*****Here is the 3 tire archietecture diagram*
Components
Internet Gateway (Iaas): Enables the VPC to communicate with the internet, facilitating public access to resources in the Web Tier.
Elastic Load Balancer (ELB) (Iaas): Distributes incoming traffic across multiple EC2 instances in the Web Tier for fault tolerance and scalability.
Web Tier (Amazon EC2 - Public Subnet): Hosts web servers accessible over the internet, providing the first layer for user interaction.
App Tier (Amazon EC2 - Private Subnet): Runs the business logic and processes data securely, isolated from direct internet access.
Database Tier (Amazon Aurora Primary DB - Private Subnet): Manages the primary relational database in a secure environment, handling read/write operations.
Aurora Read Replica - Private Subnet: Provides read-only replicas to offload traffic from the primary database, ensuring high availability.
AZ1 & AZ2: Represent Availability Zones for high availability and redundancy across isolated data centers.
VPC (Virtual Private Cloud): Isolates and organizes the resources into subnets for security and control.
Public Subnet: Subnet exposed to the internet, hosting resources like web servers that need public access.
Private Subnet: Subnet restricted from internet access, used for resources like app servers and databases for enhanced security.
Part-1:
Step1: Create a S3 bucket
go to github and download the aws 3 tire archietecture zip file
Step2: Create IAM Role
Attach the following policies
AmazonS3ReadOnlyAccess
AmazonSSMManagedInstanceCore
Part-2
Step3: Create a new VPC
Step 4: Create Subnets
You have to create 6 subnets in total.. 2 public subnets for 2 AZs and 2 private subnets 2 AZs and 2 DB subnets for 2 AZs
each with 10.0.0.0/24 , 10.0.1.0/24 , 10.0.2.0/24 ,...10.0.5.0/24
Step 5: Create a Internet Gateway
In order to give internet access to Public subnets Create internet gateway and attach the created VPC to the internet gateway
Step 6: Create 2 NAT gateway for each availability zones
In order to provide our instances in app layer private subnet to access the internet, Create a NAT gateway
Step 7: Create separate route table for Public subnets, and 2 Private subnets in each availability zones and connect it to the internet gateway
Step 8: After connecting the internet gateway with the route table for the AZs1 then connect the public subnet with the route table.
After completing this create the same for private subnet..
Step 9: Go to security groups and create 5 security groups
SG1: create this for the public, internet facing load balancer.(HTTP, MyIP)
SG2: create this for the public instances(web tier) in the web tier. (HTTP, Internet facing load balancer)
SG3: Create this for internal load balancer.(HTTP,web tier)
SG4: Configure this for the private instances (TCP-port 4000 MyIP , Internal load balancer)
SG5: Configure this for private database table (MYSQL / Aurora
Step 10: Create DataBase
Go to RDS -> Create DB Subnet group with the VPC we have created -> select the chosen Subnet and the AZs -> Create DB Subnet
Now navigate to create database and select the following options
- Standard Create
- Amazon MySQL Compatible
- Dev/Test
- Credentials - self managed
- Aurora Standard
- db.t3.medium
- Select the Vpc
- Select DBSG from existing security group
Now Select Create Database
After creating the Database Select view credentials in the pop up and copy the username, password and endpoint in the notepad
Part 4
Create an EC2 instance
Connect -> Session manager -> Connect
A page like this will be shown
Run the following command in the connected session
sudo -su ec2-user
ping 8.8.8.8
sudo yum install mysql -y
mysql -h CHANGE-TO-YOUR-RDS-ENDPOINT -u CHANGE-TO-USER-NAME -p
CREATE DATABASE webappdb;
SHOW DATABASES;
USE webappdb;
CREATE TABLE IF NOT EXISTS transactions(id INT NOT NULL
AUTO_INCREMENT, amount DECIMAL(10,2), description
VARCHAR(100), PRIMARY KEY(id));
SHOW TABLES;
INSERT INTO transactions (amount,description) VALUES ('400','groceries');
SELECT * FROM transactions;
Then terminate mysql by "exit" command
DOWNLOAD THE ENTIRE CODE FROM THE GITHUB REPO AND UPLOAD THE FILES INTO YOUR S3 BUCKET AND CLICK UPLOAD
Again go back to your SSM Manager Session and run the following commands
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash
source ~/.bashrc
nvm install 16
nvm use 16
npm install -g pm2
cd ~/
aws s3 cp s3://BUCKET_NAME/app-tier/ app-tier --recursive
cd ~/app-tier
npm install
pm2 start index.js
pm2 list
pm2 logs
pm2 startup
pm2 save
curl http://localhost:4000/health
"This is the health check"
curl http://localhost:4000/transaction
{"result":[{"id":1,"amount":400,"description":"groceries"},{"id":2,"amount":100,"description":"class"},{"id":3,"amount":200,"description":"other groceries"},{"id":4,"amount":10,"description":"brownies"}]}
Part 5
Go to ec2 instance dash board in that select the web tier instance that we have created earlier now,
Click the instance
Actions
select images and templates
Create image
Create Target group for the same
Now go to the load balancer page and click create load balancer. This is a internal load balancer for 2 private subnets in 2 AZ
And create the launch template
Create Auto scaling group with maximum minimum and desires capacities as 2,2,2 respectively
Part - 6
Modify the nginx.conf file by replacing the placeholder [INTERNAL-LOADBALANCER-DNS] with your internal load balancer's DNS name.
DEV Community
Upload the updated nginx.conf and the web-tier folder to your designated S3 bucket.
Now launch a new instance and go to the session manager of the particular ec2 instance
execute the following commands
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash
source ~/.bashrc
nvm install 16
nvm use 16
cd ~/
aws s3 cp s3://BUCKET_NAME/web-tier/ web-tier --recursive
cd ~/web-tier
npm install
npm run build
sudo amazon-linux-extras install nginx1 -y
cd /etc/nginx
sudo rm nginx.conf
sudo aws s3 cp s3://BUCKET_NAME/nginx.conf .
sudo service nginx restart
chmod -R 755 /home/ec2-user
sudo chkconfig nginx on
Part 7
After configuring your web tier instance:
Go to EC2 Dashboard → Instances.
Select your web instance → Actions → Image → Create Image.
Give it a name and description.
Click Create Image.
Go to Target Groups → Click Create target group.
Choose Target type: Instances.
Name your group (e.g., web-tier-tg).
Protocol: HTTP, Port: 80, VPC: Your VPC.
Health check path: /health or / depending on your app.
Skip registering targets for now.
Click Create.
Navigate to Load Balancers → Create Application Load Balancer.
Name: web-tier-lb.
Scheme: internet-facing.
Listener: HTTP (port 80).
Select VPC and public subnets.
Attach a security group that allows inbound HTTP (port 80).
Under Target group, choose the one you created in step 2.
Review and Create.
Go to Launch Templates → Click Create launch template.
Name: web-tier-template.
AMI ID: Choose the one created in Step 1.
Instance type: t2.micro (or your preferred).
Attach key pair, IAM role, and correct security group.
Go to Auto Scaling Groups → Create Auto Scaling group.
Use the launch template from step 4.
Name: web-tier-asg.
VPC: Select your VPC and public subnets.
Attach it to the target group from step 2.
Configure scaling policies:
Desired: 2
Min: 1
Max: 3
Skip notifications for now and Create.
Hit the DNS name of the load balancer. You will be able to see the output as follows
Top comments (0)