Three-Tier AWS Architecture

🌐 Internet

↓

AWS Region: ap-southeast-1

🚪 Internet Gateway

Provides internet access to VPC resources

VPC (10.1.0.0/16)

Public Subnet (10.1.1.0/24) - AZ-1a

🖥️ Public EC2 Instance

Web Server (Presentation Tier)

• Amazon Linux 2023 (t2.micro)

• Apache HTTP Server

• Frontend Application

• Reverse Proxy to Backend

• Ports: 80, 443, 22

🔄 NAT Gateway

Outbound internet access for private resources

• Elastic IP attached

↓

Private Subnet (10.1.2.0/24) - AZ-1b

⚙️ Private EC2 Instance

Application Server (Logic Tier)

• Amazon Linux 2023 (t2.micro)

• Python Flask Application

• PostgreSQL Client

• API Endpoint (Port 5000)

• Business Logic Processing

↓

Private Subnet 2 (10.1.3.0/24) - AZ-1c

🗄️ Aurora PostgreSQL Serverless v2

Database Server (Data Tier)

• Engine Version: 15.4

• Auto-scaling: 0.5-1 ACU

• Database: abacus_game

• Port: 5432

• Multi-AZ Deployment

📦 S3 Bucket: three-tier-web-app-satya

• /frontend/ - Static web files

• /backend/ - Python application code

• /database/ - SQL schema files

🔒 Security Groups

Public Security Group

HTTP: 80 (0.0.0.0/0)
HTTPS: 443 (0.0.0.0/0)
SSH: 22 (0.0.0.0/0)
ICMP: All (0.0.0.0/0)

Private Security Group

API: 5000 (10.1.1.0/24)
Alt Port: 8000 (10.1.1.0/24)
SSH: 22 (10.1.1.0/24)
ICMP: All (10.1.1.0/24)

RDS Security Group

PostgreSQL: 5432
Source: Private SG only
Encrypted connections
No outbound rules

📊 Infrastructure Stats

Availability Zones

EC2 Instances

Aurora Cluster

Security Groups

S3 Bucket

99.9%

Availability SLA

🏗️ Three-Tier AWS Architecture