How to Build a 3 Tier Architecture in AWS
What is 3 Tier Architecture- is the most popular implementation of a multi-tier architecture and consists of a single presentation tier, logic tier, and data tier.
Objective for this project:
You have been asked to design and create a highly available 3 Tier architecture for your company’s new web application.
Lets start building the Web Tier
Web Tier
- 2 public subnets
- Minimum of 2 EC2 instances with an OS of your choice (free tier) in an Auto Scaling Group.
- EC2 Web Server Security Group allowing inbound permission from the internet.
- Boot strap static web page or create a custom AMI that already includes the static web page.
- Create a public route table and associate the 2 public subnets.
Let’s start building the Web Tier
Step1: We will need to login to the AWS console, in the search click on “Create VPC”, in the setting click on VPC and more, name your VPC.
Number of Availability Zone will be 2, Number of Subnets will be 2 and the Number of Subnets will be 4.
Nat Gateway lets use In 1 AZ
VPC Endpoints use S3 Gateway
From here we are going to click on Create VPC
Ok, now you will see the Create VPC Workflow make sure you see the “Success” and now we can move on to view VPC
When viewing your VPC you will see that your Subnets, Internet Gateway and Nat Gateway and Routing Table has been created
Step 2: Now we are going to create our EC2 Instances Launch Template
Navigate to EC2, click on Launch Template
Name your template, under the Auto Scaling guidance check the box to “provide guidance to help set up a template that you can use with EC2 Auto Scaling.
Next we will need to choose and AMI (Amazon Machine Image), I’m using the Amazon Linux (Free Tier Eligible)
Key Pair you can create or use and existing
Under the Network Settings I created a security group, named it, in the description I typed in “Allow SSH and HTTP” and then click on the VPC that was created for this project. Under the “Advance Network Configurations here you will need to enable the Auto-assigned public IP.
From here we will need to add in security group inbound rules for SSH and HTTP (follow the screen shot below)
Under the Advance Detail, User Data add in this bash script to install Apache and now click on “Create Launch Template”
Step 3: Creating a Auto Scaling Group
Name your Auto Scaling group
Under launch template, click on the drop down and select your template name and click next
Under Network select your VPC you created for this project, under the Availability Zone and subnets click on the two public subnets.
Under the load balancing click on “Attach to a new load balancer” and the load balancer type should be Application Load Balancer, the load balance name is created here, load balancer scheme needs to be set at Internet Facing.
Go to the Listeners and routing, the Protocol should be listed as HTTP, Port 80, Default routing (forward to) click on the create a target group and this will create an instance target group with default setting.
Let configure the group size and scaling policies
Group size Desire Capacity 2
Minimum Capacity 2
Maximum Capacity 5
Scaling Policies click on “Target tracking scaling policy” and next.
After clicking on next, click on create auto scaling group. At this point lets navigate to the EC2 console and lets click on the two running instances and copy and paste the public IP address in a web browser to see if we have successfully completed this part of the project.
Successful!!!!
Lets build the Application Tier
Application Tier
- 2 private subnets
- Minimum of 2 EC2 instances with an OS of your choice (free tier) in an Auto Scaling Group.
- EC2 Application Server Security Group allowing inbound permission from the Web Server Security Group.
- Associate with private route table.
Note: This is not a true application tier as we don’t have any provided code to run on the EC2 instances.
Step 1: Create another launch template
Name your new template, and lets make the description App Tier and check the box and lets get some guidance on auto scaling.
Here we need to select the AMI, I’m using Amazon Linux (free tier), instance type and key pair
Under Network Settings let click on “Create security group”, name your security group name, you will need to add some text in the description and then select your project VPC
Here we will need to create inbound security rules see description below for rules that was created for this project.
Now we can create launch template
Step 2: Create a Auto Scale Group
Go to your EC2 and search for Auto Scale and click on create
Under the choose instance launch option go to Network and choose the VPC you are using for your project, then select your Availability Zones and Subnets, make sure you are selecting your 2 private subnets.
Let head down to configure advance options and choose the load balancing click on the “Attach to a new load balancer”, under the attached a new load balancer load balancer type should be “Application Load Balancer”, name your load balancer, under the load balance scheme click Internet-facing
Under the Network mapping, listeners and routing click on the create a target group and name the target group
From here you can just click on Next
Now under the Group size
Desire Capacity 2, Minimum Capacity 2 and the Maximum Capacity 4
Scaling Policies click on “None” and then click on Next
Click on Create Auto Scaling Group
Auto Scaling Group is successfully created (verify that you see 2 groups)
At this point we will need to verify that we have 4 instances running. You should be seeing 2 public and 2 private.
Application Tier has been completed, now lets build the Database Tier
Database Tier
- Use a free Tier MySQL RDS Database.
- The Database Security Group should allow inbound traffic for MySQL from the Application Server Security Group.
- 2 private subnets.
- Associate with private route table.
Note: No need to use Multi-AZ but be sure to document how you would add it - Remember that when diagraming this tier you are only creating one RDS instance in one subnet even though you are creating two subnets. If you use multi-AZ or a read replica then and only then should you have a second instance. Make sure to label accordingly.
Step 1: Create a RDS
In the search type in RDS (Relational Database Service) in the center of the screen click on “Create database”
Under the Create Database creation method we will be clicking on Standard create, Engine option we will use the MYSQL
Under template click on “Free tier”
Settings we need to name the DB instance identifier
Credential Setting, Master username you can keep it as “admin”, Master password
Instance configuration select “Burstable classes” and select the db.t2.micro
Under the connectivity Compute resource select “Don't connect to an EC2 compute resource, under the Network type select IPv4, the VPC select your project VPC, DB subnet group select Create new DB Subnet Group, Public access click on “No”, under the VPC security group (firewall) click on “Create new”, name your new VPC group, availability zone leave it “No preference and last Database port should be 3306
No click on Create database
Once you click on Create database you will have to wait a bit before the status reads “Available”
Click on your DB identifier you created, now click on the tab “connectivity & security, to the right you will see VPC security groups click on your security group name, this will open to allow us to edit the inbound rules
So from here put a check in the box, under action (tab) drop down and select “Edit inbound rules
In the Edit inbound rules click on Delete and Save Rules
Ok now we are going to test it, now go to your instances select one of your public instance and find the public IPv4 IP address copy and paste into a web browser and you should get this
Now we will test the private IP address by pinging it on the command prompt
SSH using your public instances, then ping a private IPV4 address on the command prompt, if you are getting this you have successfully completed this project.
Complete!!!!!