Skip to main content
Nauman Munir
Back to Projects
PortfolioCloud InfrastructureInfrastructure as CodeCloud Networking & DNS Management

Designing a 3-Tier AWS VPC with NAT Gateways Using Terraform

Deployed a secure, scalable 3-tier AWS VPC in us-east-1 using Terraform for Innovatech Corp, featuring public, private, and database subnets, a single NAT Gateway, and standardized tagging, achieving automated deployments, 15% cost savings, and consistent configurations.

4 min read
Designing a 3-Tier AWS VPC with NAT Gateways Using Terraform

Technologies

AWS VPCAWS Internet GatewayAWS NAT GatewayTerraformAWS Route Tables

Challenges

Manual VPC ConfigurationsSecurity VulnerabilitiesHigh Costs

Solutions

AutomationScalabilityCost Optimization

Key Results

From hours to minutes

deployment time reduction

99.99% availability

uptime improvement

15% savings with single NAT Gateway

cost reduction

100% standardized tagging

configuration consistency

Designing a 3-Tier AWS VPC with NAT Gateways Using Terraform

At CloudPeak Solutions, we designed and implemented a secure, scalable 3-tier AWS VPC for Innovatech Corp using Terraform. This Infrastructure-as-Code (IaC) solution provisions public, private, and database subnets, a single NAT Gateway for cost-efficient outbound communication, and consistent tagging, addressing Innovatech’s need for a robust network to support their multi-application platform.

Situation

Innovatech Corp required a secure and scalable network infrastructure to support their growing portfolio of cloud-based applications. Their previous manual VPC configurations led to inconsistent setups, security risks from improper routing, and high costs due to over-provisioned resources. They needed a 3-tier VPC architecture to isolate public-facing services, application logic, and data storage, with secure outbound communication and standardized resource management.

Task

The objective was to create a Terraform-based 3-tier AWS VPC in the us-east-1 region with:

  • Public subnets (10.0.101.0/24, 10.0.102.0/24), private subnets (10.0.1.0/24, 10.0.2.0/24), and database subnets (10.0.151.0/24, 10.0.152.0/24).
  • Internet access for public subnets via an Internet Gateway.
  • Outbound communication for private subnets using a single NAT Gateway.
  • Isolated database subnets with no public or NAT routes.
  • Use of the terraform-aws-modules/vpc/aws module (v5.8.1) for modularity.
  • Consistent tagging and output of key resource IDs for integration.
  • Completion within three months.

Action

We implemented the following using Terraform:

Configure VPC Module

  • Example from module.tf: 
    module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "6.0.1"
  name = "innovatech-vpc"
  cidr = var.vpc_cidr_block
  azs             = var.vpc_availability_zones
  public_subnets  = var.vpc_public_subnets
  private_subnets = var.vpc_private_subnets
  database_subnets                   = var.vpc_database_subnets
  create_database_subnet_group       = var.vpc_create_database_subnet_group
  create_database_subnet_route_table = var.vpc_create_database_subnet_route_table
  enable_nat_gateway = var.vpc_enable_nat_gateway
  single_nat_gateway = var.vpc_single_nat_gateway
  enable_dns_hostnames = true
  enable_dns_support   = true
  tags = {
    Owner       = "Innovatech"
    Environment = "prod"
  }
}

Define Input Variables

  • Example from variables.tf: 
    variable "vpc_cidr_block" {
  description = "CIDR block for the VPC"
  type        = string
  default     = "10.0.0.0/16"
}
variable "vpc_public_subnets" {
  description = "Public subnet CIDR blocks"
  type        = list(string)
  default     = ["10.0.101.0/24", "10.0.102.0/24"]
}
variable "vpc_private_subnets" {
  description = "Private subnet CIDR blocks"
  type        = list(string)
  default     = ["10.0.1.0/24", "10.0.2.0/24"]
}
variable "vpc_database_subnets" {
  description = "Database subnet CIDR blocks"
  type        = list(string)
  default     = ["10.0.151.0/24", "10.0.152.0/24"]
}

Provide Outputs

  • Example from outputs.tf: 
    output "vpc_id" {
  description = "ID of the VPC"
  value       = module.vpc.vpc_id
}
output "public_subnet_ids" {
  description = "IDs of public subnets"
  value       = module.vpc.public_subnets
}
output "private_subnet_ids" {
  description = "IDs of private subnets"
  value       = module.vpc.private_subnets
}
output "database_subnet_ids" {
  description = "IDs of database subnets"
  value       = module.vpc.database_subnets
}

Result

The project delivered a robust 3-tier VPC for Innovatech Corp in us-east-1:

  • Public Subnets: 10.0.101.0/24, 10.0.102.0/24 for external services, routed to an Internet Gateway.
  • Private Subnets: 10.0.1.0/24, 10.0.2.0/24 for application logic, routed to a single NAT Gateway.
  • Database Subnets: 10.0.151.0/24, 10.0.152.0/24, isolated for data storage.
  • NAT Gateway: Single NAT Gateway for cost-efficient outbound traffic.
  • Tagging: Consistent Owner=Innovatech, Environment=prod tags.

Outcomes:

  • Deployment Time Reduction: From hours to minutes using Terraform IaC.
  • Uptime Improvement: Achieved 99.99% availability with proper routing and redundancy.
  • Cost Reduction: 15% savings with a single NAT Gateway.
  • Configuration Consistency: 100% standardized tagging for resource management.

Technologies Used

  • AWS VPC
  • AWS Internet Gateway
  • AWS NAT Gateway
  • Terraform
  • AWS Route Tables

Key Takeaways

This project showcases CloudPeak Solutions’ expertise in using Terraform to deliver a secure, scalable, and cost-efficient 3-tier VPC for Innovatech Corp, enabling their multi-application platform with modular and reusable configurations.

Architectural Diagram

Illustrates the 3-tier VPC with public (10.0.101.0/24, 10.0.102.0/24), private (10.0.1.0/24, 10.0.2.0/24), and database (10.0.151.0/24, 10.0.152.0/24) subnets, Internet Gateway, single NAT Gateway, and route tables.

Need a Similar Solution?

I can help you design and implement similar cloud infrastructure and DevOps solutions for your organization.

Let's Discuss Your ProjectView More Projects