Open in app

Sign in

Write

Sign in

Build Multi-tier Architecture on AWS from Scratch (Wordpress Apps)

Ari Sukarno
9 min readFeb 22, 2022

--

What is Multi-tier Apps?

A multi-tier application is any application developed and distributed among more than one layer. It logically separates the different application-specific, operational layers. The number of layers varies by business and application requirements, but three-tier is the most commonly used architecture. A multi-tier application is used to divide an enterprise application into two or more components that may be separately developed and executed. In general, the tiers in a multi-tier application include the following:

a. Presentation Tier: User interface and application access services.

b. Application Processing Tier: Core business or application logic.

c. Data Tier: Holds and manages data that is at rest, this allows each component/tier to be separately developed, tested, executed and reused.

Architecture System

It will be a long step for you, but so interesting.. i suggest you to prepare your coffee and enjoy this Lab :)

Step by step:

  1. Create VPC with the subnet, internet gateway etc
  • Create VPC with the IP 10.10.0.0/16
  • Internet gateway (one VPC just can attach one IGW)
  • Create NAT Gateway

NAT is used for connecting the private subnet to the internet and it will be attach to the Public Subnet. Usually NAT attach with a elastic IP also.

  • Route Table, private via NAT and public via Internet Gateway.
  • Four Subnet Public and Private with the route table: private via NAT and public via Internet Gateway.

2. Create Instance with User Data (install httpd, wget and php)

  • VPC Configuration
  • User data

3. Create IAM Role for access instance to the RDS and S3

4. Attach IAM Role to the EC2 instance

5. Create SNS Topic and Subscription

  • SNS Topic
  • Subscription

6. Create RDS Instance

  • Choose the DB engine as Mysql with version 5.x.x (cause above of that the RDS cannot be access via EC2 Instance)
  • Setup the username and password
  • Choose the VPC and security group (you have to create first, for open the port 3306 and allow the source just from secgroup EC2 instance)

7. Install Wordpress

  • Connect to the EC2 instance and run this command
sudo cd /var/www/htmlsudo wget https://wordpress.org/latest.tar.gzsudo tar -xzvf latest.tar.gx
  • -x : indicate to extract
  • -z : for extracting (gzi, ungzip, gunzip)
  • -v : will show the result of extract
  • -f : use archive file
cd wordpresssudo mv * /var/www/htmlsudo nano /etc/httpd/conf/httpd.conf

change the AllowOverride None to All

sudo chown -R apache:apache /var/wwwsudo restart httpd

Try to acces your public ip address of the EC2 instance, it should open the wordpress configuration.

TIPS: if you have problem with PHP version? run this command below:

sudo amazon-linux-extras | grep phpsudo amazon-linux-extras enable php7.4sudo yum clean metadatasudo yum install php php-{pear,cgi,common,curl,mbstring,gd,mysqlnd,gettext,bcmath,json,xml,fpm,intl,zip,imap}

8. Setup the database on RDS

  • Connect to the RDS and Create empety new database
  • Open the IP Public of the Instance and it will be configure the wordpress instalation
  • Fill the database name, username, password as you create in RDS. Then for database host you can fill the RDS Endpoint. After that click submit and then Run Instalations
  • Finish instalation
  • Login to Wordpress
  • Wordpress is ready!

9. Configure the Route53

  • Setup Nameserver, copy the value of NS
  • Paste the NS to the NS on DNS Management(in here I use domainesia) see the notice that you have to wait for long time for DNS propagation(be patient)
  • This is the full configuration of Route53 until this step
  • Check the DNS record from command line on EC2
  • Wordpress is already access with Route53!

Until this step the apps already receieve the traffic from user, but in our architecture we will create Auto Scaling Group (ASG) so it automatically scaling-out and scaling-in based on the traffic. For creating the ASG follow the next step.

10. Create AMI from the instance

11. Create the certificate SSL using AWS Certificate Manager, so the wordpress will be access securely.

12. Setup the Elastic Load Balancer (ELB), in here using Classic Load Balancer (it can be direct to the EC2 classic and TLS Certificate)

  • Setup the VPC
  • Add the public subnet
  • Configure the Security Group (open port 80)
  • Configure the Health Check (open the TCP port 80)
  • Add the instances would like be running on ELB and Create.

13. Create the launch configuration

  • Configure the AMI, IAM Role and Secgroup
setup AMI and Instance Type
IAM Role
Security Group (choose from the secgroup of the instance)

14. Create ELB from the Launch Configuration

  • Setup the ELB
instance launch template
  • Attach the ELB
  • Configure the group size and scaling policies
group size instance
  • You can add the policie of the instance scaling
scaling policies
  • Create Notification and Create
  • You can see the resul of the Auto Scaling Group (2 Instance)
Status ASG
ELB Instances

NOTE: As you can see that the List Instance in ELB is InService, if thereis an OutOfService you can troubleshoot with 3 things:

  • Check the instance is already running or not
  • Check the security group of the instance (open to port 80 or not, it based on the port of healt check configuration in ELB)
  • Check the service of http using command service httpd status , you can ssh the instance directly or JumpServer(create the privateKey, change permission by 400, and ssh with private key)
SSH using JumpServer
Instance
  • Now you can acces you site using the DNS of the ELB

15. Testing for the ASG

  • Delete one of the instance
  • It will be create new instance and send the notif to email
New Instance
  • You can see the notification in Email
Notification Termination and Launch

16. Setup the DNS route directly to the ELB Endpoint

  • Configure the DNS

Note: now the domain arisukarno.xyz will be direct to the ELB Endpoint.

17. Custom monitoring using Cloud Watch, some you have instance maybe running independently or it not cover by ELB configuration for monitoring.

  • Create Rule for the Cloud Watch
  • Stop the independenly instance
  • You will get the notifications

18. Next is concern on Security, by default the instance that will be created without public IP and this is the best practice to increase the security.

Note: Connect to the instance using VPN Server, I have already making article about this topic see in https://medium.com/@arisukarno/connect-ec2-instances-through-vpn-d69de6f35e6d

19. Configure the security group

  • Secgroup of the Instance, SSH just source from secgroup VPN server (in here not configure) and HTTP just from the secgroup ELB.
Secgroup of the ELB Instance
  • Secgroup of the RDS just open from secgroup web server

20. Configure HTTPS of the instance ELB (you have to create certificate SSL first by your own or from AWS Certificate Manager)

  • Goto the listener, change the protocol to HTTPS and change the SSL Certificate
  • Choose from the ACM (in here, my certificate is not ready or pending), if you have the certificate you can choose you certificate. (don’t forget for change the secgroup of the instance it’s self for open the port 443).

Okey, until this step the wordpress Apps only will be direct to the port 443 or with SSL certificate so our site is secure.

Hufftt!… long step yeachh, cause we create from scratch :) Hope this useful for you, have a good day!

Source:

AWS
Aws Architect
WordPress

--

--

Ari Sukarno
Ari Sukarno

Written by Ari Sukarno

25 Followers
6 Following

Cloud / DevOps / Site Reliability Engineer Things

Responses (1)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams