Technical
A Beginner’s Guide to Building a 3-Tier Architecture
This dear readers, is the project I was warning you about. Fear not we will persevere and come out on the other end, more knowledgeable, stronger and definitely more confident.
Our project this week will be to create a highly available 3-Tier Architecture.
3-Tier Architecture: Is the most popular implementation of a multi-tier architecture consisting of a single web tier, application tier, and data tier.
An example of a 3-Tier Architecture: You the consumer are in need of the hottest trend item. You head over to Amazon and Search for the item.¹ You add the item to your cart.² At check-out you enter payment information.³
- Web-Tier: Amazon.com
- Application-Tier: Adding Item to your Cart, triggered the inventory database to return product availability.
- Database-Tier: Triggered when entering payment information, or creating/updating your profile.
3-Tier Architecture Benefits: Each tier can be built separately, and updated or scaled without interfering with the other layers thanks to each layer running on it’s own infrastructure.
To follow along with this project you will need:
- AWS User Account with privileges. Note: once again we will be utilizing free tier throughout the entirety of the project.
- PowerShell/Terminal
- Attention to Details
- Time & Patience
Best way to complete is tier by tier and really trust the process. This will be a lengthy but worthwhile skill building project. Take your time and stick with me and we will accomplish this build. Seriously, don’t rush and pay attention to details.
Tasks:
- Create a Web Tier
- Create an Application Tier
- Create a Database Tier
Take a few deep breaths, and to quote Rafiki from The Lion King, “It is Time.”
Let’s start by logging into our AWS Console and set up the foundation to the project: our VPC. (VPC: virtual network that closely resembles a traditional network.)
The next screen begins our foundation.
- Select VPC & more
- Assign your Name
- IPv4 CIDR Block left at Default
- Select Number or Availability Zones: We will need 2
- Select Number of public subnets: We will need 2
- Select Number of private subnets: We will need 4
- Set NAT gateways as 1 per AZ
- Set VPC endpoint as None
- Enable both options under DNS
Our final step, if everything looks good is to click on Create VPC. (Shown above next to the blue arrow in the visual) Note: Creation of the VPC will take a few minutes don’t stress! Once complete, everything will have green check marks and you should be able to see the View VPC at the bottom of the screen. Go ahead and select.
Here, you can see that our VPC is in a state of Available and see a resource map. We need to continue onward with the project and choose Subnets from our left-hand menu bar.
First, choose the drop down arrow by the header Subnet ID, and you can arrange in order to show public subnets together. Now, if you scroll over you can see that under the section of Auto-assign public IPv4 they say “no.”
Let’s correct this before we move onto creating our Web Tier, by enabling our Auto-assign Public IPV4. We will need to edit each subnet individually. Select one, then choose “Actions” and then “Edit subnet settings.”
Our foundation is now complete where we can move on to the Tasks!
Task 1 // Create a Web-Tier
Our Web-Tier will include:
- 2 Public Subnets
- 2 EC2 instances with an OS of your choice (free tier) in an Auto Scaling Group
- An EC2 Web Server Security Group allowing inbound permission from the internet
- Boot strapped static web page
We will continue working in our AWS Console for this portion. Navigate to EC2 either via the search bar or your console dashboard.
Continue down to Network Settings
- Create security group
- Assign Security group name
- Add description (Allow SSH & HTTP)
- Choose the VPC created
Set Inbound security group rules
- Choose HTTP /Source Type Anywhere
- Choose SSH /Source Type Anywhere
Under Advanced network configuration we only want to change one thing. Enable Auto-assign public IP.
Next section should be Advanced details, continue to scroll down till you User Data
User Data we will enter in our Bash Script to Boot Strap our Static Website.
#!/bin/bash
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo "LUIT Week 9 3Tier Project Created by Mel Foster. Green Team is the Best" >> /var/www/html/index.txt > /var/www/html/index.html
After your User data is updated with your Bash Script, go ahead and select the orange button at the bottom of the screen Create launch template.
Clicking on the blue text, will bring you to the screen below showing your EC2 Launch templates. With our EC2 Template in hand we will now create our Auto-Scaling Group. From the left-hand menu scroll down till you see Auto-Scaling Group.
You are now on the AWS EC2 Auto Scaling home page. Select Create Auto Scaling group.
After selecting Create an Auto Scaling Group you start the steps of configuration.
Step 1:
- Choose Name
- Select the Launch template we created from the drop down
- Select Next to continue to Step 2
Step 2:
- Select VPC we created
- Select both Public Subnets we created
Step 3:
- Attach a new load balancer
- Select Application Load Balancer
- Select a load balancer name
- Select Internet-facing as the Load balancer scheme
- Select New Target Group
- Select No VPC Lattice
- Enable group metrics collection within CloudWatch
- Select Next
Step 4:
- Set Desired Capacity to 2
- Set Min to 2
- Set Max to 5
- Select Target tracking scaling policy
- Set Target Value to 50
- Set seconds to warm to 50
Skip steps 5 & 6
Step 7: Review & Select Create Auto Scaling group
Once your have your ASG successfully running you can head to your EC2 Dashboard to verify your Instances are started up and running.
We can verify both Public IP Addresses
Awesome job so far, Only 2 More Tiers to go!
Task 2 // Create an Application Tier
Our Application Tier will include:
- 2 private subnets
- 2 EC2 instances with an OS of your choice (free tier) in an Auto Scaling Group
- EC2 Application Server Security Group allowing inbound permission from the Web Server Security Group.
Note: This will not be a true application tier, as we do not have any provided code to run on the EC2 instances. All descriptive names will include private as a descriptor to allow for better organization.
To create our Application Tier we will need to create another EC2 Template & Auto Scaling Group for our two private subnets. (Will provide screen examples for the differences as the process is the same as above)
Back on the EC2
- Select Launch templates from the left-hand menu
- Name your Template
- Select Provide guidance
- Quick Start
- Select Amazon Linux (Just like we previously did)
- Select the same Instance Type
- Create a New Key Pair
In the Network settings:
- Create new Security Group
- Update the Description to Allow SSH access & SG
- Keep the VPC to our previously created VPC
- Create Security group rule to allow SSH
- Create a second security group rule to allow Web-Tier SG we created earlier from the drop down arrow under Source.
- The rest of the template doesn’t apply. Review for correct information and select Create Launch Template
Almost finished with our Application Tier! We need to create another Auto Scaling Group. Choose Auto Scaling from the left-hand menu once again. In the home screen you should see our previously created public ASG. Select Create New Template.
Step 1:
- Create Name
- Select the ASG Private Template we created
Step 2:
- Select our previously created VPC
- Select our 4 Private subnets
Step 3:
- Attach to new load balancer
- Select Application Load Balancer
- Create a Load balancer Name
- Select Internet-facing
- Select our Private Subnets
- Create a New Target Group
- Skip VPC Lattice integration options
- Skip Health Section
- Enable group metrics collection within CloudWatch before hitting next
Step 4:
- Set Desired Capacity to 2
- Set Min to 2
- Set Max to 5
- Select Target tracking scaling policy
- Set Target Value to 50
- Set seconds to warm to 50
- Select Next
Skip steps 5 & 6
Step 7: Review & Select Create Auto Scaling group
Once success screen appears head back over to EC2 Dashboard to see your Private EC2 Instances.
We are in the final stretch of the project! Go grab a fresh cup of joe or stand-up touch your toes!
Task 3// Create a Database Tier
Our Database-Tier will include:
- Free-Tier MySQL RDS Database
- A Database Security Group allowing inbound traffic for MySQL from the Application Server Security Group
- 2 Private subnets
From our AWS Console navigate to Amazon RDS. You can enter RDS for easier access. Once in our RDS homepage, on the left-hand menu select Subnet groups.
- Create Name
- Add Description
- Select AZ
- Assign the last two of our Private Subnets
(If you need to pull up your subnets you can view under VPC Menu) - Select Create
Back on the RDS Dashboard we will select the orange “Create Database button”
- Select Standard create
- Select MySQL under Engine option
- Select Free Tier Template
- Create a Master password under the Credential Settings
- Select the db.t2.micro (as that is what we have been working with)
- MAKE SURE YOU UNCLICK ENABLE STORAGE AUTOSCALING
- Select Don’t connect an EC2 compute resource
- Select IPv4
- Select our VPC we created at the beginning
- Select our DB subnet group
- Select NO to public access
- Select Create New VPC Security Group
- Create Name
- Select Availability Zone
- Select Password authentication
- Select Create database once you have reviewed selections.
Our next step is to Edit inbound rules for our Database Security Group. Navigate to EC2 and from the left-hand menu select Security Groups.
Select the blue link to open. Once open select Edit inbound rules.
To simplify errors we are going to create a new rule and delete the rule we don’t want.
- Select Add rule
- Type: Select MySQL/Aurora from the dropdown arrow
- Source: Custom
- By the magnifier: select our SG we created
- Delete the rule we are not going to use
- Select Save rules
Before we test connections through our PowerShell/Terminal we need to turn everything back on if you have it off. That way we can ensure the process is operating correctly.
Once we have our Auto-Scaling Groups Min/Max adjusted to 2 & 5 we should see all of our running instances.
As well as double check our NAT Gateways are routed correctly to Public.
Ensure our VPC Route Tables are routed to the Internet
Target: Internet Gateway and Destination as 0.0.0.0/0
Looking good let’s head to our PowerShell to ping the Private App instance from your Public Web instance with the following command:
ping <private IP address of private app instance>
Congrats!! If you stuck it out with me, we just built our very own 3-Tier Architecture!
Thank you for following along. It was a process and I hope you feel a little more confident in your growth with utilizing Amazon Web Services.