Multi-Tier Web Application#
A classic 3-tier architecture with VPC, EC2, ALB, RDS, and ElastiCache — the foundation for most production web applications on AWS.
Architecture Overview#
┌─────────────────┐
│ Route53 │
│ (DNS) │
└────────┬────────┘
│
┌────────▼────────┐
│ CloudFront │
│ (CDN + WAF) │
└────────┬────────┘
│
┌────────▼────────┐
│ ALB (HTTPS) │
│ ┌──┬──┬──┬──┐ │
└──┴──┴──┴──┴──┘──┘
│
┌────────────────────┼────────────────────┐
│ │ │
┌────────▼────────┐ ┌────────▼────────┐ ┌────────▼────────┐
│ EC2 (Web) │ │ EC2 (Web) │ │ EC2 (App) │
│ Auto Scaling │ │ Auto Scaling │ │ Auto Scaling │
│ Group (AZ-A) │ │ Group (AZ-B) │ │ Group (AZ-A) │
└────────┬────────┘ └────────┬────────┘ └────────┬────────┘
│ │ │
└────────────────────┼────────────────────┘
│
┌──────────────┴──────────────┐
│ │
┌────────▼────────┐ ┌─────────▼─────────┐
│ RDS (Aurora) │ │ ElastiCache │
│ Multi-AZ │ │ (Redis) │
│ Read Replica │ │ Cluster Mode │
└─────────────────┘ └───────────────────┘Services Used#
| Service | Purpose | Configuration |
|---|---|---|
| Route53 | DNS routing & failover | Alias record to CloudFront, health checks |
| CloudFront | CDN, SSL termination, WAF | Geo-restriction, custom origin, HTTPS only |
| WAF | Web application firewall | SQL injection & XSS protection rules |
| ALB | Load balancing (Layer 7) | Path-based routing, sticky sessions, SSL termination |
| EC2 | Web & application servers | Amazon Linux 2, t3.medium, latest generation |
| Auto Scaling | Compute elasticity | Target tracking (CPU 70%), min=2, max=10 |
| RDS Aurora | Relational database | Multi-AZ, 1 read replica, automated backups |
| ElastiCache Redis | Session caching & DB query cache | Cluster mode, 2 shards, 1 replica per shard |
| S3 | Static assets, logs | Lifecycle policy, server access logs |
Key Design Decisions#
| Decision | Rationale |
|---|---|
| Multi-AZ deployment | Ensures high availability — if one AZ fails, traffic routes to the other |
| ALB over NLB | Path-based routing needed for /api/* vs /* routing; Layer 7 features |
| Aurora over RDS MySQL | 5x better throughput, auto-scaling storage, faster failover |
| ElastiCache for sessions | Offloads session state from EC2, enabling stateless web servers |
| CloudFront in front of ALB | DDoS protection, SSL termination at edge, reduced ALB load |
| Auto Scaling with min=2 | Always have at least 2 instances across 2 AZs |
Real-World Use Case#
Scenario: An e-commerce platform expecting 100K daily users with traffic spikes during sales events.
How this architecture handles it:
- Normal traffic: 2 web + 2 app servers handle the load comfortably
- Flash sale: Auto Scaling adds 5-8 more instances within minutes
- Database: Aurora read replica handles reporting queries, reducing load on primary
- Cache: Redis caches product catalog, reducing DB reads by 80%
- CDN: CloudFront caches static assets (images, CSS, JS), offloading 90% of requests
Deployment (Terraform)#
# Main VPC
module "vpc" {source = "terraform-aws-modules/vpc/aws"
cidr = "10.0.0.0/16" azs = ["us-east-1a", "us-east-1b"] private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] enable_nat_gateway = true }
# ALB
resource "aws_lb" "main" {name = "web-alb" internal = false load_balancer_type = "application" security_groups = [aws_security_group.alb.id] subnets = module.vpc.public_subnets }
# Auto Scaling Group
resource "aws_autoscaling_group" "web" {vpc_zone_identifier = module.vpc.private_subnets min_size = 2 max_size = 10 desired_capacity = 2 target_group_arns = [aws_lb_target_group.web.arn] }Cost Estimate (Monthly)#
| Service | Estimated Cost |
|---|---|
| EC2 (4 t3.medium instances) | ~$120 |
| ALB | ~$22 |
| RDS Aurora (db.r5.large) | ~$300 |
| ElastiCache (cache.r5.large) | ~$150 |
| NAT Gateway | ~$32 |
| Data transfer | ~$50 |
| Total | ~$674/month |
✅ Key Exam Takeaways#
- ALB + Auto Scaling = the standard for highly available web apps
- Always use Multi-AZ for production databases
- CloudFront + WAF protects against common attacks and reduces origin load
- ElastiCache is critical for performance — exam questions often test this
- Stateless EC2 + external session store = proper horizontal scaling