Building a Scalable and Secure 3-Tier Architecture Application in AWS: Leveraging VPC, ALB, and RDS (2023)

Optimizing Performance, Security, and Scalability in AWS Cloud

Welcome back, cloud enthusiasts! We're excited to embark on the Week 2 challenge of the #10WeeksCloudOps journey. In this week's challenge, we dive into the world of AWS to create a highly scalable and high-performance 3-tier architecture application. So fasten your seatbelts and get ready for an exhilarating ride through the cloud!

Understanding the Objective:

The primary goal of this challenge is to design and implement a 3-tier architecture application using AWS services such as Virtual Private Cloud (VPC), Application Load Balancer (ALB), and Relational Database Service (RDS). By leveraging these powerful tools, we can unlock a multitude of benefits, including scalability, performance optimization, and enhanced security.

The 3-tier architecture consists of three distinct layers - presentation, application, and data tiers. Each layer serves a specific purpose and ensures the separation of concerns within the application.

1. Presentation Tier: This is the front-end layer that interacts directly with users. It handles user interface components, such as web pages, mobile apps, or APIs, and focuses on delivering a seamless user experience.

2. Application Tier: The middle layer houses the business logic and processing capabilities of the application. It handles application-specific functionalities, such as data processing, authentication, and business rules.

3. Data Tier: The backend layer stores and manages data required by the application. It typically involves a database or data storage solution, ensuring data integrity, availability, and persistence.

Benefits of the 3-Tier Architecture in AWS:

1. Scalability: Seamlessly scale application resources based on demand using Auto Scaling and Elastic Load Balancing, ensuring optimal performance during peak traffic periods.

2. Performance Optimization: ALB intelligently distributes traffic across multiple application instances, improving performance and reducing latency. AWS RDS provides efficient data storage and retrieval through managed database services.

3. Enhanced Security: AWS VPC creates a secure and isolated virtual network environment. Configure network access controls, security groups, and private subnets to protect sensitive data.

Step 1 :

As we are going to start with VPC so before starting we should know what is VPC is.

Virtual Private Cloud

A VPC (Virtual Private Cloud) in AWS is a virtual network that allows you to securely run your applications and services. It provides control over IP addressing, subnets, routing, and security. It enables you to create your own isolated network environment in the cloud, similar to a traditional network setup.

Let's create the VPC in aws as already a VPC (default) is there but we have to create a new one.

• First of all, Login to your AWS Management Console.

• Navigate to the AWS Management Console dashboard and search for "VPC" in the search bar. Click on "VPC" under the "Networking & Content Delivery" section.

• In the VPC dashboard, click on "Create VPC" to begin the VPC creation process.

  

• Provide a name for your VPC in the "Name tag" field. For example, you can name it "my-vpc".

• Enter a CIDR block for your VPC in the "IPv4 CIDR block" field. This block defines the IP address range for your VPC. For instance, you can use "10.0.0.0/16" to allow a range of private IP addresses within the VPC.

  

• Click on the "Create" button to create your VPC.

• Wait for AWS to create your VPC. Once the VPC is created, you'll be redirected to the VPC dashboard, where you can view your newly created VPC.

Yes right, it's done

Step 2 :

Now it's time to create subnet for the same but we will have to know that what it subnet is.

Subnet

A subnet is a subset of an IP network that can be created within a larger network, such as a VPC. It is used to partition a network into smaller, more manageable sections. Each subnet has its own range of IP addresses and can be associated with specific availability zones within a region.

To create a subnet in AWS :

• In the VPC dashboard, click on "Subnets" in the left navigation pane.

• 

• Click on the "Create subnet" button to start the subnet creation process.

• 

  Choose the VPC you want to associate the subnet with from the drop-down menu.

• Select the availability zone where you want the subnet to be located.

• Specify a unique name for the subnet in the "Name tag" field.

• Enter an IPv4 CIDR block for the subnet. This defines the IP address range for the subnet, such as "10.0.1.0/24".

• Click on the "Create" button to create the subnet.

  

• Wait for AWS to create the subnet. Once created, you will see the new subnet listed in the Subnets section of the VPC dashboard.

  

  Here in the above screenshot, you can see as we created multiple subnets such as Web, App and DB because of the three-tier application we are building.

So we have done with subnet after then we route table for the same so let's get into next step.

Step 3:

Route Table

A route table is a networking component that controls the routing of network traffic within a Virtual Private Cloud (VPC). It acts as a set of rules, or routing entries, that determine where network traffic should be directed based on the destination IP addresses.

here is the step-by-step process to create a route table for all three layers of the application.

• In the VPC dashboard, click on "Route Tables" in the left navigation pane.

  

• Click on the "Create route table" button to begin creating a new route table.

  

• Select the VPC that you want to associate the route table with from the drop-down menu.

  

• Click on the "Create" button to create the route table.

• Once the all route table is created, then need to associate with the respective subnet.

  In my case created three rout tables for all three layers as below

  

  Now it's time to associate with the subnet then for the same we have to scroll down and see the tab "Subnet Associations" click on it and add the respective route table to the subnet.

  

  After clicking on Edit subnet association will see a page like below in which you have to add all subnets with route table.

  

  Now Subnet Association has been done.

Step 4:

Internet Gateway

An Internet Gateway in AWS is a horizontally scalable, highly available component that allows communication between instances within a Virtual Private Cloud (VPC) and the Internet. It acts as a gateway between your VPC and the public internet, enabling instances within the VPC to have outbound internet access and receive inbound internet traffic.

Here are the steps to create and attach an Internet Gateway to your VPC in AWS:

• In the VPC dashboard, click on "Internet Gateways" in the left navigation pane.

  

• Click on the "Create internet gateway" button to begin creating a new internet gateway.

  

• Provide a unique name for the internet gateway in the "Name tag" field.

• Click on the "Create" button to create the internet gateway.

  

• Once the internet gateway is created, select it from the list and click on the "Actions" button, then choose "Attach to VPC" from the drop-down menu.

• Select the VPC that you want to attach the internet gateway to from the drop-down menu.

• Click on the "Attach" button to attach the internet gateway to the VPC.

  

  It's done now move to NAT Gateway

Step 5:

NAT Gateway

A NAT (Network Address Translation) Gateway in AWS is a managed service that allows instances within a private subnet of a Virtual Private Cloud (VPC) to connect to the internet while maintaining secure and controlled access.

Here are the steps to create and configure a NAT Gateway in AWS:

• In the VPC dashboard, click on "Nat Gateways" in the left navigation pane.

  

• Click on the "Create Nat Gateway" button to begin creating a new NAT Gateway.

  

• Choose the subnet where you want to create the NAT Gateway. Ensure that the subnet has a route to an Internet Gateway.

• Choose an existing Elastic IP address or allocate a new Elastic IP address to associate with the NAT Gateway.

• Click on the "Create Nat Gateway" button to create the NAT Gateway.

  

• Wait for the NAT Gateway to be created. This process may take a few minutes.

• Once the NAT Gateway is created, select it from the list and note down the associated public IP address.

Next, you need to update the routing configuration and configure your private subnets to use the NAT Gateway:

• In the VPC dashboard, click on "Route Tables" in the left navigation pane.

• Select the route table that is associated with your private subnet.

  

• Click on the "Routes" tab, and then click on the "Edit routes" button.

• Add a new route with the destination CIDR block of 0.0.0.0/0, and set the target to the NAT Gateway you created.

• Click on the "Save" button to save the route.

Now that's it for Networking configuration for 3-tier Architecture and it's time to move create instance for the same and setup load balancer as well.

Step 6:

In this step, we are going to create instance for the layer under vpc that we have created above.

so let's jump into it :)

Here are the steps to create and configure an Instance for the Web and App Layer in AWS:

• In the EC2 dashboard, click on "LaunchInstances" in the right top.

  

• Now do the same process to create instances but make sure you are selecting the right VPC and Subnet for the respective instances such as Web and App Server.

  

• So create 3 instances, One for the Web(Client) layer and Two for the Application layer as below

  

• Now ssh to the web server and get into it and connect with the app server from the web server and Install any server example Apache, Nginx etc...

  here we are going to install LAMP so that we can configure the database layer as well using phpMyAdmin

  Click here to check LAMP docs

• Now LAMP has been set up in the App server by following the above docs.

Step 7:

Load Balancer

A Load Balancer is a networking component that evenly distributes incoming network traffic across multiple servers or instances to enhance performance, increase availability, and ensure fault tolerance in a system or application.

Here are the steps to create Load Balancer and configured in AWS:

• In the EC2 dashboard, click on "Load Balancers" in the left navigation pane.

  

• Click on the "Create Load Balancer" button to start creating a new load balancer.

  

• Choose "Application Load Balancer" as the load balancer type.

  

• Configure the basic settings:

  • Provide a name for your load balancer.

  • Select the appropriate VPC for your load balancer.

  • Choose the appropriate IP address type.

    

• Configure the availability zones:

  • Select the availability zones where your application instances are deployed.

  • Choose the subnets in those availability zones.

    

• Configure security settings:

  • Select an existing security group or create a new one that allows inbound traffic from the internet to the load balancer on the required ports (e.g., HTTP, HTTPS).

    

• Configure routing:

  • Create a new target group for your application instances.

  • Specify the target type as "Instances" and choose the instances that will be registered with the target group.

    

  • Click on the Create target group and you will see a dashboard of the Target Group

    

  • Click on "Create target group" and put the basic detail below

  • 

    Now click on "Next" to register the target

    

  • After selecting the App server click on 'Include as pending below' and scroll down to create the target group.

    

  • Now back to the load balancer screen and refresh the target group

    

  • Then you will see the target group that you created then select it and create a load balancer.

    Note : Make sure you have created a security group for the Load Balancer as

    0.0.0.0/0 and add this security group in both app instances so that connection get done between these.

• Now check the health status of Target Group to make sure the connectivity between these.

  • In the EC2 Dashboard, find the target group and click on it you will see the target group that you have created then click on it.

    

    here you will see health status which must be healthy if it is unhealthy then make sure the security group is properly added or not.

• Now SSH in the server and as we have already installed LAMP so go to the directory of /var/www/html in we will have to create a file in both servers having content for example "Hello World 1/2"

• And find the load balancer in AWS that you have created just simply click on it and copy the DNS name

  

• Open the browser, Search in the URL and you will see the result

  

• And refresh many times to see the response from another server because of the load balancer.

  

Hurray! The application layer has been done and now move to DB layer

Step 8 :

Relation Database Service

Amazon RDS (Relational Database Service) is a managed database service provided by Amazon Web Services (AWS). It simplifies the process of setting up, operating, and scaling a relational database in the cloud. RDS supports various popular database engines, including MySQL, PostgreSQL, Oracle Database, SQL Server, and Amazon Aurora.

To create an Amazon RDS (Relational Database Service) instance for MySQL in AWS:

• In the RDS dashboard, click on "Create database" to start creating a new database instance.

  

• Select the "Standard Create" option to have full control over the configuration.

• Choose the MySQL engine and version that you want to use.

  

• Specify the DB instance details:

  • Choose the appropriate DB instance size based on your workload requirements.

  • Select the deployment option (e.g., Multi-AZ for high availability, Single-AZ for cost optimization).

  • Provide a unique DB instance identifier.

  • Set the master username and password for the database.

• Configure the advanced settings as needed:

  • Select the VPC and subnet group for the database that we have created for DB earlier.

  • Set the security group rules to control inbound and outbound traffic to the database.

• Review the configuration and click on the "Create database" button to create the MySQL RDS instance.

  

• Wait for the RDS instance creation process to complete. This may take several minutes.

• Now you will see the database that you created and click on the same then copy the endpoint to use.

  

• Click on the 'mydb' then copy the endpoint

  

• As we know the port of MySQL is 3306, so allow this port app server security group for connectivity.

That's it now we are going to set up a Database in phpMyAdmin in our app server as we have already installed the LAMP server.

Step 9:

Now we have an endpoint point of the database as well so we have to configure phpMyAdmin in our case or it might be different

• SSH to the app server and find the directory of phpMyAdmin in which there is a file called "config.inc.php".

• Just open the file in an editor (vim) and replace the Host Value localhost to endpoint

  

Yes right, Our Database layer has been done and now we have to copy the Load balancer (DNS) in which we will have to add the /phpMyAdmin at the end of the url to check the phpMyAdmin.

• Now we can log in to our database as well by providing the credential that we had entered while creating DB in aws and the login

  

Hurray! We have done our 3-tier Architecture Application.

Here is some reference link for the same :

https://docs.aws.amazon.com/whitepapers/latest/serverless-multi-tier-architectures-api-gateway-lambda/three-tier-architecture-overview.html

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-lamp-amazon-linux-2023.html

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html

Completed the 3-tier architecture application in AWS for the #10WeeksOfCloudOps challenge. Thanks to Tech Tutorials With Piyush for your guidance. Excited about future cloud operations endeavors.