DEV Community

Dharshinisri G
Dharshinisri G

Posted on • Edited on

3-Tier Architecture (Part-2)

AWS Three-Tier Architecture - Part 2

πŸ“Œ Table of Contents


πŸ›  Networking and Security

🌐 VPC Creation

  1. Open the VPC dashboard in the AWS console.
  2. Click on Your VPCs from the left sidebar.

Image description

  1. Select VPC only and enter:
    • A Name tag.
    • A CIDR range (Ensure it supports at least 6 subnets).

Image description

  1. Click Create VPC.

Image description

πŸ“Œ Note: Stay consistent with the AWS region for all resources.


πŸ—οΈ Subnet Creation

  1. Navigate to Subnets in the VPC dashboard.
  2. Click Create Subnet.

Image description
Select VPC

Image description

  1. Create six subnets across two Availability Zones:
    • Three subnets in AZ-1.

Image description

Image description

Image description

  • Three subnets in AZ-2.

Image description

Image description

Image description

  1. Assign each subnet a Name, Availability Zone, and CIDR range.

πŸ“Œ Tip: Use a naming convention like:

  • Public-Web-Subnet-AZ-1
  • Private-App-Subnet-AZ-1
  • Private-DB-Subnet-AZ-1

Image description

Note: Each subnet’s CIDR range should be a subset of your VPC CIDR.


🌍 Internet Connectivity

πŸš€ Internet Gateway (IGW)

  1. Go to Internet Gateways in the VPC dashboard.
  2. Click Create Internet Gateway, give it a name, and confirm.

Image description

Image description

  1. Attach it to your VPC by selecting the correct VPC and clicking Attach Internet Gateway.

Image description

Image description


πŸ“‘ NAT Gateway

To allow private instances to access the internet:

  1. Go to NAT Gateways in the VPC dashboard.

Image description

  1. Click Create NAT Gateway and:
    • Enter a Name.
    • Select one of your public subnets.
    • Allocate an Elastic IP.

Image description

  1. Click Create NAT Gateway.

Image description

  1. Repeat for the other public subnet to ensure high availability.

Image description


🚦 Routing Configuration

  1. Go to Route Tables in the VPC dashboard.

Image description

  1. Click Create Route Table and enter a name.

Image description

  1. After creation:
    • Go to Routes tab β†’ Click Edit routes.

Image description

  • Add a route for all external traffic (0.0.0.0/0) to the Internet Gateway.

Image description

  • Save changes.
    1. Go to Subnet Associations:
  • Edit and associate the two public subnets.

Image description

Image description

For Private Subnets:

  • Create two more route tables (one per availability zone).
  • Route external traffic (0.0.0.0/0) to NAT Gateway.
  • Associate with the app-layer private subnets. Private Route table az1 Image description

Image description

Image description

private route table az2

Image description

Image description

Image description


πŸ”’ Security Groups

Security Groups control inbound and outbound traffic.

Image description

1️⃣ Public Load Balancer Security Group

  • Allows HTTP (port 80) traffic from your IP.

Image description

Image description

2️⃣ Web Tier Security Group

  • Allows HTTP (port 80) traffic from the public load balancer.
  • Allows your IP to access the instances.

Image description

Image description

3️⃣ Internal Load Balancer Security Group

  • Allows HTTP (port 80) traffic from the web-tier security group.

Image description

Image description

4️⃣ Private Instances Security Group

  • Allows TCP (port 4000) traffic from the internal load balancer.
  • Allows your IP for testing.

Image description

Image description

5️⃣ Database Security Group

  • Allows MySQL/Aurora (port 3306) traffic from the private instance security group.

Image description

Image description


βœ… Conclusion

You have now successfully set up the networking and security configurations for your AWS Three-Tier Architecture.

In Part 3, we will proceed with further configurations and deployments.

πŸ”— Continue to Part 3: AWS Three-Tier Architecture (Part 3)


Create VPC
Image description
Image description
Create Subnet

Image description
For Avalability Zone-1
Create-public-Subnet-az1

Image description

private-subnet1-az1

Image description

private-subnet2-db-az1

Image description
For Availability Zone-2
public-subnet-az2

Image description

private-subnet1-az2

Image description

private-subnet2-db-az2
Image description

All the subnets are created Successfully.

Create Internet Gateway

Image description

Attach to VPC

Image description

Image description

Create NAT gateway
For Az 1

Image description
For Az 2

Image description

*Configure Routing *

Create public Route Table

Image description

Edit Routes
Image description
Image description

Edit Subnet Associations
Image description

Add Public Subnets
Image description

Create private Route Table for az1

Image description
Edit Routes

Image description
Edit Subnet Associations

Image description

Create private route table for Az2
Image description
Edit Routes

Image description

Edit Subnet Associations
Image description

Create Security Group

INternet Facing lb sg

Image description

Web Tier SG

Image description

Internal lb SG

Image description

Private Instance SG

Image description

Database SG

Image description

Top comments (0)