Abidoye Joshua mayowa
8 min readMar 12, 2023


Designing and Deploying a 3-Tier Architecture for High Availability.

Hello Everyone, Welcome to Week 9, project 7 with Level Up In Tech. In this project, we will create a 3-tier architecture. The first tier of our architecture is a Web tier. It will consist of 2 public subnets in separate Availability zones and an auto scaling group of EC2 instances launching a webpage with access to the internet. The second tier is the Application tier. This tier will consist of 2 private subnets, an ASG with EC2 instances that have inbound access from the web tier. The third tier is the Database tier. This tier will have an RDS database in 2 private subnets with inbound access from the application tier above. So let’s get started.


  • AWS account
  • Access to command line, I will be using EC2 Instance connect.

What is 3-Tier Architecture?

It’s a type of client-server architecture that divides the architecture into three tiers: data layer, application layer, and presentation layer.

  1. Presentation — This layer sends HTML, JS, and CSS to browsers. It may use frameworks like React, Angular, Ember, Aurora, etc.
  2. Application — Processes business logic for an application. It might be written in C#, Java, C++, Python, Ruby, etc.
  3. Database — This layer provides access to application data through a database management system. This could be MSSQL, MySQL, PostgreSQL, etc.


  1. Make sure you can access the web tier web page from the internet.
  2. From the web tier, verify that you can ping the application tier from the web tier by running the ping command from an EC2 instance in the web tier.

Step 1

Firstly, we need to create a VPC. To do this, navigate to VPC > Your VPCs > Create VPC. Now we have a really fun tool to create a VPC with subnets and everything else we will need to create the foundations of our 3 tier architecture. Click on VPC, subnets, etc. Then you can name your VPC and have it auto-generate name tags for all associated resources.

Next, we need to scroll down, and you can choose which resources you want to create with the VPC. I chose 2 availability zones with 2 public subnets and 4 private subnets. I chose to have 1 NAT gateway per availability zone to provide access to the private subnets. Be aware that there is a charge for NAT Gateways. For the VPC endpoint, I chose none. Then click on Create VPC.

Follow the image above to configure your VPC

VPC Flowchart

It will take about five minutes to create the VPC workflow. When it is finished, it will look like the image below.

Go to your Subnets to check that you have 6 subnets total; 4 private and 2 public. To do the project's next step, you must click on the public subnets you created and change the settings of “Auto-assign public IPv4 address”. To change this setting, click on Actions > Edit subnet settings > Enable auto-assign public IPv4 address and then hit Save. Do this for both of your public subnets.

Step 2

Now we will work on our Web tier. Navigate to the EC2 Dashboard > Auto Scaling Groups > Create Auto Scaling group. Here you will name your Auto Scaling group for the public EC2 instances we will create. Then click on Create a launch template.

You will name your public launch template here and choose the AMI and instance type. I chose Amazon Linux and t2.micro. Specify your key pair. Then under Network Settings, we will create a security group to allow HTTP and SSH access to our instances in the public subnets.

Navigate down, and under Advanced Details, I will add bootstrap to the User Data textbox. The bootstrap will install an Apache web server on our instances and provision a webpage with a script. See bootstrap below:

yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo "<html><body><h1>Welcome to the 3 Tier Architecture</h1></body></html>" > /var/www/html/index.html

Click Create launch template.

Secondly, Go back to Auto Scaling Groups, and your new launch template will populate as an option. Next, you will choose launch options. Select the VPC you created and select the 2 public subnets.

Hit the Next button; we will leave the defaults on the next screen and hit Next again. We’ll be brought to a spot where we can configure our Group size. For this project, we will use the desired capacity of 2, a minimum of 2, and a maximum of 5. Leaving the rest of the settings on default, we will hit Next on each screen until we get to the Review page or click Skip to review. If everything looks good, we’ll finish by selecting Create Auto Scaling group.

If we go over to our instances, we should have 2 running in 2 Availability zones.

To confirm that the instance is running with a webpage, grab the IPv4 address and paste it into your browser.

Great! It worked, and we have completed the first tier.

Step 3

Now on to the Application tier. In this section, we will put EC2 instances, via an Auto Scaling group, into 2 private subnets. Note that this is not a true application tier, as we don’t have any provided code to run on the EC2 instances.

Navigate to Create launch template. I will use the same AMI and instance type as the previous launch template. Associate a key pair, and then we will create a security group. This time since these are private subnets, we will want only to allow access from our web tier security group and to SSH. As shown below.

We can now create the launch template. Then in ASG, choose the new template we just created. Click Next and choose launch options. Choose the correct VPC, and this time, choose 2 private subnets to launch our instance.

Use the same configuration as the web tier ASG and create your auto scaling group. You will now have 2 Auto Scaling groups,

Let's confirm if we now have 4 instances, two for private subnet and two for public subnet.

We will attempt to ping a private subnet from the private subnets to verify if we can access the private subnet from the command line. You can do this by grabbing the public IPv4 of one of your public instances and SSH into the instance. You may need to add your key pair when you SSH.

But I used EC2 Instance connect for this tutorial to ping my private subnet from my ipv4 public subnet.

It returned an amount which shows it was successful. Great! we have completed the application tier; it worked and communicated with the web tier.

Step 4: Setup the Database Tier

Finally, we will design the database tier. This is the tier where the information processed by our application will be stored and managed. For this project, we will select RDS (Relational Database Service). RDS is a collection of managed services that simplify setting up, operating, and scaling.

For our 3rd and final tier, we will add a database to the private subnets. In the AWS console, navigate to Amazon RDS. From the dashboard, click on Subnet groups > Create DB subnet group. Here we will create a new subnet group. Name it and select your VPC.

I will create a Multi-AZ DB instance by choosing both Availability zones to provide higher availability and data redundancy. Be sure to choose the private subnets you have not used yet, that do not contain EC2 instances. Then create the group.

Navigate back to the RDS dashboard and click Create Database. Select Standard create and MySQL.

For the template, I chose the Free tier. Under Settings, keep them default but add a Master password for your admin. Save the password for use later. For Instance, configuration and Storage keep the default.

Under Connectivity, select your VPC and the subnet group you just created. For Public access, choose “no” since this is a Private database and will only be accessible from inside the VPC. Then click to create a security group.

Click Create Database! After a moment, your database will be created. Click on it and scroll to Connectivity and security. We must edit our security group to allow inbound access from the application tier. To do this, click on your database security group.

This will bring you to Security groups. Here you can edit the inbound rules.

Change the source to your application tier security group and hit save.

Click on save rules!

All 3 tiers are up and running! Congratulate yourself on creating a 3 tier architecture. Now delete all the architectures so we won’t be charged. Thank you for reading my article.



Abidoye Joshua mayowa

DevOps Engineer. I'm interested in collaborating with anyone interested in cloud engineer or cloud DevOPs.