🏛️
3-Tier Architecture
ALB → EC2 web tier → EC2 app tier → RDS. Fully separated presentation, logic, and data layers.
What you can build with this
Separate your web frontend (Nginx serving HTML/React), business logic API (Node.js/Python), and database onto dedicated servers. Each tier scales independently. The internet can only reach the web tier — the API servers and database have no public access.
Deployment timing
After you run the deploy command, resources come online at different times. Check the validation steps in order.
| Resource | Ready in |
|---|---|
| Networking resources | 1–2 min |
| Web tier EC2 | 2–4 min |
| App tier EC2 | 2–4 min |
| RDS Database | 5–10 min |
| Traffic serving | After you deploy both apps and the load balancer health check passes |
DNS / Certificate note: Only the load balancer is internet-facing — the app tier EC2 and RDS have no public IPs. Point your domain's Route53 A record to the load balancer DNS name.
CloudFormation parameters
These are the values you will fill in when deploying the exported template. Changing these does not break the template — that is the point.
| Parameter | What to provide | Example |
|---|---|---|
| KeyPairName | EC2 key pair for SSH | my-keypair |
| WebInstanceType | Web tier server size | t3.small |
| AppInstanceType | App tier server size | t3.medium |
| DbPassword | Database admin password | SecurePass123! |
| AcmCertificateArn | HTTPS certificate ARN | arn:aws:acm:... |