DEV Community: 19Naveen

3Tier Web Application

19Naveen — Wed, 09 Apr 2025 16:55:07 +0000

AWS Three-Tier Web Architecture: Comprehensive Setup Guide

Architecture Overview

)

The three-tier web architecture is a proven design pattern that separates an application into three logical tiers:

Presentation Tier (Web Tier)
Application Tier (App Tier)
Data Tier (Database Tier)

Key Components

Virtual Private Cloud (VPC)
Subnets across multiple Availability Zones
Internet Gateway
NAT Gateway
Security Groups
Elastic Load Balancers
EC2 Instances
RDS Database
S3 Bucket

1. Network Infrastructure Setup

1.1 VPC Configuration

Create a VPC with CIDR block (e.g., 10.0.0.0/16)
Enable DNS hostnames and support
Use VPC Wizard or AWS Console "VPC and more" feature

Subnet Strategy

Public Subnets (Web Tier):
- For internet-facing resources
- Typically in different Availability Zones
- Associated with Internet Gateway
Private Subnets (App and Database Tiers):
- For internal application and database resources
- Not directly accessible from the internet
- Routed through NAT Gateway

1.2 Internet and NAT Gateways

Create an Internet Gateway and attach to VPC
Create NAT Gateway in each public subnet
Configure route tables to direct traffic appropriately

1.3 Security Groups

Create distinct security groups for:

Web Tier EC2 Instances
Application Tier EC2 Instances
Load Balancers
RDS Database

Best Practices

Implement least privilege principle
Only open necessary ports
Restrict inbound and outbound traffic

Sample Web Security Group

1.4 Route Table

2. Compute Resources

2.1 EC2 Instances and Roles

Launch instances in private subnets
Use Amazon Linux 2 or Amazon Linux 2023
Create IAM roles for SSM and S3 access

Web Tier EC2

Hosts web server and frontend
Placed in public subnet behind load balancer

Application Tier EC2

Hosts backend application logic
Placed in private subnet
Communicates with database tier

3. Database Tier

3.1 RDS Configuration

Use Amazon Aurora MySQL
Multi-AZ deployment for high availability
Create subnet group across multiple AZs

Database Setup Steps

Create subnet group
Choose Dev/Test template
Configure database insights
Set up monitoring (optional)

3.2 Database Configuration

-- Create database
CREATE DATABASE webappdb;

-- Create transactions table
CREATE TABLE transactions (
    id INT NOT NULL AUTO_INCREMENT,
    amount DECIMAL(10,2),
    description VARCHAR(100),
    PRIMARY KEY(id)
);

-- Insert sample data
INSERT INTO transactions (amount, description) 
VALUES 
    (400, 'groceries'),
    (100, 'class'),
    (200, 'other groceries'),
    (10, 'brownies');

4. Storage and Code Deployment

4.1 S3 Bucket

Create S3 bucket for application code
Use versioning and encryption
Configure appropriate IAM policies

4.2 Code Deployment

# Clone repository
git clone https://github.com/Naveen3251/AWS_3Tier.git

# Update database configuration
# Edit app-tier/DbConfig.js with:
# - RDS endpoint
# - Database credentials
# - Database name (webappdb)

5. Application Setup

5.1 Node.js Configuration

# Install Node Version Manager (NVM)
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash

# Install Node.js
nvm install 16
nvm use 16

# Install PM2 process manager
npm install -g pm2

# Install application dependencies
npm install

# Start application
pm2 start index.js
pm2 startup
pm2 save

5.2 Verification Endpoints

Health Check: GET /health
Transactions: GET /transaction

6. Internal Load Balancing and Auto Scaling

Create Target Group:

Create Load Balancer:

Review

Launch Template:

Load Balancer:

Update Config File
Web Instance Deployment
Configure Web Instance

7. Monitoring and Maintenance

Enable AWS CloudWatch metrics
Set up alarms for resource utilization
Regularly update and patch instances
Implement backup strategies

Estimated Costs

Monitor resources using AWS Cost Explorer
Consider using AWS Budgets
Leverage AWS Free Tier for learning

AWS 101 Practice Workshop

19Naveen — Mon, 31 Mar 2025 14:05:01 +0000

`Architecture Diagram`

Build Website

Setup Networking (VPC)
Resource Security (SGs)
Access Management (IAM)
Deploy Compute (EC2)
Administer Web Server (SSM)
Load Balancing (ALB)
Storage (S3)
Scaling (ASG)
Test Web Server
Final Output

1. Setup Networking (VPC)

Navigate to the AWS Management Console and locate the VPC service.
Click Create VPC.
Select VPC and more. This will start the VPC wizard.
Create a private and public subnet in 2 Availability Zone Each subnet is connected to a route table, which determines how network traffic is routed. The public subnets are routed to an Internet Gateway
In the NAT gateways section, select 1 per AZ.
Review the Network

Click Create VPC

✅ Your VPC with public & private subnets is now ready! 🚀

2. Resource Security (SGs)

Browse to the Security Groups part of the Amazon EC2 service.
click Create security group to define a new custom security group for our resource
In the Inbound rules section click Add rule
1. Load Balancer --> HTTP TCP 80 Anywhere-IPv4 Allow HTTP inbound from Internet
2. EC2 --> HTTP TCP 80 Load Balancer Security Group Allow HTTP inbound from Load Balancer
Tags are metadata labels you can apply to AWS resources for organization and cost tracking. Create a new tag for the security group by clicking Add new tag. Enter Name for Key and LoadBalancerSecurityGroup for Value.
Finalize the creation by clicking Create security group

✅ Your Secuirty Group is Created... 🚀

3. Access Management (IAM)

Browse to the IAM service and click create Role.
Select AWS Service. Choose EC2 for the service or use case.
Select EC2 Role for AWS Systems Manager and click Next
Confirm that the AmazonSSMManagedInstanceCore policy and AmazonS3ReadOnlyAccess Policy has been added to the role and click Next

Name the role. Scroll to the bottom and click Create role

4. Deploy Compute (EC2)

Browse to the EC2 service.
Click Launch Instance.
Name the server and choose the created VPC, SG, add Role and paste the code then click create.

#!/bin/bash
yum update -y
# Install Session Manager agent
yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
systemctl enable amazon-ssm-agent
# Install and start the php web server
dnf install -y httpd wget php-json php
chkconfig httpd on
systemctl start httpd
systemctl enable httpd

# Install AWS SDK for PHP
wget https://docs.aws.amazon.com/aws-sdk-php/v3/download/aws.zip
unzip aws.zip -d /var/www/html/sdk
rm aws.zip

#Install the web pages for our lab
if [ ! -f /var/www/html/index.html ]; then
rm index.html
fi
cd /var/www/html
wget https://ws-assets-prod-iad-r-iad-ed304a55c2ca1aee.s3.us-east-1.amazonaws.com/2aa53d6e-6814-4705-ba90-04dfa93fc4a3/index.php

# Update existing packages
dnf update -y

5. Administer Web Server (SSM)

In the Amazon EC2 dashboard, select the web server instance. You'll notice it only has a private IP address, not a public one
Select the Session Manager tab in ec2 instance and click Connect.
run the following commands:

echo -n 'Private IPv4 Address: ' && ifconfig enX0 | grep -i mask | awk '{print $2}'| cut -f2 -d: && \
echo -n 'Public IPv4 Address: ' && curl checkip.amazonaws.com

Excellent, there's the private IP address you noted in step 1 This means we successfully connected to the right instance without exposing the SSH protocol. However, you'll also notice there is a Public IP address - this is the Elastic IP allocated for the NAT Gateway. The NAT Gateway allows resources in the private subnet, like our web server, to communicate with the Internet.

6. Load Balancing (ALB)

Create load balancer.
Click Create under Application Load Balancer.
Basic configuration
1. Load balancer name WebServerLoadBalancer
2. Basic configuration Scheme Internet-facing
3. Basic configuration Load balancer IP address type IPv4
4. Network mapping VPC project-vpc
5. Network mapping Availability Zone 1 project-subnet-public1
6. Network mapping Availability Zone 2 project-subnet-public2
add the Load Balancer Security Group you created earlier.
add ALB security group
Leave the default settings of HTTP and port 80 in the Listeners and routing section, then click Create target group.
Configure the new target group with the following settings:
1. Basic configuration Target group name WebServerTargetGroup
2. Basic configuration Protocol HTTP
3. Basic configuration Port 80
4. Basic configuration IP address type IPv4
5. Basic configuration VPC project-vpc
6. Basic configuration Protocol version HTTP1
7. Health checks Health check protocol HTTP
8. Health checks Health check path /
9. Next to proceed to the register targets settings.
Select mywebserver and click include as pending below. This will configure the load balancer to route web traffic from the Internet to the EC2 web server instance.
Click Create target group to finalize the setup,

close the browser tab to return to the load balancer configuration.
In the Listeners and routing section, click the refresh button and select the WebServerTargetGroup we just created

click Create load balancer

7. Storage (S3)

Click Create Bucket
Upload some files to the bucket
Download Data from this Link

8. Auto Scaling Group

Create Launch Template

Create Auto Scaling Group using the Launch Template

Review the information before creating ASG

9. Test Web Server

Copy the DNS name from the Load Balancer page and paste it into a new browser tab. Make sure it's http not https...

Final Output:

Amazon Network Load Balancer

19Naveen — Wed, 22 Jan 2025 10:01:35 +0000

_Your high-performance gateway for handling millions of requests with ultra-low latency

Amazon Network Load Balancer represents AWS's Layer 4 load balancing solution, designed to handle the most demanding workloads while maintaining exceptional performance. Operating at the connection level (TCP/UDP), it serves as your network's traffic conductor, efficiently distributing incoming requests across multiple targets, such as EC2 instances, containers, and IP addresses. In other words Elastic Load Balancing automatically distributes your incoming traffic across multiple targets, such as EC2 instances, containers, and IP addresses, in one or more Availability Zones. It monitors the health of its registered targets, and routes traffic only to the healthy targets. Elastic Load Balancing scales your load balancer as your incoming traffic changes over time. It can automatically scale to the vast majority of workloads. Some of the components of NLB are:

Load balancers: Listeners define how NLB handles incoming traffic by specifying the protocol and port.
Listeners: Backend resources (e.g., EC2 instances) are grouped into target groups. NLB directs traffic to targets within these groups.
Target groups: Periodic health checks ensure only healthy targets receive traffic.

Example: Think of NLB as a highly efficient traffic controller at a busy airport. Just as an air traffic controller needs to handle multiple aircraft simultaneously while ensuring minimal delays, NLB manages millions of requests per second while maintaining consistent, low-latency connections. Its ability to preserve source IP addresses and maintain static IP endpoints makes it particularly valuable for applications requiring precise network control and predictable addressing.

How Does It Work?

The Network Load Balancer routes incoming client requests to backend targets (e.g., EC2 instances, IP addresses, or containers) based on predefined rules. It uses static IP addresses for consistent endpoint management and performs health checks to ensure traffic is only sent to healthy targets.

Let's try to understand the flow with an example:

Flow Example: With Two EC2 Instances

Incoming Request:
- A client sends an HTTPS request to https://example.com (NLB’s endpoint).
NLB Listeners:
- Listener on port 443 identifies the request and routes it to Target Group A.
Target Group A:
- Contains EC2 Instance 1 and EC2 Instance 2.
Health Check:
- NLB checks if both instances are healthy:
  - EC2 Instance 1: Healthy ✅
  - EC2 Instance 2: Healthy ✅
Traffic Routing:
- NLB sends the request to EC2 Instance 1 (based on load distribution).
- If EC2 Instance 1 is busy or fails health checks later, NLB will route traffic to EC2 Instance 2.
Response to Client:
- EC2 Instance 1 processes the request and sends the response back via the NLB to the client.

Key Features of AWS Network Load Balancer (NLB)

Ultra-Low Latency : NLB is designed to handle millions of requests per second with minimal latency, making it ideal for latency-sensitive applications.
TCP, UDP, and TLS Support : Supports multiple transport protocols, including TCP for general-purpose traffic, UDP for real-time applications, and TLS for secure connections with built-in TLS termination.
Static IP Addresses and Elastic IPs : Assigns static IP addresses to each load balancer, simplifying DNS configurations and providing consistent endpoints. Elastic IPs can also be used for better control over IP allocation.
Cross-Zone Load Balancing : Distributes traffic evenly across targets in multiple Availability Zones (AZs), ensuring reliability and high availability.
IP Address Targeting : Routes traffic directly to targets using private IP addresses, enabling seamless integration with on-premises and hybrid cloud environments.
Health Checks : Continuously monitors the health of registered targets and routes traffic only to healthy instances, ensuring high reliability.
Scalability: Automatically scales to handle traffic spikes, supporting millions of connections without manual intervention.
Integration with Other AWS Services: Works seamlessly with AWS services like Amazon ECS, Amazon EKS, and AWS CloudFormation for automated deployments.

How NLB is different from Other Load Balancer

When compared to its siblings in the AWS load balancer family, NLB stands out for its raw performance capabilities. While Application Load Balancer (ALB) excels at HTTP-level routing and Classic Load Balancer (CLB) offers basic load balancing, NLB specializes in high-throughput, low-latency scenarios where every millisecond counts.

A key distinguishing feature is its ability to handle both TCP and UDP protocols, making it the go-to choice for applications like gaming servers, IoT devices, and media streaming platforms where consistent, high-speed performance is crucial.

REAL WORLD APPLICATIONS

Gaming Servers: Handle high-speed, real-time connections for multiplayer games.
IoT Applications: Efficiently manage millions of device connections.
Financial Services: Provide low-latency, secure connections for financial transactions.
Web Applications: Distribute traffic across multiple servers to ensure reliability and high availability.
Microservices: Direct traffic between containerized applications on ECS or EKS.
Content Delivery : Directs incoming requests to geographically distributed resources, improving response times for content-heavy applications.

Benefits of migrating from a Classic Load Balancer

Using a Network Load Balancer instead of a Classic Load Balancer has the following benefits:

Ability to handle volatile workloads and scale to millions of requests per second.
Support for static IP addresses for the load balancer. You can also assign one Elastic IP address per subnet enabled for the load balancer.
Support for registering targets by IP address, including targets outside the VPC for the load balancer.
Support for routing requests to multiple applications on a single EC2 instance. You can register each instance or IP address with the same target group using multiple ports.
Support for containerized applications. Amazon Elastic Container Service (Amazon ECS) can select an unused port when scheduling a task and register the task with a target group using this port. This enables you to make efficient use of your clusters.
Support for monitoring the health of each service independently, as health checks are defined at the target group level and many Amazon CloudWatch metrics are reported at the target group level. Attaching a target group to an Auto Scaling group enables you to scale each service dynamically based on demand.

Pricing

The pricing model for NLB is based on the following components:

Load Balancer Hours: Charges apply for each hour or partial hour the load balancer is active.
Data Processing Charges: Billed per GB of data processed through the load balancer.
Optional Features: Additional costs for cross-zone load balancing or using static IPs. For detailed pricing, visit the AWS Pricing Page for Network Load Balancer.

Limitations and Challenges

Protocol Constraints: Only operates at Layer 4; for advanced HTTP/HTTPS routing, use Application Load Balancer (ALB).
Learning Curve: Requires understanding network configurations to utilize it effectively.
Additional Costs: High data processing requirements can lead to increased costs.

Real-World Example: Online Streaming Platform

Scenario

A popular online streaming platform needed a reliable and high-performance load-balancing solution to handle millions of concurrent viewers globally while ensuring minimal latency and uninterrupted service.

How It Is Used

Traffic Distribution:
- The AWS Network Load Balancer directs incoming TCP traffic from viewers to multiple backend media servers located in various AWS Availability Zones.
Health Monitoring:
- Continuous health checks ensure only healthy servers receive traffic, preventing downtime for users.
Scalability:
- NLB automatically scales to manage traffic spikes during popular live events, such as sports or concerts, without requiring manual intervention.
Static IP and Elastic IPs:
- The platform uses NLB's static IPs to simplify DNS configurations for consistent endpoints across their global user base.
TLS Termination:
- NLB terminates TLS connections at the load balancer, offloading encryption overhead from backend servers, improving performance.

Outcome

The platform achieved low-latency streaming for millions of users.
High availability ensured no disruptions during traffic surges.
Simplified operations with automated scalability and static IPs.

Example: Similar use cases include video streaming platforms like Netflix or Twitch, which rely on high-performance load balancers for seamless user experiences.