Definition of the 3-Tier Architecture:
- Presentation Layer (Web Tier): Public-facing application servers
- Application Layer (App Tier): Private compute layer for business logic.
- Data Layer (DB Tier): Managed database service
This module demonstrates the 3-tier architecture using Terraform in an AWS environment by creating the following:
-
Networking Layer
- One VPC with 3 types of subnets
- Public - for the Web Tier
- Private - for the App Tier
- Databases - dedicated subnets for the RDS DB
- The number of subnets is configurable through the parameter nr_az (number of availability zones)
- One Internet Gateway from the whole VPC
- One NAT gateway in first availability zone
- One VPC with 3 types of subnets
-
The Security Groups and Security Group rules necessary to have a secure environment:
- The security group for web tier servers accepts HTTP and HTTPS requests from everywhere as inbound and allows outbound only to application servers.
- The security group for the application servers accepts requests from the web servers' security group as inbound and allows outbound to the DB only.
- The security group for the RDS database accepts connections only from application servers.
-
Web Tier:
- Create an Application Load Balancer that forwards requests received from the Internet to an auto-scaling group for the web servers.
- Redirect HTTP requests to HTTPS
- Create a launch template and auto-scaling group for the web servers.
-
App Tier:
- Create an Application Load Balancer that forwards requests received from the web servers to an auto-scaling group for the application servers.
- Create a launch template and auto-scaling group for the application servers.
-
Database Tier:
- Create a MySQL RDS database to be used by the application servers.
This Terraform code uses:
- modules created and maintained by Terraform community
- a custom module for security groups, which is easier to use than the community Terraform module
- direct AWS resources creation