Three-Tier AWS Architecture

Presentation, application, and data tiers deployed inside AWS Region ap-southeast-1.

AWS Architecture View
Three-tier AWS architecture diagram showing user traffic through Internet Gateway, web EC2, application EC2, Aurora PostgreSQL, NAT Gateway, S3 bucket, and security groups

How traffic flows when a user accesses the application

  1. User sends HTTPS request The user opens the application in a browser. The request travels through the Internet and enters AWS through the Internet Gateway attached to the VPC.
  2. Request reaches the Web / Presentation Tier The public EC2 instance in the public subnet receives the request on HTTP/HTTPS. Apache serves frontend content and forwards dynamic API requests to the backend.
  3. Web tier forwards API call to Application Tier The web server acts as a reverse proxy and sends backend requests to the private EC2 application server running the Python Flask application on port 5000.
  4. Application Tier queries the Database Tier The Flask application processes business logic and connects to Amazon Aurora PostgreSQL Serverless v2 on port 5432 to read or write application data.
  5. Response returns to the user Aurora returns data to the application server, the application server sends the processed result back to the web server, and the web server returns the final HTTPS response to the user's browser.
Security note: Only the web tier is public-facing. The application and database tiers remain in private subnets, and access between tiers is controlled using security groups.