AWS Three-Tier Architecture - Part 2
📌 Table of Contents
🛠 Networking and Security
🌐 VPC Creation
- Open the VPC dashboard in the AWS console.
- Click on Your VPCs from the left sidebar.
- Select VPC only and enter:
- A Name tag.
- A CIDR range (Ensure it supports at least 6 subnets).
- Click Create VPC.
📌 Note: Stay consistent with the AWS region for all resources.
🏗️ Subnet Creation
- Navigate to Subnets in the VPC dashboard.
- Click Create Subnet.
Select VPC
- Create six subnets across two Availability Zones:
- Three subnets in AZ-1.
- Three subnets in AZ-2.
- Assign each subnet a Name, Availability Zone, and CIDR range.
📌 Tip: Use a naming convention like:
Public-Web-Subnet-AZ-1Private-App-Subnet-AZ-1Private-DB-Subnet-AZ-1
Note: Each subnet’s CIDR range should be a subset of your VPC CIDR.
🌍 Internet Connectivity
🚀 Internet Gateway (IGW)
- Go to Internet Gateways in the VPC dashboard.
- Click Create Internet Gateway, give it a name, and confirm.
- Attach it to your VPC by selecting the correct VPC and clicking Attach Internet Gateway.
📡 NAT Gateway
To allow private instances to access the internet:
- Go to NAT Gateways in the VPC dashboard.
- Click Create NAT Gateway and:
- Enter a Name.
- Select one of your public subnets.
- Allocate an Elastic IP.
- Click Create NAT Gateway.
- Repeat for the other public subnet to ensure high availability.
🚦 Routing Configuration
- Go to Route Tables in the VPC dashboard.
- Click Create Route Table and enter a name.
- After creation:
- Go to Routes tab → Click Edit routes.
- Add a route for all external traffic (0.0.0.0/0) to the Internet Gateway.
- Save changes.
- Go to Subnet Associations:
- Edit and associate the two public subnets.
For Private Subnets:
- Create two more route tables (one per availability zone).
- Route external traffic (0.0.0.0/0) to NAT Gateway.
- Associate with the app-layer private subnets.
Private Route table az1
private route table az2
🔒 Security Groups
Security Groups control inbound and outbound traffic.
1️⃣ Public Load Balancer Security Group
- Allows HTTP (port 80) traffic from your IP.
2️⃣ Web Tier Security Group
- Allows HTTP (port 80) traffic from the public load balancer.
- Allows your IP to access the instances.
3️⃣ Internal Load Balancer Security Group
- Allows HTTP (port 80) traffic from the web-tier security group.
4️⃣ Private Instances Security Group
- Allows TCP (port 4000) traffic from the internal load balancer.
- Allows your IP for testing.
5️⃣ Database Security Group
- Allows MySQL/Aurora (port 3306) traffic from the private instance security group.
✅ Conclusion
You have now successfully set up the networking and security configurations for your AWS Three-Tier Architecture.
In Part 3, we will proceed with further configurations and deployments.
🔗 Continue to Part 3: AWS Three-Tier Architecture (Part 3)
Create VPC
Create Subnet
For Avalability Zone-1
Create-public-Subnet-az1
private-subnet1-az1
private-subnet2-db-az1
For Availability Zone-2
public-subnet-az2
private-subnet1-az2
private-subnet2-db-az2
All the subnets are created Successfully.
Create Internet Gateway
Attach to VPC
Create NAT gateway
For Az 1
For Az 2
*Configure Routing *
Create public Route Table
Edit Routes
Edit Subnet Associations
Add Public Subnets
Create private Route Table for az1
Edit Routes
Edit Subnet Associations
Create private route table for Az2
Edit Routes
Edit Subnet Associations
Create Security Group
INternet Facing lb sg
Web Tier SG
Internal lb SG
Private Instance SG
Database SG
Top comments (0)