A 3-tier Architecture In VPC

PreviousAuto-scaling Implementation NextArchitecture

Last updated 5 years ago

Was this helpful?

A 3-tier Architecture In VPC

Purpose

To Implement a webserver and a MySQL in VPC
- Create a VPC and attach it to 1 public Subnet and 1 private Subnet
- Create a webserver in the public Subnet
- Create a NAT Gateway/instance for all private Subnets in the VPC to get Internet traffic
- Create a MySQL server in the private Subnet, and make it accessible under public Subnet only

Steps

Create a VPC
- Give VPC name, IPV4 CIDR block
- Once created, a default Route Table, a default Network ACL, a default Security Group are given
Create 2 Subnets (1 public Subnet and 1 private Subnet)
- Give Subnet name, VPC ampping, AZ mapping, IPV4 CIDR block
- Select the public Subnet -> Subnet Actions -> Modify auto-assign IP asettings -> Enable auto-assign IPV4 addresse
Attach a Internet Gateway to VPC
- Give Internet Gateway name
- Attach it to the created VPC
Create a custom Route Table
- Give Route Table name, VPC mapping
- Create a route out
  - Tab "Routes" -> Edit -> Add another route, add Destination: "0.0.0.0/0", Target: ${internet_gateway_name} -> save
- Set Subnet association
  - Tab "Subnet Association" -> Edit -> Add Subnets associations -> choose 1 Subnet to make it public -> save
- Not to modify the main Route Table directly is a practice for security. When creating new Subnets, they will be associated to the main Route Table.
in the public Subnet
- At "Congifure Instance Details", to choose the custom VPC and Subnet
- Create a Security Group for webserver
Create a NAT, there are two ways:
1. Create a NAT Gateway (recommended)
  - Create NAT Gateway under the public Subnet and create new EIP to get a dynamic IP
  - Select the main Route Table of the VPC -> tab Routes -> Edit -> to add Destincation: 0.0.0.0/0, Target: ${nat_gateway}
2. Create a NAT instance
  - Create EC2 instance with AMI in Community AMIs that filtered with keyword: nat
  - Put it under public Subnet of the VPC, and specify a Security Group freely.
  - Once the instance is running, Actions -> Networking -> Change Source/Desc. Check to disable source/destination check
  - Select the main Route Table of the VPC -> tab Routes -> Edit -> to add Destincation: 0.0.0.0/0, Target: ${nat_instance}
Create a MySQL in the private Subnet
- Create a Security Group
  - Give name, VPC mapping
  - Add Rule for SSH, MySQL/Aurora, All ICMP (for pinging), set source: ${public_subnetc_cidr}
  - Install MySQL
    $ yum install mysql -y

PreviousAuto-scaling Implementation NextArchitecture

Last updated 5 years ago

Was this helpful?

Purpose

To Implement a webserver and a MySQL in VPC
- Create a VPC and attach it to 1 public Subnet and 1 private Subnet
- Create a webserver in the public Subnet
- Create a NAT Gateway/instance for all private Subnets in the VPC to get Internet traffic
- Create a MySQL server in the private Subnet, and make it accessible under public Subnet only

Steps

Create a VPC
- Give VPC name, IPV4 CIDR block
- Once created, a default Route Table, a default Network ACL, a default Security Group are given
Create 2 Subnets (1 public Subnet and 1 private Subnet)
- Give Subnet name, VPC ampping, AZ mapping, IPV4 CIDR block
- Select the public Subnet -> Subnet Actions -> Modify auto-assign IP asettings -> Enable auto-assign IPV4 addresse
Attach a Internet Gateway to VPC
- Give Internet Gateway name
- Attach it to the created VPC
Create a custom Route Table
- Give Route Table name, VPC mapping
- Create a route out
  - Tab "Routes" -> Edit -> Add another route, add Destination: "0.0.0.0/0", Target: ${internet_gateway_name} -> save
- Set Subnet association
  - Tab "Subnet Association" -> Edit -> Add Subnets associations -> choose 1 Subnet to make it public -> save
- Not to modify the main Route Table directly is a practice for security. When creating new Subnets, they will be associated to the main Route Table.
in the public Subnet
- At "Congifure Instance Details", to choose the custom VPC and Subnet
- Create a Security Group for webserver
Create a NAT, there are two ways:
1. Create a NAT Gateway (recommended)
  - Create NAT Gateway under the public Subnet and create new EIP to get a dynamic IP
  - Select the main Route Table of the VPC -> tab Routes -> Edit -> to add Destincation: 0.0.0.0/0, Target: ${nat_gateway}
2. Create a NAT instance
  - Create EC2 instance with AMI in Community AMIs that filtered with keyword: nat
  - Put it under public Subnet of the VPC, and specify a Security Group freely.
  - Once the instance is running, Actions -> Networking -> Change Source/Desc. Check to disable source/destination check
  - Select the main Route Table of the VPC -> tab Routes -> Edit -> to add Destincation: 0.0.0.0/0, Target: ${nat_instance}
Create a MySQL in the private Subnet
- Create a Security Group
  - Give name, VPC mapping
  - Add Rule for SSH, MySQL/Aurora, All ICMP (for pinging), set source: ${public_subnetc_cidr}
  - Install MySQL
    $ yum install mysql -y