How to build 3 -tier architecture in AWS
What is a 3 Tier Architecture
A 3-tier architecture consists of a presentation tier, an application tier, and a data tier. The presentation tier houses the user interface, such as the website that a user or client navigates to. It can also be thought of as the “front end.” The application tier is where data is processed and is often called the “back end.” The data tier is where data is stored and managed.
The 3-tier architecture is one of the most popular application architectures, where an application is split into three logical/physical tiers. These three tiers include:
The Presentation Tier : This is the user interface that allows people to interact with the application. It is typically designed for use on a personal computer or mobile device and is built using HTML, CSS, and JavaScript.
The Application Tier: This is the logic tier that sits between the presentation tier and the database tier and is responsible for communicating between the two. Information/request gathered through the web tier is processed in detail here. It also interacts with the database where data is stored. This tier is developed using languages like Python, Java, PHP, etc.
The Database Tier: This is the component that stores and processes data and is typically built using a database management system.
You can observe the 3 tiers of the application arch
The 3-tier architecture offers great benefits to organizations when building application infrastructures. These benefits include:
Benefits of a 3 Tier Architecture
Increase Scalability: A 3-tier architecture allows an organization to scale each tier independently, depending on the workload. This is particularly useful for organizations with fluctuating or unpredictable workloads.
Increase Reliability: By separating the different tiers of the application into separate servers, an organization can improve the reliability of the overall system. If one tier experiences an issue, the other tiers can continue to function, reducing downtime.
Increase Security: A 3-tier architecture can also improve security by separating the different parts of the application onto different servers. This can help to reduce the risk of a security breach or data leak.
Increase Cost efficiency: A 3-tier architecture can be more cost efficient than a single monolithic application because the organization can choose to use less expensive resources for certain tiers and only allocate more expensive resources to the tiers that require them.
Prerequisites
· AWS account
· Access to Command line Interface (CLI)
Use Case
You are a Cloud Engineer for REX TECH organization and have been asked to design and create a highly available 3-tier architecture for the company’s new web application. The web server, handles incoming requests from customers. The application server, will processes the requests and retrieve data from the database and the database server, will store all of the product and customer information
WEB TIER:
Step 1: Creating Your VPC and More
Start with navigating to your VPC console and select “Create VPC”. From here we will select “VPC and More”, this is where we will be able to also create the subnets for each of our tiers. We will start with giving our VPC a name.
Next, we are setting up the subnets for each our tiers. The two public subnets will be dedicated to the web tier. The four private subnets will be dedicated to the application tier and database tiers. In this section, we will also place a NAT gateway in one of our availability zones. Note that NAT Gateways come with a cost, so be mindful to delete when the project is completed.
Navigating to “Customize subnets CIDR block” we want to make note of our CIDR blocks and their corresponding AZs for future parts of this tutorial.
Now that we have everything, we will select “Create VPC”. Below you see the success screen for this process.
Step 2: Creating Your Web Tier Launch Template
Navigate to the EC2 console and selected “Launch template” and “Create Launch Template”. We will start with naming our template, of course. This gives an identifier for the template we will attach to our auto scaling group we will be creating in the next step.
We will then want to select our OS and the instance type. I selected the Amazon Linux and a free tier instance type (Tier 2 micro). After we’ve made our selections, you will either create a Key Pair or select from one you’ve previously created, I selected one from a previous project.
In Network settings, we’re going to select “Create New Security Group”. This is where we will give access to the internet based on the configurations we select. To start we will name our security group and attach the VPC we just created in Step 1.
Next, we will add our “Inbound Security Group Rules”. Setting up these configurations will give us the ability to view our site over the internet. For demonstration purposes I selected the “source type” as anywhere. It is best practice to not use this, as it gives anyone access. Now in “Advanced network configuration” we will want to enable “Auto-assign public IP”.
In Advanced Details, leaving everything with the default settings, we will enter our code into “User Data” and select launch template.
Step 3: Create Auto Scaling Group
Back to the EC2 console from the left column we will select Auto Scaling Group and select “Create Auto Scaling Group”. To start we need to name our Auto Scaling Group and attach the template we just created. This will attach the configurations that we created in the template to the instance(s) that will generate as a result.
Our next step will be attaching the VPC and the two subnets created earlier in Network settings.
Next, we will select “Attach New Load Balancer” and select “Application Load Balancer”. We will choose the “Internet Facing” option to allow us to access the internet. Under “Listeners and Routing” we will then select “Create a Target Group” and name it.
Setting up these configurations will give us the ability to view our site over the internet.
Now we are going to select our desired 2). In this same section we are able to choose our minimum (2) and maximum (5) capacity limits. The next option we’re choosing is Target Scaling policies, this gives you the ability to resize your Auto Scaling group to meet changes in demand.
Leaving the other steps as default we will be brought to a summery page that shows all of our selections. Once we have reviewed this, we will selection “Create Auto Scaling Group. Once our ASG is created we will navigate back to the EC2 console and choose one of the instances and copy the public IP and paste it in a web browser of your choosing for testing your site. Don’t be alarmed if the IP doesn’t work immediately. It takes a second for the instance to run.
Sucessfully ran website.
APPLICATION TIER:
Step 1: Creating Your Application Launch Template
Now that we have our web tier completed, we’re going to start on the application tier. This is where data is processed. To start we’re going to create the launch table for the application tier. The first part of this process is the same as the previous tier apart from renaming the template. We will continue to use the standard Amazon Linux OS and t2. micro instance type.
Now in Network settings this is where things are going to change. We will start with name our security group for the Application tier and attaching the VPC previously created. In the “Inbound security group rules” section we want to limit access for security. That Application tier is known as the “logic” tier, so we would not want just anyone to have access to its workings. We want to give access to SSH/HTTP/ICMP-IPv4. Giving access to ICMP allows us to ping the App Tier from the Web Tier. In each of our rules, we are going to want to attach the security group we created previously, by selecting “custom” in the “source type”.
Now that we everything is set up, we will select “create launch template”.
STEP 2: Create Application Tier Auto Scaling Group
Like with the web tier we will create our Application Tier auto Scaling Group. To start we will name our App Tier ASG (week9-asg-app) and attach the launch template from before and go along to the next step. In network settings, we are going to attach the VPC we created and attach two of the private subnets we previously created. In this step, it’s a good idea to notate the AZs and subnets you are going to use to distinguish them from the subnets you will use in a future step.
We are now at attaching our load balancer for the application tier. Here we are going to select internal instead of internet facing for security.
With capacity and group sizing we will keep the desired (2), minimum (2), and maximum (2) the same as before. Once completed we will create our Application Tier Auto Scaling group. Next navigate to the EC2 console where you will see 4 running instances.
STEP 3: Update Your Private Routing Table
Navigate to the VPC console and select Route Tables on the left side. You will see 8 subnets that are labeled by default from when we created the subnets earlier. Select one of the private subnets and navigate to Subnet association, select your other private subnet and save the association. Now in the “Explicit subnet association” for the subnet we selected you will two subnets shown.
DATABASE TIER:
Step 1: Creating a Database Subnet Group
We will start with navigating to the RDS console and select “Subnet Groups”. Now we are going to create our subnet group and of course we want to give our group a name and attach the VPC we have been working with.
Now we will start with associating our subnets to the AZs we are using. Be mindful not select the other two subnets that were used for the previous tier. If you need to reference back the subnets can be found in the VPC console. Once we have made our selections we will select “Create”.
Step 2 : Create MySql Database
So, we just created our subnet groups, now we are going to create our Database. We are going to choose Standard create. This allows us to set all of our configuration options, including for availability, security, backups and maintenance. The engine we will use for this project will be MySQL.
Under the filter section we have the option to select “Show a version that supports the multi-AZ Db cluster”, this is helpful when one of your instances fails you have two others you can use as a backup. For this project we will not be choosing this selection.
Now in templates, we are going to want to choose Free Tier, which is used to develop new applications, test existing applications, or gain hands-on experience with Amazon RDS. Since we are in Free Tier the options in Availability and Durability are greyed out and we don’t need them for what we are doing.
In the setting section we are going to want to name our “DB Instance Identifier” and input a password. Keep this password for future reference.
Under “Instance Configurations” we are going to choose our instance type (db. t.2 micro). The “Burstable classes” are chosen for us.
There are a lot of selections to choose from in the “Connectivity” section. To start we will choose “Don’t connect to EC2 compute resource” because this is not internet facing. Next, we will choose the IPV4 option in network type for this instance to communicate over the IPV4 ruling we created previously.
Now we will select the VPC for the project and attach the subnet group for this DB we just created. We are going to select “No” for public access since this is for the company’s website.
Next, we will create a new security group for the data tier, where we are going to attach our availability zone.
In Database authentication, select Password Authentication. You will utilize the password you set up before. When this is complete select Create Database.
Step 3: Updating Inbound Rules
In the network section in “Create Database” we were not able to allow inbound rules, but we are going to want to allow access to MySQL. We want update that by navigating to Security Groups in the VPC console and select our data tier Security Group. Here we will see a rule already there (MYSQL/Aurora Port Range 3306).
Now are going to want to delete the previous rule that was defaulted and create a new rule that consists of Type: MYSQL/ Aurora and our source will be the security group we created for the security group in our database and select Save .
Step 4: Update Data Route Tables
In Route Tables on the left side select one of the private subnets and navigate to Subnet association, select your other private subnet and save the association. Now in the “Explicit subnet association” you will see the two subnets shown.
Now that we see our route tables successfully associated, we have made it to the end of the data tier!
TESTING OUR CONNECTION
1. Navigating to the one of EC2 instances copy the Public IP and input that into a browser and test. We have a working website!
2. To Test our Private IP- SSH into our EC2 instance and ping our private IP. We’ve made it when we get the continuous pings, this is data passing through. To stop this process, you would enter Ctrl+C.
This project was definitely a challenge. I learned so much about the different tiers and even more about what AWS has to offer. A final reminder, some of the configurations come with a cost. Be sure to close your work.
Remember, don’t forget to delete all resources created and configured when you are done following the steps of this article. NAT Gateways, Elastic IPs, and ALBs do have a small cost. Please, ensure you delete them especially after following this article.
