Intermediate

Three-Tier Web Application

Build a scalable, highly available web application with presentation, application, and data tiers

Project Overview

Design and deploy a production-ready three-tier architecture with load balancing, auto scaling, and a managed database. This is a foundational pattern for enterprise applications.

Difficulty: Intermediate
AWS Services: ALB, EC2 ASG, RDS Multi-AZ, ElastiCache
Cost: ~$50-100/month (tear down after learning)

Prerequisites

  • Completed EC2 Web Server project
  • Understanding of VPC networking
  • Basic SQL knowledge
  • Familiarity with load balancing concepts

Architecture

Public Subnets (Multi-AZ)
🌐
Internet
ALB
Load Balancer
Private Subnets (Multi-AZ)
🖥
EC2 ASG
App Tier
🗃
RDS
Multi-AZ
ElastiCache
Caching

NAT Gateway enables outbound internet access from private subnets

Step-by-Step Instructions

1

Create VPC with Public and Private Subnets

  • Create a VPC with CIDR 10.0.0.0/16
  • Create 2 public subnets in different AZs (10.0.1.0/24, 10.0.2.0/24)
  • Create 2 private subnets in different AZs (10.0.10.0/24, 10.0.20.0/24)
  • Create an Internet Gateway and attach to VPC
  • Create a NAT Gateway in a public subnet
  • Configure route tables appropriately
2

Set Up Application Load Balancer

  • Create an ALB in the public subnets
  • Configure a target group for your instances
  • Set health check path (e.g., /health)
  • Create HTTP listener on port 80
  • Configure security group to allow port 80/443 from internet
3

Create Launch Template

  • Create a launch template for your EC2 instances
  • Include user data script to install your application
  • Configure security group allowing traffic from ALB only
  • Attach an IAM role for accessing other AWS services
4

Configure Auto Scaling Group

  • Create an ASG using your launch template
  • Deploy across private subnets in multiple AZs
  • Set min: 2, desired: 2, max: 4 instances
  • Attach to the ALB target group
  • Add scaling policies based on CPU utilization
5

Deploy RDS Database

  • Create a DB subnet group using private subnets
  • Launch RDS MySQL or PostgreSQL instance
  • Enable Multi-AZ for high availability
  • Configure security group to allow access from app tier only
  • Enable automated backups and encryption
6

Test and Validate

  • Access application via ALB DNS name
  • Test auto scaling by generating load
  • Terminate an instance to verify recovery
  • Monitor with CloudWatch dashboards
  • Set up CloudWatch alarms for notifications

Tips

  • Use NAT Gateway for outbound internet - Required for instances in private subnets to download updates
  • Enable Multi-AZ for RDS - Provides automatic failover for database tier
  • Store database credentials in Secrets Manager - Never hardcode credentials in your application
  • Use Session Manager instead of SSH - More secure access to private instances without opening port 22

Code Examples

VPC CloudFormation Template

vpc.yaml YAML 
AWSTemplateFormatVersion: '2010-09-09'
Resources:
  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsHostnames: true
      Tags:
        - Key: Name
          Value: three-tier-vpc

  PublicSubnet1:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: 10.0.1.0/24
      AvailabilityZone: !Select [0, !GetAZs '']
      MapPublicIpOnLaunch: true

  PrivateSubnet1:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: 10.0.10.0/24
      AvailabilityZone: !Select [0, !GetAZs '']

Auto Scaling Group Configuration

asg.yaml YAML 
AutoScalingGroup:
  Type: AWS::AutoScaling::AutoScalingGroup
  Properties:
    LaunchTemplate:
      LaunchTemplateId: !Ref LaunchTemplate
      Version: !GetAtt LaunchTemplate.LatestVersionNumber
    MinSize: 2
    MaxSize: 4
    DesiredCapacity: 2
    VPCZoneIdentifier:
      - !Ref PrivateSubnet1
      - !Ref PrivateSubnet2
    TargetGroupARNs:
      - !Ref TargetGroup
    HealthCheckType: ELB
    HealthCheckGracePeriod: 300

ScalingPolicy:
  Type: AWS::AutoScaling::ScalingPolicy
  Properties:
    AutoScalingGroupName: !Ref AutoScalingGroup
    PolicyType: TargetTrackingScaling
    TargetTrackingConfiguration:
      PredefinedMetricSpecification:
        PredefinedMetricType: ASGAverageCPUUtilization
      TargetValue: 70

RDS Multi-AZ Configuration

rds.yaml YAML 
RDSInstance:
  Type: AWS::RDS::DBInstance
  Properties:
    DBInstanceIdentifier: myapp-db
    DBInstanceClass: db.t3.micro
    Engine: mysql
    EngineVersion: '8.0'
    MasterUsername: admin
    MasterUserPassword: !Ref DBPassword
    AllocatedStorage: 20
    MultiAZ: true
    DBSubnetGroupName: !Ref DBSubnetGroup
    VPCSecurityGroups:
      - !Ref DBSecurityGroup
    BackupRetentionPeriod: 7
    StorageEncrypted: true

What You'll Learn

  • Application Load Balancer configuration and health checks
  • Auto Scaling Groups and scaling policies
  • RDS Multi-AZ deployment and management
  • VPC design with public and private subnets
  • High availability patterns across multiple AZs
← Previous Project Next Project →