Skip to main content
Nauman Munir
Back to Projects
PortfolioHealthcare TechnologyHigh Availability & Disaster RecoveryInfrastructure as Code

AWS 3-Tier Architecture for HealthTech Innovations

Deployed a secure AWS 3-tier architecture for a healthcare startup using Terraform, achieving 99.99% uptime, 30% cost reduction, and HIPAA compliance.

5 min read
HealthTech Innovations
4 months
6 DevOps Engineers
AWS 3-Tier Architecture for HealthTech Innovations

Technologies

AWS VPCAWS EC2AWS RDSAWS Application Load BalancerAWS Auto ScalingAWS NAT GatewayAWS Internet GatewayAWS Security GroupsAWS CloudWatchAWS IAMAWS KMSTerraform

Challenges

Scalability IssuesSecurity ComplianceManual Deployments

Solutions

High AvailabilitySecurityAutomation

Key Results

99.99% availability

uptime

200% during peak periods

traffic increase

30% infrastructure cost savings

cost reduction

50% faster deployments

deployment time reduction

AWS 3-Tier Architecture for HealthTech Innovations

At AMJ Cloud Technologies, we built a scalable and HIPAA-compliant AWS 3-tier architecture for HealthTech Innovations, a healthcare startup focused on patient management. Using Terraform, we delivered a secure, highly available platform to ensure uninterrupted access to critical patient data, positioning the startup for growth.

Situation

HealthTech Innovations required a cloud infrastructure to support its patient management platform, handling critical patient data with high availability and HIPAA compliance. The startup faced challenges with scalability, security, and manual deployments, which hindered performance and increased costs. They needed an automated, cost-effective solution to meet regulatory and operational demands.

Task

Our goal was to design and deploy an AWS 3-tier architecture using Terraform, spanning two Availability Zones (AZs). The architecture needed:

  • A VPC with public and private subnets for NAT Gateway, EC2 instances, and RDS databases.
  • High availability and disaster recovery mechanisms.
  • Secure, HIPAA-compliant communication between tiers.
  • Cost optimization and automated deployments.
  • Completion within four months.

Action

To meet HealthTech Innovations’ requirements, we implemented the following actions:

  1. Virtual Private Cloud (VPC) Configuration:

    • Created a VPC with CIDR 10.0.0.0/16 across us-east-1a and us-east-1b.

    • Defined public subnets (10.0.1.0/24, 10.0.2.0/24), private app subnets (10.0.3.0/24, 10.0.4.0/24), and private DB subnets (10.0.5.0/24, 10.0.6.0/24).

      provider "aws" {
  region = "us-east-1"
}
 
resource "aws_vpc" "main" {
  cidr_block = "10.0.0.0/16"
  tags = {
    Name = "healthtech-vpc"
  }
}
 
resource "aws_subnet" "public_subnet_1" {
  vpc_id            = aws_vpc.main.id
  cidr_block        = "10.0.1.0/24"
  availability_zone = "us-east-1a"
  tags = {
    Name = "public-subnet-1"
  }
}
 
resource "aws_subnet" "private_subnet_1" {
  vpc_id            = aws_vpc.main.id
  cidr_block        = "10.0.3.0/24"
  availability_zone = "us-east-1a"
  tags = {
    Name = "private-subnet-1"
  }
}
 
resource "aws_internet_gateway" "igw" {
  vpc_id = aws_vpc.main.id
  tags = {
    Name = "healthtech-igw"
  }
}
 
resource "aws_route_table" "public" {
  vpc_id = aws_vpc.main.id
  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.igw.id
  }
  tags = {
    Name = "public-route-table"
  }
}

  2. Public Subnet and NAT Gateway:

    • Deployed NAT Gateways in public subnets with Elastic IPs.

    • Configured route tables for private subnet traffic.

      resource "aws_nat_gateway" "nat_a" {
  allocation_id = aws_eip.nat_a.id
  subnet_id     = aws_subnet.public_subnet_1.id
}
 
resource "aws_eip" "nat_a" {
  vpc = true
}
 
resource "aws_route_table" "private_a" {
  vpc_id = aws_vpc.main.id
  route {
    cidr_block     = "0.0.0.0/0"
    nat_gateway_id = aws_nat_gateway.nat_a.id
  }
}

  3. Internet Gateway and Route Tables:

    • Attached an Internet Gateway to the VPC.
    • Configured public route tables for internet access.

  4. EC2 Instances in Application Tier:

    • Deployed EC2 instances in private app subnets with an Auto Scaling Group.

    • Created an ALB in public subnets for load balancing.

      resource "aws_launch_template" "app" {
  name_prefix   = "healthtech-app-"
  image_id      = "ami-12345678"
  instance_type = "t3.medium"
}
 
resource "aws_autoscaling_group" "app" {
  vpc_zone_identifier = [aws_subnet.private_subnet_1.id, aws_subnet.private_subnet_2.id]
  desired_capacity    = 2
  min_size            = 2
  max_size            = 4
  launch_template {
    id      = aws_launch_template.app.id
    version = "$Latest"
  }
}
 
resource "aws_lb" "app" {
  name               = "healthtech-alb"
  internal           = false
  load_balancer_type = "application"
  subnets            = [aws_subnet.public_subnet_1.id, aws_subnet.public_subnet_2.id]
}

  5. RDS Databases in Database Tier:

    • Deployed a Multi-AZ RDS MySQL instance in private DB subnets.

    • Configured security groups for application tier access.

      resource "aws_db_instance" "main" {
  identifier              = "healthtech-db"
  engine                 = "mysql"
  instance_class         = "db.t3.medium"
  allocated_storage      = 20
  multi_az               = true
  vpc_security_group_ids = [aws_security_group.rds.id]
  db_subnet_group_name   = aws_db_subnet_group.main.name
  storage_encrypted      = true
  kms_key_id             = aws_kms_key.rds.arn
}
 
resource "aws_db_subnet_group" "main" {
  name       = "healthtech-db"
  subnet_ids = [aws_subnet.private_db_1.id, aws_subnet.private_db_2.id]
}
 
resource "aws_security_group" "rds" {
  vpc_id = aws_vpc.main.id
  ingress {
    from_port       = 3306
    to_port         = 3306
    protocol        = "tcp"
    security_groups = [aws_security_group.app.id]
  }
}
 
resource "aws_kms_key" "rds" {
  description = "KMS key for RDS encryption"
}

  6. Terraform for Infrastructure-as-Code:

    • Organized Terraform into modules for VPC, subnets, EC2, RDS, and networking.
    • Stored state in S3 with DynamoDB locking.

  7. Security and Compliance:

    • Configured security groups and IAM roles for least-privilege access.
    • Enabled RDS encryption with KMS for HIPAA compliance.

  8. Monitoring and Optimization:

    • Set up CloudWatch alarms for EC2 and RDS metrics.
    • Used Reserved and Spot Instances for cost savings.

Result

The 3-tier architecture delivered transformative outcomes for HealthTech Innovations:

  • 99.99% Uptime: Multi-AZ deployment ensured uninterrupted access.
  • 200% Traffic Increase: Handled peak loads seamlessly.
  • 30% Cost Reduction: Optimized resources cut costs.
  • 50% Deployment Time Reduction: Terraform eliminated manual errors.
  • HIPAA Compliance: Secured patient data with encryption and access controls.
  • Disaster Recovery: RDS backups ensured rapid recovery.

This project highlights AMJ Cloud Technologies’ expertise in secure, scalable healthcare solutions.

Technologies Used

  • AWS VPC: Isolated network environment.
  • AWS EC2: Hosted application.
  • AWS RDS: Stored patient data.
  • AWS ALB: Balanced traffic.
  • AWS Auto Scaling: Scaled dynamically.
  • AWS NAT Gateway: Secured outbound traffic.
  • AWS Internet Gateway: Enabled public access.
  • AWS Security Groups: Restricted access.
  • AWS CloudWatch: Monitored performance.
  • AWS IAM: Managed permissions.
  • AWS KMS: Encrypted data.
  • Terraform: Automated infrastructure.

Key Takeaways

This project demonstrates the power of 3-tier architectures and IaC in healthcare, ensuring compliance, scalability, and efficiency. AMJ Cloud Technologies continues to empower startups with innovative cloud solutions.

Architectural Diagram

Need a Similar Solution?

I can help you design and implement similar cloud infrastructure and DevOps solutions for your organization.

Let's Discuss Your ProjectView More Projects