Creating a 3-Tier Architecture (Web Tier, Application Tier, and Database Tier) In AWS
What is a 3 Tier Architecture
A 3 tier architecture consists of a presentation tier, an application tier, and a data tier. The presentation tier houses the user interface, such as the website that a user or client navigates to. It can also be thought of as the “front end.” The application tier is where data is processed and is often called the “back end.” The data tier is where data is stored and managed.
How to create and test a web tier, application tier, and database tier for a highly available and scalable architecture.
Presentation tier/Web Tier
Presentation tier of the web application which is visible to the user. In this scenario, we use the Amazon EC2 instance to host the web application and use the security group to manage ingress and egress traffic to the instances. Application Load Balancer is utilized to distribute the incoming traffic across EC2 instances in two availability zones.
Application Tier
The application tier is where you will write code that develop your web application. Here we are planning to provision the EC2 instances using Auto scaling group and use Application Load balancer to distribute the traffic from Web tier.
Data Tier
Is the backend tier of the web application. It runs on database management software. In this instance we use MySQL RDS. This is provisioned on a dedicated subnet across the 2 availability zones.
Consider an online shopping app — you browse products (Presentation), the app processes your orders (Application), and all the product details are stored securely (Data).
Virtual Private Cloud (VPC). Navigate to VPC on the AWS Console and click on “Create VPC”. Select VPC only, name it, make sure that IPv4 CIDR is set to manual, and enter 10.10.0.0/16. Yes I’ve used this CIDR block before and I’m using it again for familiarity. Then click on “create VPC” at the bottom.
The VPC is now available and ready for action.
Now to set up our Subnets. We’re setting up a total of 6- 2 public subnets for the web tier, 2 private subnets for the application tier, and 2 private subnets for the database tier.
Navigate to Subnets and click on “Create subnet”. Select the VPC you just made for the VPC ID, name your subnets in order of what they are for. I went with this web/application/database-tier-public/private
so I’m starting with the web tier public subnets first. For the IPv4 CIDR block I went with another familiar scheme- 10.0.1/2/3/4/5/6.0/24.
Instead of clicking “create subnet” at the bottom, we’re going to click on “add new subnet” to make the rest of the subnets. See screenshots below for visual example of how I created them:
We can see below that all 6 subnets have been created.
now “enable auto-assign public IPv4 address” in the public subnet settings. Just select the subnets one at a time, go to “Actions” on the top, and go to “edit subnet settings”.
Ok! All of our subnets are set up properly now.
Next, we need to make an internet gateway. Let’s navigate to that section on the AWS Console and get it started. Name it and then click on “create internet gateway”.
Let’s make sure we attach it to the VPC we just made. To do that, we go to “actions” and select “attach to VPC”.
On the next page select the VPC and click on “attach internet gateway”.
The VPC is now attached.
Next up, it’s time to create a Nat gateway. Let’s go to that section in the VPC dashboard and click on “Create NAT gateway” to set it up.
Let’s name it and select one of the public subnets for it. Leave the connectivity type on public. Allocate an elastic IP and then click “create NAT gateway”.
As usual I like to verify that it was setup right.
Next on the to-do list is route tables. We’ll be setting up a public and private route table. Go to route tables on the VPC dashboard and click on “create route table”.
We need to add the two public subnets to it. To do that, we go to the Explicit subnet associations section and click on “Edit subnet associations”.
Select the public subnets and click “Save associations”
Now we go to routes and click “Edit routes” to add the internet gateway to the route.
Click ‘add route” and select 0.0.0.0/0, then “Internet Gateway” for the target. Click “Save changes”.
Now we can create the private route table. We can just repeat the same process of naming the table and selecting the VPC but we should include private on the name so we can find it later.
When we go to “Edit subnet associations”, we’re going to check all 4 private subnets and click “Save associations”.
For the routes, we’re going to add a route with destination 0.0.0.0/0 on this table too but for the target, we’re selecting NAT gateway instead of internet gateway. Save the changes.
We’re going to built the tiers one at a time starting with the web tier.
Web Tier
Go to Launch templates in the EC2 dashboard and click on “Create launch template”.
Let’s name the template, add a version description, and check the “Provide guidance” box under Auto Scaling guidance
On the next section below, choose a free tier OS. I go with old reliable which is Amazon Linux.
For Instance type, I went with another old reliable which is t2.micro but you can chose another free tier option. I created a new key pair for this specific project but you can opt to use an existing one you already have if you’d like.
For the next section, Network settings, select “Create security group”, name it, and add a description. Select the VPC we made for this project and click on “Add security group rule”.
Select ssh for the Type section, and 0.0.0.0/0 for the source. Click “add security group rule”. Select HTTP for the type and 0.0.0.0/0 for the source. In the Advanced network configuration section, click “add network interface”. Select Enable for Auto-assign public IP.
Now let’s go to Advanced details and scroll down to User data. We’re going to enter a script here for an Apache web server.
Lastly, click “Create launch template”.
Before we try to make the next tier, let’s create an auto scaling group. Go to Actions after clicking on the template and select “Create Auto Scaling group”.
Name the group, select the launch template you just made, and click “Next”.
Select the VPC for this project and the two public web tier subnets. Click “Next”.
Select Attach to a new load balancer, Application load balancer, and Internet-facing. Then select Create a target group and click “Next”.
Select 2 for Desired and Minimum capacity, 4 for Maximum capacity. Leave everything else in default and click “Next” from here to the final screen and click “Create auto scaling group”.
We should have two instances running… and here they are.
Let’s make sure we can access the Apache servers!
Web tier is done. Now we can move on to the application tier.
Application Tier
This should be a lot quicker to set up for us given that we’re repeating the same process we did for the web tier for the most part but with a few differences.
On the EC2 dashboard, go back to Launch Templates → Create launch template. Let’s name the template and add a description. Be sure to check “Provide guidance” on the Auto scaling guidance section, click on quick start and choose the same free tier OS you used for the web tier- in my case, Amazon Linux.
Use the same free tier instance type as the web tier- I went with t2.micro, and select the key pair we made for this project. Next, network settings → create security group. Name it and add a description, then select the VPC you’ve been using for the project. Click “Add security group role”.
Select ssh for type, and select the security group we made for this project as the source(web sg). Add a 2nd security group rule and select “All ICMP-IPv4” for the type, and 0.0.0.0/0 as the source. Leave everything else in default and click “Create launch template”.
Let’s set up the auto scaling group for it.
Select the template → Actions → create auto scaling group.
We’re going to go with No load balancer for the app tier and click “Next”.
The Group size will be the same as the web tier- Desired and Minimum capacity will be 2 and maximum capacity will be 4. Click “Next”.
Skip the next few screens until you get to the review and click “Create auto scaling group”.
It was successfully created but let’s also check to see of the instances are up and running.
Yes they are!
Confirm connectivity from the Web Tier
Our application servers are up and running. Let’s verify connectivity by pinging the application server from one of the web servers.
It’s working!
type in ctrl C to stop the ping.
Database Tier
Search for RDS on the AWS console and click “Create database”.
Select free tier for the templates and name the database. You can keep admin for the master username but be prepared to make a master password.
For Instance configuration let’s make sure burstable classes is checked and then skip to the connectivity section to select the VPC for the project. Click “Create new” for VPC security group and name it. Leave everything else at default as you scroll down and click “Create database” at the bottom.
It will take a few minutes.
Go the VPC dashboard in the AWS console and click on security groups. Select the security group for the database tier, click “Actions”, and select “Edit inbound rules”.
Delete the security group rule, click “Add rule”, select MySQL/Aurora for the Type, and select the database security group for the Source. Click “Save rules”.
- Be sure to delete or stop instances, nat gateways, and other services we created so you don’t get any surprise charges.
thank you for reading!!!!