A Resilient AWS Three-Tier Architecture Design and Deployment Project

We will learn how to configure and deploy a highly-available, fault-tolerant, secure, and scalable three-tier architecture infrastructure utilizing AWS resources on the AWS cloud platform.

Technologies, services, and tools used for this architecture

GitHub | AWS Cloud | EC2 | Security Groups | AWS RDS | Route Table | Internet Gateway | Nat Gateway | Nginx | Elastic Load Balancer | Auto Scaling Group

1.? GitHub

For version control and collaboration on infrastructure code (IaC).

2.? AWS Cloud

The primary platform hosting the infrastructure and services.

3.? EC2 (Elastic Compute Cloud)

Provides resizable compute capacity in the cloud.

Hosts the web and application servers.

4.? Security Groups

Act as virtual firewalls to control inbound and outbound traffic to AWS resources.

5.? AWS RDS (Relational Database Service)

Manages the MySQL database instances with automated backups, software patching, and scaling.

6.? Route Table

Defines rules for routing traffic within the VPC.

7.? Internet Gateway (IGW)

Allows communication between instances in the VPC and the internet.

8.? NAT Gateway

Enables instances in private subnets to connect to the internet while preventing inbound traffic from the internet.

9.? Nginx

Used as a web server and reverse proxy to manage and distribute traffic.

10.? Elastic Load Balancer (ELB)

Distributes incoming application or network traffic across multiple targets (e.g., EC2 instances).

11.? Auto Scaling Group

Automatically adjusts the number of EC2 instances based on demand to ensure high availability and fault tolerance.

Architecture Components and Their Roles

1.? Virtual Private Cloud (VPC)

CIDR Block: 10.10.0.0/16

Provides an isolated network within AWS.

2.? Subnets

Public Subnets: AZ-1a: 10.10.1.0/24 AZ-1b: 10.10.4.0/24

Private Subnets: AZ-1a: 10.10.2.0/24 AZ-1b: 10.10.5.0/24

Database Subnets: AZ-1a: 10.10.3.0/24 AZ-1b: 10.10.6.0/24

3.? Internet Gateway (IGW)

Provides internet access to the VPC.

Attached to the VPC for public subnets.

4.? Load Balancer (LB)

Distributes incoming traffic to web servers in public subnets.

Accessible from clients over the internet.

5.? Public Subnet Resources

Web Servers:

Web 1a: Located in 10.10.1.0/24

Web 2a: Located in 10.10.4.0/24

Security Group (SG): Allows HTTP (Port 80) and SSH (Port 22) from anywhere.

6.? NAT Gateways

NAT 1a: In 10.10.1.0/24 (Public Subnet)

NAT 2b: In 10.10.4.0/24 (Public Subnet)

Allow instances in private subnets to connect to the internet while remaining unreachable from the internet.

7. ?Private Subnet Resources

Application Servers:

App 1a: Located in 10.10.2.0/24

App 2a: Located in 10.10.5.0/24

Security Group (SG): Allows TCP (Port 4000) and SSH (Port 22) from Internal LB SG.

8.? Internal Load Balancer (Inter LB)

Distributes traffic between application servers in private subnets.

Only accessible within the VPC (not exposed to the internet).

9.? Database Subnet Group

Used for MySQL database instances.

MySQL DB:

Located in AZ-1a: 10.10.3.0/24

Located in AZ-1b: 10.10.6.0/24

Security Group (SG): Allows MySQL (Port 3306) from App SG.

10.? Security Groups (SG)

Web SG: Allows HTTP (Port 80) and SSH (Port 22) from anywhere.

App SG: Allows TCP (Port 4000) and SSH (Port 22) from Internal LB SG.

MySQL SG: Allows MySQL (Port 3306) from App SG.

Internal LB SG: Allows traffic from Web SG.

This architecture ensures high availability and fault tolerance by distributing resources across multiple Availability Zones (AZs). It also secures different layers by restricting access through specific security groups and provides scalability and resilience for handling varying loads and potential failures.

Amazon Web Services (AWS)

Thank you for taking the time to read this long post. I appreciate your support by liking, sharing, and leaving constructive feedback.