Giters

gakas14 / AWS-3-Tier-Web-App

This template installs a highly-available, scalable Nginx webservers using a multi-az Amazon RDS database instance for storage.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

3tierappaurora-mysqlaws-cloudformationec2-instancenatgateway

AWS-3-Tier-Web-App

This template installs a highly available, scalable Nginx webserver using a multi-az Amazon RDS database instance for storage.

I. Create a s3 bucket and an IAM role

  • S3 bucket
Screen Shot 2023-12-05 at 12 27 48 PM

  • IAM role with AmazonSSMManagedInstanceCore and AmazonS3ReadOnlyAccess. These policies will allow our instances to download our code from S3 and use Systems Manager Session Manager to securely connect to our instances without SSH keys through the AWS console.

    Screen Shot 2023-12-05 at 12 28 02 PM

II. Networking

  1. VPC

    Screen Shot 2023-12-05 at 12 28 48 PM

  2. Subnets:

    • 6 subnets:
    • Public-Web-Subnet-AZ-1, Private-App-Subnet-AZ-1, Private-DB-Subnet-AZ-1, Public-Web-Subnet-AZ-2, Private-App-Subnet-AZ-2, Private-DB-Subnet-AZ-2.
Screen Shot 2023-12-05 at 12 27 22 PM
  1. Route Tables
Screen Shot 2023-12-05 at 12 31 28 PM

  1. Internet Gateway:

    • Attach the internet gateway to the vpc
    Screen Shot 2023-12-05 at 12 29 42 PM

  2. NAT gateway:

    • create two NAT Gateway in the two public az
    Screen Shot 2023-12-05 at 12 30 04 PM

  3. Security Groups: 5 security groups

    • The first security group you’ll create is for the public, internet-facing load balancer. After typing a name and description, add an inbound rule to allow HTTP-type traffic for your IP.
    • The second security group you’ll create is for the public instances in the web tier. After typing a name and description, add an inbound rule that allows HTTP-type traffic from your internet-facing load balancer security group you created in the previous step. This will allow traffic from your public-facing load balancer to hit your instances. Then, add an additional rule allowing HTTP-type traffic for your IP. This will allow you to access your instance when we test.
    • The third security group will be for our internal load balancer. Create this new security group and add an inbound rule that allows HTTP-type traffic from your public instance security group. This will allow traffic from your web tier instances to hit your internal load balancer.
    • The fourth security group we’ll configure is for our private instances. After typing a name and description, add an inbound rule allowing TCP-type traffic on port 4000 from the internal load balancer security group you created in the previous step. Our app tier application is running on this port, allowing our internal load balancer to forward traffic on this port to our private instances. You should also add another route for port 4000 that allows your IP for testing.
    • The fifth security group we’ll configure protects our private database instances. For this security group, add an inbound rule that will allow traffic from the private instance security group to the MYSQL/Aurora port (3306).

III. Deploy Database Layer

  1. Subnet Groups
Screen Shot 2023-12-05 at 12 51 57 PM
  1. Multi-AZ Database
Screen Shot 2023-12-05 at 12 52 16 PM

About

This template installs a highly-available, scalable Nginx webservers using a multi-az Amazon RDS database instance for storage.

3tierappaurora-mysqlaws-cloudformationec2-instancenatgateway