3-tier Architecture on AWS: End-to-end Infrastructure Design
The 3-tier architecture is used for the three logical tiers: the presentation layer, the business logic layer, and the data storage layer ensuring the security of infra, data security, disaster recovery, fault tolerance, scalability, and high availability on AWS.
To shift from on-premises or using the hybrid model to the way of building on AWS, which provides different cloud computing services to customers.
Objectives:
- Integrating on-premises with AWS cloud
- Improved security at each layer and data integrity
- Create highly available infra ensuring disaster recovery at the regional level
- Create VPC with public, and private subnets and gateways
- Alarms, events, monitoring, and dashboards
1. VPC, Subnets, Internet Gateway, Route Tables, and NAT gateway
VPC:
A VPC is a virtual network that closely resembles a traditional network that we’d operate in our data center.
A virtual private cloud (VPC) is a secure, isolated private cloud hosted within a public cloud. VPC customers can do anything they can in an ordinary private cloud, but the private cloud is hosted remotely by a public cloud provider. VPCs combines the scalability and convenience of public cloud computing with the data isolation of private cloud computing.
Subnets:
The subnet is a way for us to group our resources within the VPC with their IP range. A subnet can be public or private. EC2 instances within a public subnet have public IPs and can directly access the internet, while those in the private subnet do not have public IPs and can only access the internet through a NAT gateway.
Internet Gateway:
An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. It supports IPv4 and IPv6 traffic.
An internet gateway enables resources in public subnets (such as EC2 instances) to connect to the internet if the resource has a public IPv4 address or an IPv6 address.
Route Tables:
A route table contains a set of rules, called routes, that determine where network traffic from the subnet or gateway is directed.
NAT Gateway:
NAT Gateway is a highly available AWS-managed service that makes it easy to connect to the Internet from instances within a private subnet in an Amazon Virtual Private Cloud (Amazon VPC).
2. Load balancer and Autoscaling
Load balancer:
A load balancer serves as the single point of contact for clients. The load balancer distributes incoming application traffic across multiple targets, such as EC2 instances, in multiple Availability Zones. This increases the availability of your application. You add one or more listeners to your load balancer.
Autoscaling:
AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost. Using AWS Auto Scaling, it’s easy to set up application scaling for multiple resources across multiple services in minutes.
3. Route53 and AWS WAF
Route53:
AWS Route53 is intended for managing DNS for services and machines deployed on Amazon’s public cloud. The AWS Route 53 DNS service connects user requests to ELB load balancers, Amazon EC2 instances, Amazon S3 buckets, and other infrastructure running on AWS.
AWS WAF:
AWS WAF is a web application firewall that helps protect web applications from attacks by allowing you to configure rules that allow, block, or monitor (count) web requests based on conditions that you define. These conditions include IP addresses, HTTP headers, HTTP body, URI strings, SQL injection, and cross-site scripting.
4. AWS VPN and Direct Connect
AWS VPN:
AWS Client VPN is a fully managed remote access VPN solution used by your remote workforce to securely access resources within both AWS and your on-premises network. Fully elastic, it automatically scales up, or down, based on the demand.
Direct Connect:
AWS Direct Connect is a network service that provides an alternative to using the Internet to utilize AWS cloud services. AWS Direct Connect enables customers to have low latency, secure and private connections to AWS for workloads that require higher speed or lower latency than the internet.
5. Disaster recovery strategies and ensuring high availability
- Use disaster recovery: Create a disaster recovery plan that includes regular backups and replication to a secondary region. Use AWS Disaster Recovery to replicate your data and applications to a secondary region and failover your infrastructure in the event of a disaster.
- Use AWS services for backup and recovery: AWS provides a range of services that can be used for backup and recovery, including Amazon S3 for object storage, Amazon EBS for block storage, and AWS Backup for centralized backup management.
- Use AWS services for replication and failover: AWS provides services that can help you replicate data and applications across multiple AWS regions, including AWS Disaster Recovery, AWS Route 53, and AWS Storage Gateway. These services can help you failover your workloads to a secondary site in the event of a disaster.
- Use multiple availability zones: AWS provides multiple availability zones in each region. Use multiple availability zones to distribute your infrastructure across multiple data centers. This will ensure that your infrastructure is resilient to failures and provides high availability.
- Use load balancing: Use Elastic Load Balancing (ELB) to distribute traffic across multiple instances in multiple availability zones. This will ensure that your application can handle increased traffic and provides high availability.
- Use auto-scaling: Use Amazon EC2 Auto Scaling to automatically scale up or down your infrastructure based on demand. This will ensure that your application can handle increased traffic and provides high availability.
- Use managed services: Use AWS managed services, such as Amazon RDS and Amazon DynamoDB, to ensure that your database and other services are highly available. These services are designed to automatically handle failover and provide high availability.
- Use fault-tolerant architectures: Use fault-tolerant architectures, such as active-active and active-passive architectures, to ensure that your application is resilient to failures. These architectures involve distributing your infrastructure across multiple availability zones and using load balancing and auto-scaling to ensure high availability.
