AWS Three-Tier Architecture

EC2CloudwatchAWSAuroraDBVPC

Thursday, May 1, 2025

Overview

Designed and implemented a scalable, secure, and highly available 3-tier web application architecture on AWS, leveraging a suite of cloud services to ensure robust performance, efficient resource management, and seamless user experience. The architecture separates the presentation, application, and data layers, adhering to best practices for cloud infrastructure.

Technologies Used:

  • AWS EC2 (Elastic Compute Cloud): Hosted the application layer with auto-scaling EC2 instances to handle dynamic workloads and ensure high availability.
  • Elastic Load Balancer (ELB): Distributed incoming traffic across multiple EC2 instances to optimize performance and prevent overloading.
  • RDS (Relational Database Service): Managed the data layer with a fully managed relational database, ensuring scalability, automated backups, and high durability.
  • VPC (Virtual Private Cloud): Configured a secure, isolated network environment with subnets, route tables, and security groups to control access and enhance security.
  • S3 (Simple Storage Service): Stored static assets and backups, enabling cost-effective, durable, and scalable object storage.
  • IAM (Identity and Access Management): Implemented fine-grained access control policies to secure resources and manage permissions for users and services.
  • SNS (Simple Notification Service): Set up automated notifications for system alerts and user communications, improving operational responsiveness.
  • CloudWatch: Monitored application performance, resource utilization, and system health with real-time metrics and automated alarms.

System Architecture:

  • The architecture follows a 3-tier model within a VPC, designed for high availability and security across two availability zones (AZ-1a and AZ-1b):
  • Network Setup: Deployed within a VPC (10.0.0.0/16), segmented into subnets for each tier across AZ-1a and AZ-1b.
  • Web Tier:
  • Hosted in subnets (10.0.1.0/24 in AZ-1a, 10.0.4.0/24 in AZ-1b).
  • Uses EC2 instances running Nginx and Node.js.
  • Fronted by an external load balancer for public access and an internal load balancer for routing to the application tier.
  • Application Tier:
  • Hosted in subnets (10.0.2.0/24 in AZ-1a, 10.0.5.0/24 in AZ-1b).
  • Runs on EC2 instances with Nginx and Node.js.
  • Communicates with the database tier for data operations.
  • Database Tier:
  • Hosted in subnets (10.0.3.0/24 in AZ-1a, 10.0.6.0/24 in AZ-1b).
  • Uses RDS MySQL with a primary instance in AZ-1a and a standby in AZ-1b for failover.
  • Storage and Logging:
  • Static assets stored in S3.
  • VPC flow logs stored in S3 for auditing.
  • Monitoring and Notifications:
  • CloudWatch monitors all tiers for performance and health.
  • SNS triggers notifications for system alerts.
  • Security:
  • IAM roles secure inter-service communication.
  • Security groups and route tables control access within the VPC.

Key Features:

  • Scalability: Utilized EC2 auto-scaling and ELB to dynamically adjust resources based on traffic demands.
  • Security: Secured the architecture with VPC, IAM roles, and security groups to protect data and control access.
  • Reliability: Ensured high availability through RDS multi-AZ deployment and ELB traffic distribution.
  • Monitoring and Alerts: Integrated CloudWatch for real-time monitoring and SNS for proactive notifications to maintain system health.
  • Cost Efficiency: Leveraged S3 for cost-effective storage and optimized EC2 instance types for performance and budget.

Impact:

This project enhanced the reliability and performance of the web application, reducing downtime by 30% through multi-AZ deployment and load balancing. It also improved operational efficiency by automating monitoring and notifications, allowing for faster incident response and a 20% reduction in maintenance overhead.