Design and Create an AWS Three-Tier Architecture

What is three-tier architecture in simple terms and what are the benefits?

The presentation tier is the user interface, this is where results are translated into something the user can understand. The application tier is where data is processed. The application tier is also called the logic tier because it performs calculations and makes logical decisions. The data tier is where the information that was being processed in the application tier is being stored and data can be retrieved from this tier, passed back to the application tier and eventually back to the user. Three-tier architecture can provide improved scalability, reliability, and security.

Preface:

This is a project I am doing for Level up in Tech, if you want to learn a new skill set, dust off old skills, transition into cloud, or simply just learn something new — check them out. Click Level Up in Tech above to follow and connect with them on LinkedIn.

To complete this project you will have to at the very least have a foundational knowledge of AWS, an AWS account, access to a terminal, and some knowledge of linux, networking, and research abilities 😉. For myself to have a better understanding of the project, the tiers purpose, etc — I built the tiers individually.

Project Requirements:

Web Tier

1. 2 public subnets
2. Minimum of 2 EC2 instances with an OS of your choice (free tier) in an Auto Scaling Group.
3. EC2 Web Server Security Group allowing inbound permission from the internet.
4. Boot strap static web page or create a custom AMI that already includes the static web page.
5. Create a public route table and associate the 2 public subnets.

Application Tier

1. 2 private subnets
2. Minimum of 2 EC2 instances with an OS of your choice (free tier) in an Auto Scaling Group.
3. EC2 Application Server Security Group allowing inbound permission from the Web Server Security Group.
4. Associate with private route table.
   Note: This is not a true application tier as we don’t have any provided code to run on the EC2 instances.

Database Tier

1. Use a free Tier MySQL RDS Database.
2. The Database Security Group should allow inbound traffic for MySQL from the Application Server Security Group.
3. 2 private subnets.
4. Associate with private route table.
   Note: No need to use Multi-AZ but be sure to document how you would add it

Step 1: I created my VPC. I selected VPC only and gave my VPC a name. I left the IPv4 CIDR block radio on manual input and assigned 10.10.0.0/16 to the IPv4 CIDR. I left the rest alone and hit the Create VPC button.

Step 2: I created my subnets. Two public subnets and four private subnets. I used US-East-1a and US-East-1b for availability zones. Each tier I used those availability zones. I also named the subnets after their tiers. Transparency: I had an issue with this step, as I didn’t know much about CIDR reservations or CIDR calculations. Don’t judge me! I found that AWS does a great job at explaining everything, so head here for more information.

Step 3: I created my internet gateway. I attached my VPC to the internet gateway by choosing actions, attach VPC.

Step 4: I created my NAT Gateway and added route tables. The NAT gateway will allow public access to allow my instances on the private subnets to connect to the internet. I also allocated the elastic IP address so that another instance can be created if another fails. Each tier received their own route table. These route tables will determine where the network traffic from my subnets or gateways are directed. Make sure to choose the correct VPC when you create your route tables. Once my route tables were created, I associated my subnets with their route tables. Each table is set to reach the internet gateway except the application tier, where I chose the NAT gateway.

Step 5: I configured my launch templates and then my auto scaling group. I chose an Amazon Linux 2 AMI and a t2.micro instance type, new key pair, created a security group, selected my VPC. In advanced details, I am going to bootstrap for my Apache web server. For the application tier, in the security group I allowed custom TCP with 0.0.0.0/0 and SSH with a custom security group. I did not add the bootstrap script to the application tier. For my autoscaling group, I selected the templates I made, the VPC, and subnets made. For more information on auto scaling groups click here and EC2 autoscaling here.

#!/bin/bash
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd

I then went to my EC2 instances for the web tier to verify it was working correctly.

Step 6: I created my database tier utilizing the easy peasy Relational Database Service (RDS). I named my database, selected VPC, chose my availability zones, and subnets. Then I selected MY SQL, free tier option for data creation method. I kept the name conventions similar as the other set ups and set up my master username and password for DB instance identifier.

Then I went to update the connectivity, so I selected the database I created and selected edit inbound rules. I then deleted the default rule and added the port range of 3306, which is the mySQL protocol, that will be used for application tier security group.

Step 7: I tested my security. I pinged my private application instance from my public web instance with the following command:

ping <ip address>

Transparency note

This project gave me a headache literally and figuratively 😂. It is real easy to confuse yourself and/or make mistakes, as there are a lot of steps to think about and accomplish before your three-tier architecture is up and running (and I tried to make this article short).

You also should have a solid understanding of three-tier architecture and how each tier works. So if you have a family member or friend who doesn’t mind you speaking to them about what you have learned — then definitely use them to explain what a three-tier architecture is and its benefits. Also explain the steps you took to create it and why.