3-Tier Architecture (Part-2)

AWS Three-Tier Architecture - Part 2

📌 Table of Contents

• Networking and Security
  • VPC Creation
  • Subnet Creation
  • Internet Connectivity
  • NAT Gateway
  • Routing Configuration
  • Security Groups
• ✅ Conclusion

---

🛠 Networking and Security

🌐 VPC Creation

1. Open the VPC dashboard in the AWS console.
2. Click on Your VPCs from the left sidebar.

1. Select VPC only and enter:
   • A Name tag.
   • A CIDR range (Ensure it supports at least 6 subnets).

1. Click Create VPC.

📌 Note: Stay consistent with the AWS region for all resources.

---

🏗️ Subnet Creation

1. Navigate to Subnets in the VPC dashboard.
2. Click Create Subnet.

Select VPC

1. Create six subnets across two Availability Zones:
   • Three subnets in AZ-1.

• Three subnets in AZ-2.

1. Assign each subnet a Name, Availability Zone, and CIDR range.

📌 Tip: Use a naming convention like:

• Public-Web-Subnet-AZ-1
• Private-App-Subnet-AZ-1
• Private-DB-Subnet-AZ-1

Note: Each subnet’s CIDR range should be a subset of your VPC CIDR.

---

🌍 Internet Connectivity

🚀 Internet Gateway (IGW)

1. Go to Internet Gateways in the VPC dashboard.
2. Click Create Internet Gateway, give it a name, and confirm.

1. Attach it to your VPC by selecting the correct VPC and clicking Attach Internet Gateway.

---

📡 NAT Gateway

To allow private instances to access the internet:

1. Go to NAT Gateways in the VPC dashboard.

1. Click Create NAT Gateway and:
   • Enter a Name.
   • Select one of your public subnets.
   • Allocate an Elastic IP.

1. Click Create NAT Gateway.

1. Repeat for the other public subnet to ensure high availability.

---

🚦 Routing Configuration

1. Go to Route Tables in the VPC dashboard.

1. Click Create Route Table and enter a name.

1. After creation:
   • Go to Routes tab → Click Edit routes.

• Add a route for all external traffic (0.0.0.0/0) to the Internet Gateway.

• Save changes.
  1. Go to Subnet Associations:
• Edit and associate the two public subnets.

For Private Subnets:

• Create two more route tables (one per availability zone).
• Route external traffic (0.0.0.0/0) to NAT Gateway.
• Associate with the app-layer private subnets. Private Route table az1

private route table az2

---

🔒 Security Groups

Security Groups control inbound and outbound traffic.

1️⃣ Public Load Balancer Security Group

• Allows HTTP (port 80) traffic from your IP.

2️⃣ Web Tier Security Group

• Allows HTTP (port 80) traffic from the public load balancer.
• Allows your IP to access the instances.

3️⃣ Internal Load Balancer Security Group

• Allows HTTP (port 80) traffic from the web-tier security group.

4️⃣ Private Instances Security Group

• Allows TCP (port 4000) traffic from the internal load balancer.
• Allows your IP for testing.

5️⃣ Database Security Group

• Allows MySQL/Aurora (port 3306) traffic from the private instance security group.

---

✅ Conclusion

You have now successfully set up the networking and security configurations for your AWS Three-Tier Architecture.

In Part 3, we will proceed with further configurations and deployments.

🔗 Continue to Part 3: AWS Three-Tier Architecture (Part 3)

---

Create VPC


Create Subnet

For Avalability Zone-1
Create-public-Subnet-az1

private-subnet1-az1

private-subnet2-db-az1

For Availability Zone-2
public-subnet-az2

private-subnet1-az2

private-subnet2-db-az2

All the subnets are created Successfully.

Create Internet Gateway

Attach to VPC

Create NAT gateway
For Az 1

For Az 2

*Configure Routing *

Create public Route Table

Edit Routes

Edit Subnet Associations

Add Public Subnets

Create private Route Table for az1

Edit Routes

Edit Subnet Associations

Create private route table for Az2

Edit Routes

Edit Subnet Associations

Create Security Group

INternet Facing lb sg

Web Tier SG

Internal lb SG

Private Instance SG

Database SG