Technical

A Beginner’s Guide to Building a 3-Tier Architecture

This dear readers, is the project I was warning you about. Fear not we will persevere and come out on the other end, more knowledgeable, stronger and definitely more confident.

Our project this week will be to create a highly available 3-Tier Architecture.

3-Tier Architecture: Is the most popular implementation of a multi-tier architecture consisting of a single web tier, application tier, and data tier.

An example of a 3-Tier Architecture: You the consumer are in need of the hottest trend item. You head over to Amazon and Search for the item.¹ You add the item to your cart.² At check-out you enter payment information.³

1. Web-Tier: Amazon.com
2. Application-Tier: Adding Item to your Cart, triggered the inventory database to return product availability.
3. Database-Tier: Triggered when entering payment information, or creating/updating your profile.

3-Tier Architecture Benefits: Each tier can be built separately, and updated or scaled without interfering with the other layers thanks to each layer running on it’s own infrastructure.

To follow along with this project you will need:

• AWS User Account with privileges. Note: once again we will be utilizing free tier throughout the entirety of the project.
• PowerShell/Terminal
• Attention to Details
• Time & Patience

Best way to complete is tier by tier and really trust the process. This will be a lengthy but worthwhile skill building project. Take your time and stick with me and we will accomplish this build. Seriously, don’t rush and pay attention to details.

Tasks:

• Create a Web Tier
• Create an Application Tier
• Create a Database Tier

Take a few deep breaths, and to quote Rafiki from The Lion King, “It is Time.”

Let’s start by logging into our AWS Console and set up the foundation to the project: our VPC. (VPC: virtual network that closely resembles a traditional network.)

If VPC isn’t showing up in your most recent you can always use the search bar and enter VPC.

Select Create VPC

The next screen begins our foundation.

• Select VPC & more
• Assign your Name
• IPv4 CIDR Block left at Default
• Select Number or Availability Zones: We will need 2

• Select Number of public subnets: We will need 2
• Select Number of private subnets: We will need 4
• Set NAT gateways as 1 per AZ
• Set VPC endpoint as None
• Enable both options under DNS

Our final step, if everything looks good is to click on Create VPC. (Shown above next to the blue arrow in the visual) Note: Creation of the VPC will take a few minutes don’t stress! Once complete, everything will have green check marks and you should be able to see the View VPC at the bottom of the screen. Go ahead and select.

Here, you can see that our VPC is in a state of Available and see a resource map. We need to continue onward with the project and choose Subnets from our left-hand menu bar.

Select Subnets

Here are our 2 Public & 4 Private Subnets

First, choose the drop down arrow by the header Subnet ID, and you can arrange in order to show public subnets together. Now, if you scroll over you can see that under the section of Auto-assign public IPv4 they say “no.”

Let’s correct this before we move onto creating our Web Tier, by enabling our Auto-assign Public IPV4. We will need to edit each subnet individually. Select one, then choose “Actions” and then “Edit subnet settings.”

Select the little box to Enable auto-assign public IPv4 address, then hit save and do the same for the other Public Subnet

Our foundation is now complete where we can move on to the Tasks!

Task 1 // Create a Web-Tier

Our Web-Tier will include:

• 2 Public Subnets
• 2 EC2 instances with an OS of your choice (free tier) in an Auto Scaling Group
• An EC2 Web Server Security Group allowing inbound permission from the internet
• Boot strapped static web page

We will continue working in our AWS Console for this portion. Navigate to EC2 either via the search bar or your console dashboard.

Select Launch template

Create your Template Name

Set up your AMI- remember using Free Tier Options

Create your key pair

Continue down to Network Settings

• Create security group
• Assign Security group name
• Add description (Allow SSH & HTTP)
• Choose the VPC created

Set Inbound security group rules

• Choose HTTP /Source Type Anywhere
• Choose SSH /Source Type Anywhere

Under Advanced network configuration we only want to change one thing. Enable Auto-assign public IP.

Next section should be Advanced details, continue to scroll down till you User Data

User Data we will enter in our Bash Script to Boot Strap our Static Website.

#!/bin/bash
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo "LUIT Week 9 3Tier Project Created by Mel Foster. Green Team is the Best" >> /var/www/html/index.txt > /var/www/html/index.html

After your User data is updated with your Bash Script, go ahead and select the orange button at the bottom of the screen Create launch template.

Success!!

Clicking on the blue text, will bring you to the screen below showing your EC2 Launch templates. With our EC2 Template in hand we will now create our Auto-Scaling Group. From the left-hand menu scroll down till you see Auto-Scaling Group.

Select Auto Scaling Groups

You are now on the AWS EC2 Auto Scaling home page. Select Create Auto Scaling group.

Select Create an Auto Scaling group

After selecting Create an Auto Scaling Group you start the steps of configuration.

Step 1:

• Choose Name
• Select the Launch template we created from the drop down
• Select Next to continue to Step 2

Step 2:

• Select VPC we created
• Select both Public Subnets we created

Continue on to Step 3 by clicking Next at the bottom of the screen

Step 3:

• Attach a new load balancer
• Select Application Load Balancer
• Select a load balancer name
• Select Internet-facing as the Load balancer scheme

• Select New Target Group

Note: When naming target group, you can not have spaces. Updated to MelFoster-WK9-ASG-1

• Select No VPC Lattice
• Enable group metrics collection within CloudWatch
• Select Next

Step 4:

• Set Desired Capacity to 2
• Set Min to 2
• Set Max to 5
• Select Target tracking scaling policy
• Set Target Value to 50
• Set seconds to warm to 50

Select Next to move onward

Skip steps 5 & 6

Step 7: Review & Select Create Auto Scaling group

Once your have your ASG successfully running you can head to your EC2 Dashboard to verify your Instances are started up and running.

We can verify both Public IP Addresses

Awesome job so far, Only 2 More Tiers to go!

Take a break, stretch and when you are ready we can begin again. If you do not plan on completing all at once, remember to go back and reset your ASG Min/Max to zero and terminate any running EC2 Instances.

Task 2 // Create an Application Tier

Our Application Tier will include:

• 2 private subnets
• 2 EC2 instances with an OS of your choice (free tier) in an Auto Scaling Group
• EC2 Application Server Security Group allowing inbound permission from the Web Server Security Group.

Note: This will not be a true application tier, as we do not have any provided code to run on the EC2 instances. All descriptive names will include private as a descriptor to allow for better organization.

To create our Application Tier we will need to create another EC2 Template & Auto Scaling Group for our two private subnets. (Will provide screen examples for the differences as the process is the same as above)

Back on the EC2

• Select Launch templates from the left-hand menu
• Name your Template
• Select Provide guidance

• Quick Start
• Select Amazon Linux (Just like we previously did)
• Select the same Instance Type
• Create a New Key Pair

In the Network settings:

• Create new Security Group
• Update the Description to Allow SSH access & SG
• Keep the VPC to our previously created VPC

• Create Security group rule to allow SSH

• Create a second security group rule to allow Web-Tier SG we created earlier from the drop down arrow under Source.

• The rest of the template doesn’t apply. Review for correct information and select Create Launch Template

Success!

Almost finished with our Application Tier! We need to create another Auto Scaling Group. Choose Auto Scaling from the left-hand menu once again. In the home screen you should see our previously created public ASG. Select Create New Template.

Step 1:

• Create Name
• Select the ASG Private Template we created

Select Next when ready

Step 2:

• Select our previously created VPC
• Select our 4 Private subnets

Note: Try to select them in order for a cleaner routing table

Step 3:

• Attach to new load balancer
• Select Application Load Balancer
• Create a Load balancer Name

• Select Internet-facing
• Select our Private Subnets
• Create a New Target Group

Note: To ensure that you don’t run into connectivity issues write down which Subnets you assign here. Keeping track of where you assign your subnets will help troubleshoot any connectivity issues.

• Skip VPC Lattice integration options
• Skip Health Section
• Enable group metrics collection within CloudWatch before hitting next

Step 4:

• Set Desired Capacity to 2
• Set Min to 2
• Set Max to 5
• Select Target tracking scaling policy
• Set Target Value to 50
• Set seconds to warm to 50
• Select Next

Skip steps 5 & 6

Step 7: Review & Select Create Auto Scaling group
Once success screen appears head back over to EC2 Dashboard to see your Private EC2 Instances.

Not pictured is our other 2 Public Instances which currently have a min/max of zero while we finish creating each tier.

We are in the final stretch of the project! Go grab a fresh cup of joe or stand-up touch your toes!

Remember if you plan on stopping at this point to shut down and ASG and EC2 Instances that you have running.

Task 3// Create a Database Tier

Our Database-Tier will include:

• Free-Tier MySQL RDS Database
• A Database Security Group allowing inbound traffic for MySQL from the Application Server Security Group
• 2 Private subnets

From our AWS Console navigate to Amazon RDS. You can enter RDS for easier access. Once in our RDS homepage, on the left-hand menu select Subnet groups.

Select DB subnet group

• Create Name
• Add Description
• Select AZ
• Assign the last two of our Private Subnets
  (If you need to pull up your subnets you can view under VPC Menu)
• Select Create

Success!

Back on the RDS Dashboard we will select the orange “Create Database button”

• Select Standard create
• Select MySQL under Engine option
• Select Free Tier Template

• Create a Master password under the Credential Settings

• Select the db.t2.micro (as that is what we have been working with)
• MAKE SURE YOU UNCLICK ENABLE STORAGE AUTOSCALING

• Select Don’t connect an EC2 compute resource
• Select IPv4
• Select our VPC we created at the beginning
• Select our DB subnet group
• Select NO to public access

• Select Create New VPC Security Group
• Create Name
• Select Availability Zone
• Select Password authentication
• Select Create database once you have reviewed selections.

Note: Your Database may take a little while to create

Whoop! There it is!! Success!!

Our next step is to Edit inbound rules for our Database Security Group. Navigate to EC2 and from the left-hand menu select Security Groups.

Select the blue link to open. Once open select Edit inbound rules.

To simplify errors we are going to create a new rule and delete the rule we don’t want.

• Select Add rule
• Type: Select MySQL/Aurora from the dropdown arrow
• Source: Custom
• By the magnifier: select our SG we created
• Delete the rule we are not going to use
• Select Save rules

You should be brought back to a SUCCESS message.

Before we test connections through our PowerShell/Terminal we need to turn everything back on if you have it off. That way we can ensure the process is operating correctly.

Once we have our Auto-Scaling Groups Min/Max adjusted to 2 & 5 we should see all of our running instances.

As well as double check our NAT Gateways are routed correctly to Public.

Ensure our VPC Route Tables are routed to the Internet
Target: Internet Gateway and Destination as 0.0.0.0/0

Looking good let’s head to our PowerShell to ping the Private App instance from your Public Web instance with the following command:

ping <private IP address of private app instance>

Success!!

Congrats!! If you stuck it out with me, we just built our very own 3-Tier Architecture!

Thank you for following along. It was a process and I hope you feel a little more confident in your growth with utilizing Amazon Web Services.