AWS 3 Tier Architecture ( Hands On Project )
Building for the Cloud: Why Architecture Matters?
When crafting a cloud-based application, the foundation you build upon — its architecture — is just as crucial as the application itself. Choosing the right architecture involves several key considerations:
Scalability on Demand: Can your app seamlessly scale up or down based on user traffic? How important is it to avoid constant resource management and monitoring?
Always Available: Does your app require near- constant uptime? Can it tolerate extended periods of downtime? If a component fails, how resilient is the rest of the system?
Fortress of Security: How robust are your app’s security measures? How does it handle access control for different functionalities? If a breach occurs in one area, can the rest of the application be compromised?
AWS 3-Tier Architecture
Why 3-tier?
The 3-tier architecture provides a robust foundation for cloud applications. By separating functionalities into distinct presentation, application, and data tiers, it fosters exceptional scalability, high availability, and enhanced security. This modular design allows for independent resource scaling within each tier, ensuring seamless performance even during peak loads.
Presentation Tier: This tier handles user interaction. It delivers the user interface (UI) and captures user input. Web servers, static content delivery networks (CDNs), and API gateways are common components.
Application Tier: This tier handles the application logic. It processes user requests, interacts with the data tier, and generates responses. Application servers, container orchestration services, and serverless functions reside here.
Data Tier: This tier stores and manages application data. Relational databases, NoSQL databases, and object storage solutions like Amazon S3 belong to this tier.
Setting up Foundational layer: VPC
Imagine you’re renting an apartment in a giant building (public cloud). A VPC is like your own private floor within that building. You control who has access (security group) and how things are arranged (subnets). This private floor ensures your belongings (app data) are separate from other tenants (other cloud users). It’s a secure space to build your application (3-tier architecture) without worrying about neighbors.
Creating VPC for our project, “cloud-fortress”
We’re creating a VPC, naming our project “cloud-fortress” with a CIDR block of 10.0.0.0/16.
To increase the availability of the project “cloud-fortress”, we’re using two AZs (us-east-1a and us-east-1b), two public subnets, and four private subnets.
Quick Lookup to visualize the resources about to be allocated.
Enable auto-assign IPv4
Once all the resources have been created, we need to make sure we ‘Enable auto-assign public IPv4 address’ for BOTH public subnets so we can access its resources via the Internet.
Change the Main Route Table
When a VPC is created, it comes with a default route table as its ‘main table.’ But, we want our public route table to serve as the main table, so select the “cloud- fortress-rtb-public” from the Route tables dashboard and set it as the main table under the ‘Actions’ dropdown menu as shown in the image.
Deploying a NAT Gateway
Short Overview of NAT Gateway
NAT gateway acts as a security checkpoint. It allows resources within a private network (lacking public IP addresses) to reach the internet for essential tasks like software updates or data downloads. However, the NAT gateway functions like a one- way street. It blocks incoming internet connections, safeguarding private resources from unauthorized access. This creates a secure environment
for your network while enabling necessary communication with the outside world.
Now, Let’s create a NAT Gateway, Navigate to ‘NAT Gateways’ and create a new gateway called nat-public. Select one of the public subnets, allocate an elastic IP, and create the gateway.
Setting one Private Route Table
Select any one of the private route tables and adjust the name to something like ‘cloud- fortress-private.’ This will be our private route table.
Editing Subnet Associations
Now we can associate the updated table ”cloud- fortress-private” with all four private subnets (- subnet-private1, -subnet- private2, -subnet-private-3, — subnet-private4)
Adding NAT Gateway
Edit the routes, Add a new route with Target set to NAT Gateway and select the nat-public for the dropdown menu.
AWS 3-tier Architecture: Web Tier
Tier 1, The Presentation Tier
The Web Tier, also known as the ‘Presentation’ tier, is the environment where our application will be delivered for users to interact with. For Cloud fortress, this is where we will launch our web servers that will host the frontend of our application.
Setting up Launch Template
Now Let’s create a launch template that will be used by our ASG to dynamically launch EC2 instances in our public subnets.
In the EC2 console, navigate to ‘Launch templates’ under the ‘Instances’ sidebar menu.
We’re going to create a new template called ‘cloud-fortress- template’ with the following provisions:
AMI: Amazon 2 Linux
Instance type: t2.micro (1GB — Free Tier)
A new or existing key pair
Create a new security group with inbound SSH, HTTP, and HTTPS rules. Make sure the proper cloud-fortress-vpc VPC is selected.
Under the Advanced details, on User data section we need to paste in our script that installs an Apache web server and a basic HTML web page.
To Complete the Process, Visit my Medium Blog,
Link, https://rajan-kafle.medium.com/aws-3-tier-architecture-46e4c05fd854
Thank you for reading until the end. Before you go:
Please consider following!
Follow me on LinkedIn.