A Step-by-Step Guide to Designing and Deploying a Three-Tier Architecture on AWS
A three-tier architecture is a software architecture pattern where the application is broken down into three logical tiers. The presentation layer, the business logic layer and the data storage layer. This architecture is used in a client-server application such as a web application that has the frontend, the backend and the database. Each of these layers does a specific task and can be managed independently.
Amazon Web Service (AWS) is a cloud platform that provides different cloud computing services to their customers. We will be using the following aws services to develop and design three tier architecture as follows: Elastic Compute Cloud (EC2), Auto Scaling Group, Virtual Private Cloud(VPC), Elastic Load Balancer (ELB), Security Groups , Internet Gateway and the NAT Gateway.
Let’s Begin
- Setup the Virtual Private Cloud (VPC):
In AWS console management navigate VPC → Create VPC →VPC Only(include name) →IPV4 CIDR block(10.0.0.0/16) → Create VPC
2. Create Internet gateway:
The Internet gateway allows communication of ec2 with the internet. To Create internet gateway, navigate to internet gateway and create internet gateway.
We need to attach an Internet gateway to VPC.
a. We select the internet gateway
b. Select Attach the VPC option from the Action Menu Bar.
3. Setup 4subnet:
A subnet can be public and private. Ec2 instances in a public subnet have a public IP and can directly connect to the internet and those ec2 instances in private subnet do not have public IP and can not directly access to the internet for those we will use NAT gateway.
For our setup we will use following subnet with corresponding IP range:
Public-subnet-1 | CIDR (10.0.0.0/24) | Availability Zone (ap-south-1a)
Public-subnet-2 | CIDR (10.0.1.0/24) | Availability Zone (ap-south-1b)
private-backend-subnet-1 | CIDR (10.0.2.0/24) | Availability Zone (ap-south-1a)
private-backend-subnet-2 | CIDR (10.0.3.0/24) | Availability Zone (ap-south-1b)
4. Create 2 Route Table:
A route table contains a set of rules, called routes, that are used to determine where network traffic from your subnet or gateway is directed. To put it simply, a route table tells network packets which way they need to go to get to their destination.
For our setup we will create 2 route tables one is public and the other one is a private route table.
To create a route table navigate to route tables page and click on Create route table.
After creation of route tables we have to associate route tables with public and private subnets.
To do this, we have to select the route table and choose the Edit subnet associations.
We also need to route the traffic of public subnets to the internet by Internet gateway.
To do this, we have to select the route table and choose the routes tab and then click Edit routes.
5. Create Nat Gateway:
The NAT gateway allows our ec2 instances in private subnets to access the internet. The NAT gateway is AWS managed services. To Create NAT gateway, navigate to NAT gateways and then click a Create NAT gateway.
Please ensure that NAT gateway is placed in the public subnet for our demo we will use Public-subnet-1.
Now that we have a NAT gateway, we are going to edit a private route table to make use of the NAT gateway to access the internet.
6. Launch Ec2 Instance:
Web Tier EC2:
Web tier ec2 instance that sits into a public subnet. To create a bastion host, navigate to the EC2 instance page and create an EC2 instance in the Public-subnet-2 subnet within our VPC. Also, ensure that it has public IP. Web tier ec2 also acts as a bastion host to ssh on application ec2 instances.
Create a new key pair to ssh on web tier ec2 instances.
In advanced details tab provide the required command to install a web server of web tier ec2.
Wait till the ec2 instance running state and 2 status check. After completion of 2 status checks, check the public IP of web-public ec2 in the browser.
Application Tier EC2:
For this tier, since I did not have any code to run a true application, I repeated the steps for the web tier, but using the private subnets.
To verify if we have access to the Private subnets from the public subnets we will attempt to ping a private subnet from the command line. You can do this by grabbing the public IPv4 of one of your public instances and SSH into that instance.
We will then ping the Private IP address, by using ping .
It returned an amount which shows it was successful. I will now see if I can connect to my private instance using an SSH forwarding agent. SSH into your public IPv4 address using the following command. We will copy our pem file and create a new pem file on our bastion host server and use this file to ssh on our private ec2 instance.
It worked, we are now in the private instance! That concludes out Application tier.
