A 3-tier Architecture In VPC

Purpose

  • To Implement a webserver and a MySQL in VPC

    • Create a VPC and attach it to 1 public Subnet and 1 private Subnet

    • Create a webserver in the public Subnet

    • Create a NAT Gateway/instance for all private Subnets in the VPC to get Internet traffic

    • Create a MySQL server in the private Subnet, and make it accessible under public Subnet only

Steps

  • Create a VPC

    • Give VPC name, IPV4 CIDR block

    • Once created, a default Route Table, a default Network ACL, a default Security Group are given

  • Create 2 Subnets (1 public Subnet and 1 private Subnet)

    • Give Subnet name, VPC ampping, AZ mapping, IPV4 CIDR block

    • Select the public Subnet -> Subnet Actions -> Modify auto-assign IP asettings -> Enable auto-assign IPV4 addresse

  • Attach a Internet Gateway to VPC

    • Give Internet Gateway name

    • Attach it to the created VPC

  • Create a custom Route Table

    • Give Route Table name, VPC mapping

    • Create a route out

      • Tab "Routes" -> Edit -> Add another route, add Destination: "0.0.0.0/0", Target: ${internet_gateway_name} -> save

    • Set Subnet association

      • Tab "Subnet Association" -> Edit -> Add Subnets associations -> choose 1 Subnet to make it public -> save

    • Not to modify the main Route Table directly is a practice for security. When creating new Subnets, they will be associated to the main Route Table.

  • Create a web server in the public Subnet

    • At "Congifure Instance Details", to choose the custom VPC and Subnet

    • Create a Security Group for webserver

  • Create a NAT, there are two ways:

    1. Create a NAT Gateway (recommended)

      • Create NAT Gateway under the public Subnet and create new EIP to get a dynamic IP

      • Select the main Route Table of the VPC -> tab Routes -> Edit -> to add Destincation: 0.0.0.0/0, Target: ${nat_gateway}

    2. Create a NAT instance

      • Create EC2 instance with AMI in Community AMIs that filtered with keyword: nat

      • Put it under public Subnet of the VPC, and specify a Security Group freely.

      • Once the instance is running, Actions -> Networking -> Change Source/Desc. Check to disable source/destination check

      • Select the main Route Table of the VPC -> tab Routes -> Edit -> to add Destincation: 0.0.0.0/0, Target: ${nat_instance}

  • Create a MySQL in the private Subnet

    • Create a Security Group

      • Give name, VPC mapping

      • Add Rule for SSH, MySQL/Aurora, All ICMP (for pinging), set source: ${public_subnetc_cidr}

      • Install MySQL

        $ yum install mysql -y
PreviousAuto-scaling ImplementationNextArchitecture

Last updated