Before laying bricks in our Lego city, we need a blueprint. Architecture design is the foundation of any real‑world Terraform project. In this chapter, we’ll plan a 3‑tier application infrastructure defining networking, compute, database, and load balancing layers. This design ensures scalability, security, and high availability.

Key Concepts

1. Three‑Tier Architecture Overview

• Presentation Layer (Web):
  • Public EC2 instances behind a load balancer.
  • Handles user requests.
• Application Layer (App):
  • Private EC2 instances with auto‑scaling.
  • Processes business logic.
• Data Layer (DB):
  • RDS instance in private subnet.
  • Stores persistent data securely.

2. Networking Design

• VPC: Single VPC with CIDR block (e.g., 10.0.0.0/16).
• Subnets:
  • Public subnets for web tier.
  • Private subnets for app and DB tiers.
• Gateways:
  • Internet Gateway for public access.
  • NAT Gateway for private instances to access updates.
• Security Groups:
  • Web SG → allow HTTP/HTTPS.
  • App SG → allow traffic only from Web SG.
  • DB SG → allow traffic only from App SG.

3. Compute Layer

• EC2 Instances:
  • Web tier → small instances, auto‑scaling.
  • App tier → medium instances, auto‑scaling.
• Launch Templates: Ensure consistent configuration.
• User Data Scripts: Bootstrap servers with app code.

4. Database Layer

• Amazon RDS: MySQL/PostgreSQL.
• Multi‑AZ Deployment: High availability.
• Backups & Parameters: Automated backups, tuned parameters.
• Private Subnet Placement: No direct internet access.

5. Load Balancer Layer

• Application Load Balancer (ALB):
  • Distributes traffic across web tier.
  • Health checks for resilience.
• Target Groups: Web tier instances.
• Listeners: HTTP/HTTPS.

6. Environment Separation

• Workspaces: dev, staging, prod.
• Variables: Different instance sizes, replica counts, and DB parameters per environment.

Hands‑On Lab / Demo

Lab: Architecture Planning

1. Draw architecture diagram: VPC → Subnets → EC2 → RDS → ALB.
2. Define CIDR blocks and subnet ranges.
3. Map security group rules.
4. Document environment differences (dev vs prod).

Pro Tips & Best Practices

• Always design networking first—it’s the backbone.
• Keep tiers isolated with security groups.
• Use auto‑scaling for resilience.
• Place DB in private subnet for security.
• Document architecture before coding.

Summary & Cheatsheet

• 3‑Tier = Web + App + DB.
• Networking: VPC, subnets, gateways, security groups.
• Compute: EC2 with auto‑scaling.
• Database: RDS in private subnet.
• Load Balancer: ALB for high availability.
• Workspaces: Separate environments.

Quick mnemonic: Web → App → DB → Balanced

The Hackers Notebook

Architecture design is the blueprint of your Terraform project. By defining networking, compute, database, and load balancing layers, you ensure scalability, security, and resilience.