![[The AI Show Episode 145]: OpenAI Releases o3 and o4-mini, AI Is Causing “Quiet Layoffs,” Executive Order on Youth AI Education & GPT-4o’s Controversial Update](https://www.marketingaiinstitute.com/hubfs/ep%20145%20cover.png)
![[DEALS] Microsoft 365: 1-Year Subscription (Family/Up to 6 Users) (23% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![From Art School Drop-out to Microsoft Engineer with Shashi Lo [Podcast #170]](https://cdn.hashnode.com/res/hashnode/image/upload/v1746203291209/439bf16b-c820-4fe8-b69e-94d80533b2df.png?#)
![Re-designing a Git/development workflow with best practices [closed]](https://i.postimg.cc/tRvBYcrt/branching-example.jpg)
(1).jpg?#)
_Inge_Johnsson-Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![The Material 3 Expressive redesign of Google Clock leaks out [Gallery]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2024/03/Google-Clock-v2.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![What Google Messages features are rolling out [May 2025]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2023/12/google-messages-name-cover.png?resize=1200%2C628&quality=82&strip=all&ssl=1)
![New Apple iPad mini 7 On Sale for $399! [Lowest Price Ever]](https://www.iclarified.com/images/news/96096/96096/96096-640.jpg)
![Apple to Split iPhone Launches Across Fall and Spring in Major Shakeup [Report]](https://www.iclarified.com/images/news/97211/97211/97211-640.jpg)
![Apple to Move Camera to Top Left, Hide Face ID Under Display in iPhone 18 Pro Redesign [Report]](https://www.iclarified.com/images/news/97212/97212/97212-640.jpg)
![Apple Developing Battery Case for iPhone 17 Air Amid Battery Life Concerns [Report]](https://www.iclarified.com/images/news/97208/97208/97208-640.jpg)
Crafting a Scalable Three-Tier Architecture Demonstrating Blue-Green Deployment
Create a VPC We start by creating a VPC, Subnets, Internet Gateway and Route Tables. Below is how I allocated Ip Addresses to the VPC and each subnet. VPC 10.0.0.0/16 10.0.1.0/24 - public subnet1 10.0.2.0/24 - public subnet2 10.0.3.0/24 - private subnet1 10.0.4.0/24 - private subnet2 Create a Bastion Server Create a Bastion that can only be accessed via SSH from your device IP Address and launch it. This highly improves security of your architecture. Create the Database Security Group Create the security group from the DB port 3306 to both the public subnets then create another rule for SSH only from the Bastion server we earlier created. This allows SSH connection only from the Bastion server improving security of the DB server. Create a Database We start by creating a subnet group with the two private subnets we earlier created. Then we create an SQL database placing it in the subnet group we created. We created an extra private subnet just to use it to create a subnet group but for this project we only need one. Create a Control Server We will use the control server to test the connection to the database before we deploy the image. We will install php, php-mysqli and mysql-server on the control server. Establish Connection to the SQL Database through SQL Workbench We will now establish a connection to the database through the Bastion host we created. We will use MySQL Workbench to establish this connection. Test the database by add users and marking their attendance I added three users under the AWS SAA track and I was able to check their attendance. Generating the report is proof that the application is communicating with the database. Create an Image (AMI) of the Control Server We create an image of the control server. At this point we can get rid of the control server since we will only make use of the it's AMI. Create a launch template from the AMI We need a launch template since we can specify the launch configurations like security groups before we launch the instances from the image. Create a Target Groups This will allow us to route traffic to the instances we will create based on our rules. We will then edit the listener port, port 80 and allow both the two target groups to use the same port. Create an Autoscaling Group We will create the autoscaling group and attached then to the target groups we created. While creating the autoscaling group, we will specify the desired capacity as 3, minimum capacity as 2 and maximum capacity as 5. The instances should be created as shown below. To access the machines created, you will use the DNS of the load balancers. As shown with the DNS address below. We can also see that the records we took before creating the launch templates are also present. Create CloudWatch Alarms This will inform the instances when to add or delete using specified parameters. We will create two EC2 alarms by Autoscaling. We will use CPU Utilization as the preferred metrics from both. For high utilization the threshold will be 75% and for low the threshold will be 25%. We will enable dynamic scaling and enable simple scaling. This will use the threshold we defined above to add or remove instances. Demonstrate Blue-Green Deployment We can do this under load balancers. We edit listeners traffic flow in different targets. For instance, we are doing an update on Target-1, we will send all the traffic on target-2 and once we are done with the update we can send traffic to target-1. The now updated site. SNS Notification (Optional) You can also configure SNS notification to alert you on any threshold you go past. This will help during cost optimization since you will be able to monitor your cost. Conclusion Building a three-tier architecture with blue-green deployment in mind enhances scalability and security while minimizing downtime. This approach streamlines updates, ensuring a seamless user experience and effective use of resources.
Create a VPC
We start by creating a VPC, Subnets, Internet Gateway and Route Tables.
Below is how I allocated Ip Addresses to the VPC and each subnet.
VPC 10.0.0.0/16
10.0.1.0/24 - public subnet1
10.0.2.0/24 - public subnet2
10.0.3.0/24 - private subnet1
10.0.4.0/24 - private subnet2
Create a Bastion Server
Create a Bastion that can only be accessed via SSH from your device IP Address and launch it. This highly improves security of your architecture.
Create the Database Security Group
Create the security group from the DB port 3306 to both the public subnets then create another rule for SSH only from the Bastion server we earlier created. This allows SSH connection only from the Bastion server improving security of the DB server.
Create a Database
We start by creating a subnet group with the two private subnets we earlier created. Then we create an SQL database placing it in the subnet group we created.
- We created an extra private subnet just to use it to create a subnet group but for this project we only need one.
Create a Control Server
We will use the control server to test the connection to the database before we deploy the image.
We will install php, php-mysqli and mysql-server on the control server.
Establish Connection to the SQL Database through SQL Workbench
We will now establish a connection to the database through the Bastion host we created. We will use MySQL Workbench to establish this connection.
Test the database by add users and marking their attendance
I added three users under the AWS SAA track and I was able to check their attendance.
Generating the report is proof that the application is communicating with the database.
Create an Image (AMI) of the Control Server
We create an image of the control server. At this point we can get rid of the control server since we will only make use of the it's AMI.
Create a launch template from the AMI
We need a launch template since we can specify the launch configurations like security groups before we launch the instances from the image.
Create a Target Groups
This will allow us to route traffic to the instances we will create based on our rules.
We will then edit the listener port, port 80 and allow both the two target groups to use the same port.
Create an Autoscaling Group
We will create the autoscaling group and attached then to the target groups we created.
While creating the autoscaling group, we will specify the desired capacity as 3, minimum capacity as 2 and maximum capacity as 5.
The instances should be created as shown below.
- To access the machines created, you will use the DNS of the load balancers. As shown with the DNS address below. We can also see that the records we took before creating the launch templates are also present.
Create CloudWatch Alarms
This will inform the instances when to add or delete using specified parameters.
We will create two EC2 alarms by Autoscaling. We will use CPU Utilization as the preferred metrics from both. For high utilization the threshold will be 75% and for low the threshold will be 25%.
We will enable dynamic scaling and enable simple scaling.
This will use the threshold we defined above to add or remove instances.
Demonstrate Blue-Green Deployment
We can do this under load balancers. We edit listeners traffic flow in different targets.
For instance, we are doing an update on Target-1, we will send all the traffic on target-2 and once we are done with the update we can send traffic to target-1. The now updated site.
SNS Notification (Optional)
You can also configure SNS notification to alert you on any threshold you go past. This will help during cost optimization since you will be able to monitor your cost.
Conclusion
Building a three-tier architecture with blue-green deployment in mind enhances scalability and security while minimizing downtime. This approach streamlines updates, ensuring a seamless user experience and effective use of resources.
