations we have now verified that we have built a 30tier architecture within the aws console.

AWS
Rds
Ec2
Vpc

--

--

Michael-Alex Ojomoh

Written by Michael-Alex Ojomoh

34 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams