3 Tier Web Application in AWS

What is 3 tier Architecture?
Three tier architecture is a client server architecture pattern, that separates Application into 3 interconnected layers or tiers.

Presentation or Web Tier:
This is the topmost level of the application responsible for displaying the user interface and handling user interactions. It provides a graphical or web-based interface through which users can interact with the application.

Application Tier:
This middle layer contains the core functionality of the application, processing the business logic, making logical decisions, and performing computations. It acts as a bridge between the presentation tier and the data tier.

Data Tier:
The bottommost layer is responsible for data storage and management. It handles database operations such as querying, updating, and storing data.

Lets start implementing:
Task 1. Create VPC

Task 2. Create Subnets

Task 3. Setting up Internet GW: Create an Internet Gateway and attach it to your VPC.

Task 4. Create NAT GW:

1. Create a NAT Gateway in the public subnet with an Elastic IP.
2. Create a route in the private subnet route table to direct internet traffic to the NAT Gateway.

Task 5.Create Route Tables :

Public Route Table

1. Create a route table for the public subnet.
2. Add a route for 0.0.0.0/0 pointing to the Internet Gateway.

Private Route Table

1. Create a route table for the private subnet.
2. Add a route for 0.0.0.0/0 pointing to the NAT Gateway.

Task 6. Configure Launch Templates: 6.1. Create a Launch Template for the web tier EC2 instances, with User Data script.

6.2. Create a Launch Template for the application tier EC2 instances.

Task 7. Auto scaling groups:

1. Create an Auto Scaling Group for the web tier using the web tier Launch Template and specify the public subnet.
2. Create an Auto Scaling Group for the application tier using the application tier Launch Template and specify the private subnet.

Task 8. Database Tier:

1. Create an RDS instance in the database subnet.
2. Configure the RDS instance to use the Database Security Group.

Task 9. Testing the setup

Architecture Diagram of above implementation:

Task 1. Creating VPC:

Login to AWS Management Console, in the search bar type VPC, once the page is open click on Create VPC
Select VPC only
Give a name of your choice
IPv4 CIDR as 10.0.0.0/16

. Click on Create VPC

Task 2. Create a Subnet

Click on Create Subnet
Select VPC Id as 3TierApp
Note : Here we will create 6 Subnets 2 Subnets for Web Tier, 2 Private Subnets for Application Tier and 2 Private subnets for Database Tier

Give the name of Subnet of your choice “webtier1-public”
IPv4 Subnet CIDR Block “10.0.32.0/24”
Enable Auto-assign IP settings
Click on Create Subnet

Note : Similarly create 5 new subnets
2nd Subnet with name “webtier2-public”, IPv4 subnet CIDR Block “10.0.0.0/24”, Enable Auto-assign IP settings

3rd Subnet with name “applicationtier1-private”, IPv4 subnet CIDR Block “10.0.160.0/24”

4th Subnet with name “applicationtier2-private” and IPv4 subnet CIDR Block “10.0.128.0/24”

5th Subnet with name “databasetier1-private” IPv4 subnet CIDR Block “10.0.96.0/24”

6th Subnet with name “databasetier2-private” IPv4 subnet CIDR Block “10.0.64.0/24” , select different AZ as us-east-1a

All the subnets are successfully created

Task 3. Setting up Internet GW

Go to Internet Gateway from left Navigation Panel and click on click Internet GW
Give the name of your choice “igw-3tierapplication”
Click on Create Internet GW

Attach the newly created IGW to VPC

Click on Attach internet gateway

Task 4. Create NAT GW

From the left nagivation panel click on NAT gateways
Give the name for Nat Gateway “nat-3tierapp”
Select Subnet as which is connected to Internet GW, in our case we have associated webtier1-public to Internet GW so we will select “webtier1-public”

Note : In order to create NAT GW you need to Allocate Elastic IP address and use the Elastic IP address while creating NAT GW

Task 5.Create Route Tables

Lets create 2 route tables one for public and another one for private

Go to Route Tables and click on Create route table
Give a name as “route-private”

Create another route table and give name as “route-public” and select 3tierApp VPC
Go to “route-public” and click on subnet association
Click on Edit subnet association
Select “webtier1-public”and “webtier2-public” and click on Save association.

Go to Routes
Click on Edit Routes
Add new route, Destination as 0.0.0.0/0 and Target Select Igw, click on Save changes

Select other route table which is “route-private”
Click on Subnet associations
Select the two application subnets which we have created and click on Save associations

• Click on edit routes and add NAT GW as Target and select 0.0.0.0/0 as destination

Task 6. Configure Launch Templates

Go to EC2 and in the left navigation panel click on Launch Templates
Click on Create Launch Template, give any name of your choice
Check the box for Auto Scaling Guidance

Select the Amazon Linux 2023 AMI

Select instance type as “t2.micro”
Create new key pair
In Network Settings, Create new SG and give name as “webtierSG”
Give some description
And select the 3tier VPC
Inbound rules ssh and http from anywhere

Scroll to the bottom and click on Advanced Settings
Go to user data and paste the below script
#!/bin/bash
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo "<html><body><h1>Tech Universe with Asma, Demo for 3Tier Application</h1></body></html>" > /var/www/html/index.html

Click on Create Launch Template
6.2 Create another Launch Template for Application
Give name of your choice

Select AMI as Amazon Linux 2023
Instance type as t2.micro
Select the keypair which is created earlier
Create new security group
Create inbound rules for ssh, http and mysql connectivity
For SSH we need to give the source as “webtierSG”, it means that webtier machine is only allowed to access the application tier

Click on Launch template

Task 7. Auto scaling groups

Click on Auto scaling groups and click on create auto scaling group

Give a name of your choice
Select the Launch template which is created in previous step

Click on Next and in Network, Select 3tierVPC
Select both the webtier-public subnets, click on Next

Select desired capacity type as 1,

Give tag as Name and WebTierMachine

Review everything and click on Create AutoScaling Group

One of the instance gets created go and check the details
Go to tags and check that instance is created because of Auto Scaling group

Copy the public IP of WebTier and paste in browser , if you are able to see the below page, Web Tier is correctly setup.

7.2 Create Auto Scaling group for Application Tier

Create Auto Scaling group
Give the name of your choice
Select Launch template as “application-3tierapp”
Select VPC as 3tierVPC
Availability Zones select “applicationtier1-private and application2-private”

Keep everything as it is.

Click on Create AutoScaling group

Go to EC2 Instance and Click on Instances and see if the new instance is launched because of newly created application tier autoscaling group

Task 8. Database Tier

In the search bar search “RDS”
Click on “Create Database”
Select Standard Create and select “MySql”

Select Free tier

Scroll down and give the password

Instance configuration “db.t3.micro”

Uncheck Storage autoscaling

Connectivity choose 3TierApp VPC

Create new DB Subnet Group and new security group

Click on Create Database
Database is created successfully

Go to EC2 Instance and Click on Application Machine and click on Security Group, Open Security Group and click on Edit Inbound Rules

Click on Inbound rules, edit Mysql inbound rule and in source type database security group

Now SSH into the Web Tier Machine from my laptop

once connected, type the below command and it confirms that web tier is running correctly.

curl http://localhost

Now try to connect the application tier from the Web tier.
Select the application machine and you will see there is no public ip, copy the private IP and ping the IP from Webtier machine

There would be no response from Application Machine, there has to be icmp enabled for ping command to work correctly.
Now you have to add the private key to EC2 instance, for this you need to copy the content of private key from your personal laptop to the webtier machine.

Now we are able to connect Webtier Machine to Application Tier.

Lets connect Database from Application Machine.

First we need to install mysql on the Application machine, type the below command

sudo yum install mysql -y
mysql will get installed on application machine, but it does not have internet connectivity but NAT GW is attached to the instance.

Copy the endpoint of Database
database-1.cyrewq2xhdxm.us-east-1.rds.amazonaws.com

Initiate your DB connection with database endpoint. In the following command, replace the RDS endpoint and the username, and then execute it in the browser terminal:
mysql -h database-1.cyrewq2xhdxm.us-east-1.rds.amazonaws.com -P 3306 -u admin -p password
You will then be prompted to type in your password. Once you input the password and hit enter, you should now be connected to your database.

NOTE: If you cannot reach your database, check your credentials and security groups.

Create a database , insert data with the help of SQL commands using the MySQL CLI.
Thats awesome , We successfully connected to our database from our application server.

We’ve successfully created a highly available, 3-tier application architecture.

Benefits of using 3 Tier Architeture on AWS:
Using a three-tier architecture on AWS provides several benefits, particularly when aligned with the AWS Well-Architected Framework. Here are some key advantages:

Scalability:
Auto Scaling: Each tier (web, application, and database) can be scaled independently based on demand, allowing efficient resource utilization and cost management.

1. High Availability and Fault Tolerance:

Multi-AZ Deployments: Services like RDS can be configured for Multi-AZ deployments, providing automatic failover to a standby instance in case of an outage.

1. Security:

Network Segmentation: Using VPCs and subnets to isolate different tiers enhances security by limiting access to sensitive components like databases.
Security Groups and NACLs: Fine-grained control over inbound and outbound traffic at the instance and subnet level.

1. Manageability:

Separation of Concerns: Dividing the architecture into three tiers (web, application, and data) simplifies management, updates, and troubleshooting.
Infrastructure as Code (IaC): Services like AWS CloudFormation and AWS CDK allow you to define and deploy infrastructure consistently and repeatably.

1. Cost Optimization:

Right-Sizing: Each tier can be sized independently based on its specific resource requirements, preventing over-provisioning.
Reserved Instances and Savings Plans: Cost savings on long-term commitments for predictable workloads.

1. Performance Efficiency:

Auto Scaling: Automatically adjusts capacity to maintain steady and predictable performance.

1. Service Integration: Easily integrates with other AWS services (e.g., S3 for storage, SNS for messaging) to extend functionality and support different use cases.

Environment Isolation: Development, staging, and production environments can be easily separated within the same architecture.
By leveraging these benefits, a three-tier architecture on AWS, following the Well-Architected Framework principles, ensures robust, efficient, and scalable application deployments.
Remember to delete your resources (ASG, VPC, Subnets, DB, NAT Gateway) and release all elastic IPs, so you don’t continue to get charged!
Thank you!
Appreciate your time reading! If you found value in this article, a round of applause (👏) would be fantastic to help others discover it. Feel free to share your insights and comments below, I’m eager to hear your thoughts!