Provision 3-tier AWS infrastructure using Load balancer, Auto Scaling and Target groups for static webpage
Welcome back Everyone… In this tutorial, we cover basic steps for setting up highly available, load-balanced 3-tier application using Auto Scaling group, target groups with Elastic Load balancer.
Let us first understand, what does above diagram/architecture mean?
It is a pictorial framework of user facing (web) application that product team would approve of. Technical team of architectures, product owner, developers and DevOps engineer would use this visual diagram for planning, designing, auditing the Amazon Web Services architecture before and after the deployment of Web Application.
What are the 3 tiers?
They are Web/Presentation tier, Application/Logic tier & Database/Data tier.
Web tier — It is the User interface (presentation tier) provided for users/customers to interact with and provide information to proceed with any type of transaction (like examples — purchase a product, signing up for streaming service, creating a bank account, login to payment dashboard etc.)
# What to provision in the (1st) Web tier?
Please refer to my previous article which will be a good guidance to navigate through AWS Console to create web tier (static web page), application load balancer, auto scaling group with screenshots. We will be provisioning below resources as part of the web tier:
1-VPC with 2-availability zones, 2-public subnets associated with 1-public route table
1-Internet Gateway attached to VPC, 1-NAT Gateway (available in 1-public subnet to allow private subnet to reach to Internet for updating packages)
1-Application load balancer controlling the load to web tier
2-EC2 instances (Linux virtual machines), security group (firewalls allowing inbound traffic from internet) in Auto scaling group
1-EC2 in one of the public subnet acting as Bastion HostApplication tier — This is a logic tier, it is also referred as backbone of whole framework. It basically has a computation (written code) power to direct all traffic from web-tier to database tier via API calls.
# We will be provisioning below resources as part of App tier:
2-private subnets associated with 1-private route table
1-Load balancer controlling the load from web tier to application tier
2-EC2 instances (Linux virtual machines), security group (firewalls allowing inbound traffic from Web tier) in
1-Auto scaling groupNote: This is not a true application tier and we will simply boot strap a static web page on the EC2 instances in the Application tier for demonstration purpose. please refer to my previous article for review.
Database tier — It is called storage layer as well. It mostly consist of storing of information regarding the business, data, users etc. Based on business & users’ requirements, appropriate data/format/size is created in the backend.
# We will be provisioning below resources as part of Database tier:
2-private subnets associated with 1-private route table limiting public access
1-MySql RDS Database, security group (firewalls allowing inbound traffic from Application tier)— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Now Let’s get going !!!
Prerequisites:
* AWS Account (N. Virgina region) with EC2 Key Pair
* IAM User
* Basic knowledge of Linux commands
Step 1: Follow my previous article with screenshots to create a VPC with basic infrastructure and networking resources as below:
1- VPC — IPv4 CIDR block: 10.0.0.0/16
2- Availability zones — us-east-1a, us-east-1b
2-public subnets — (us-east-1a)10.10.1.0/24, (us-east-1b)10.10.2.0/24, enable auto-assign public IPv4
4-private subnets — 10.10.3.0/24, 10.10.4.0/24, 10.10.5.0/24, 10.10.6.0/24
1-Internet Gateway — attached to VPC
1-NAT gateway — public subnet, connectivity type: public, Allocate elastic IP
3- Route tables
1- Public route table (Web tier)— subnet association — add both public subnets — 10.10.1.0/24, 10.10.2.0/24, routes — destination: 0.0.0.0/0 with target selected as internet gateway
2 — Private- Route Tables
# First Private route table (App tier) — subnet associations — add private subnets — 10.10.3.0/24, 10.10.4.0/24, routes — destination: 0.0.0.0/0 with target selected as NAT Gateway
# Second Private route table (Database tier) — subnet associations — add private subnets — 10.10.5.0/24, 10.10.6.0/24, routes — destination: 0.0.0.0/0 with target selected as NAT Gateway
3 — Security groups
# First security group (Web tier) — inbound/allowed rules from http, https (Anywhere), ssh (My Ip), icmp. Outbound rules to ssh (app tier sg), icmp (Anywhere).
# Second Security group (App tier) — inbound rules from ssh (web tier sg), icmp (web tier sg) MYSQL (database tier sg). Outbound rules to MYSQL (database tier sg), all traffic to (Anywhere).
# Third Security group (Database tier) — inbound rules from MYSQL (app tier sg). Outbound rules to MYSQl (app tier sg).
Step 2: As the infrastructure layout is ready and available to use, let us start building the Web tier (presentation layer) by using Launch template.
Do you wonder what is Launch template and why? It is a template that defines your virtual machines (EC2) configured specifically to your infrastructure and its requirements. It comes with version control to maintain base configuration with general parameters. You can add, update, and delete versions as your requirements changes.
In the EC2 console from left sidebar, navigate to ‘Launch templates’ under the ‘Instances’. We’re going to create a new launch template called 3tierLaunchTemp as below:
Scroll down to Advance details (User data) to add script to custom built website. For more details review my previous article.
Step 3: As you can see upon creating launch template, next steps are suggested. Let us create an autoscaling group as WebtierASG.
Question — What is Autoscaling group? Well in simple terms, it does what the name stands for. It scales out automatically (meaning adding more virtual machines (instances), avoiding single point of failure during peak time to handle the traffic. The benefits are that it scales in (reduce) or out (increase) dynamically across selected availability zones. It maintains enough instances to meet its desired capacity. It performs periodic health checks on instances in the group and replaces when required.
Please note to select 3tierLaunchtemp with correct version in order to produce correct infrastructure.
Please note to select both public subnets as this template is intended to launch Web tier (presentation layer).
Next, we need to create a new application load balancer with http, https and internet-facing.
What, another new term ?— Application load balancer is distributing the load to the website. haha.. too simple?
its functionality of automatically distributing incoming traffic from users across registered targets (like EC2 instances) in availability zones. it has inbuilt feature “listener” checks for connection request from clients and determines routes to registered targets.
Please note to select public subnets since we are still provisioning for web tier, and it should be accissible to public.
Next is to configure “listener” for protocol “http” over port “80” to receive request and registered targets (EC2 instances) where application load balancer will route the traffic to.
Although it is “optional”, it is suggested to enable Health checks for ELB (elastic load balancer) as well to assure that ASG (autoscaling group) will use ELB health checks to consider replacing unhealthy instances. The load balancer periodically sends pings, attempts connections, or sends requests to test the EC2 instances and determines if an instance is unhealthy.
As mentioned earlier that Auto scaling group (ASG) maintains enough instances to meet its desired capacity and performs periodic health checks, we need to provide the capacities (size) and scaling policies to which it adhere to. This is solely based on product and business requirements.
Finally review and confirm the configurations based on requirements to create ASG.
Upon successfully creating the ASG, below resources are being provisioned and capacities are being updated as seen below. This will generate minimum of 2 instances under EC2 dashboard in public subnets and availability zones.
Web tier has been launched.
Step 4: Let us test if we can access any public ip of web tier instances to confirm the connectivity. Copy public IPv4 from WebtierASGTarget and paste it in the browser to see if custom built webpage is seen.
Step 5: Let us ssh into public instance to confirm that access is allowed to proceed further.
Step 6: Follow steps from Step 2 in order to create Launch template for App tier named “ApptierLaunchTemp”.
For App Tier, Please note to select appropriate security group which in my case is “AppTierSG”.
Also, as this template is intended for App tier, you want to assure that auto assign public ip is “disabled”.
Under user data, you can provide below to install mySQL package with boot up.
#!/bin/bash
sudo yum install mysql -y
Step 7: Follow steps from Step 3 in order to create App tier Auto scaling group named “AppTierASG”.
Please note to select “ApptierLaunchTemp” to go along with AppTierASG.
Also since this tier is logic tier (not a presentation layer), you want to assure that private subnets — 10.10.3.0/24, 10.10.4.0/24 are selected.
When creating App tier loadbalancer named “AppTierLB”, you want to assure that it is set as “internal” (not internet-facing).
New Target group should be created as “AppTier Target” with required scaling policies and size.
Step 8: Navigate to EC2 > Auto Scaling group dashboard to confirm appropriate configurations are created for both Web tier and App tier respectively.
you will notice both WebtierASG, AppTierASG have been created from their respective launch templates. In this case, for both ASGs desired capacity =2, minimum capacity =2 and maximum capacity=3. They both are in two availability zones (us-east-1a and us-east-1b) to provide availability.
Step 9: Navigate to EC2 > Target groups dashboard to confirm appropriate configurations are created for both Web tier and App tier respectively.
You can also confirm that Targets groups have been created for both Web tier and App tier where load balancer are WebtierLB (internet facing) and AppTierLB (internal) respectively.
Step 10: Navigate to EC2 > Load balncers dashboard to confirm appropriate configurations are created for both Web tier and App tier respectively.
You can also confirm that Load balancers have been created, “active” status distributing traffic in 2 availability zones respectively.
Please confirm that WebtierLB (internet facing) and AppTierLB (internal) respectively.
Too close to finish line.. Get a cup of coffee or stretch!
Step 11: Last tier to provision. Let’s create Database Tier.
Remember that it is storage layer, and considered to be in backend (meaning not publicly accessible). In AWS, navigate or search for RDS (relational database system). It is of managed services that makes it simple to set up, operate, and scale databases in the AWS cloud.
Follow along to create Database with third Security group “DatabaseTierSG” in AZ “us-east-1a”.
upon clicking on Create database, expect to wait around 3–5 minutes for AWS to provide and make it available on dashboard.
Step 12: Scroll back up to Route tables and Security groups setting to do visual check on AWS console so that routing, protocol and ports are configured and networking is feasible.
*******************LET’S TEST TEST TEST!!!*********************
Step 13:
First ssh in to web tier from your terminal first by using public IP of instance.
Then ssh into App tier by using private IP of instance enabling SSH Agent forwarding
Lastly, confirm connection to database tier by accessing Endpoint from App tier.
Nailed it, now it is time for nap!
*REMEMBER* to delete your resources upon completing this tutorial.
More content at PlainEnglish.io. Sign up for our free weekly newsletter. Follow us on Twitter, LinkedIn, YouTube, and Discord.
Interested in scaling your software startup? Check out Circuit.
