This Guidance provides a streamlined way for you to build, deploy, and manage a highly scalable, containerized three-tier web application for your small- or medium-size business. This Guidance captures the entire lifecycle of the application, from setting up the architecture to deploying the containers and monitoring the system’s performance. By focusing on containerization, you can dynamically adjust resources based on demand, so your web application can handle increased traffic and sudden spikes without compromising performance or user experience. Containerized web applications can help you optimize application resources and improve your web application development. 

Please note: [Disclaimer]

Architecture Diagram


Download the architecture diagram PDF 

Well-Architected Pillars

The AWS Well-Architected Framework helps you understand the pros and cons of the decisions you make when building systems in the cloud. The six pillars of the Framework allow you to learn architectural best practices for designing and operating reliable, secure, efficient, cost-effective, and sustainable systems. Using the AWS Well-Architected Tool, available at no charge in the AWS Management Console, you can review your workloads against these best practices by answering a set of questions for each pillar.

The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.

  • This Guidance uses CloudWatch to help you define, capture, and analyze workload metrics to gain visibility and useful insights into workload events. You can implement CloudWatch dashboards with business and technical viewpoints to understand the health of your workload and help team members make informed decisions.

    Read the Operational Excellence whitepaper 
  • This Guidance promotes a robust security posture, helping you safeguard your data and protect against potential vulnerabilities without having to build the complex security controls yourself. It uses Amazon Cognito for user identity and access management, authentication, and synchronization across devices. CloudFront provides distributed denial of service protection and field-level encryption and integrates with AWS Shield to mitigate network attacks. This Guidance also uses DynamoDB, which provides encryption at rest and in transit and fine-grained access controls, and it integrates with AWS Identity and Access Management (IAM) to secure the web application’s data.

    Read the Security whitepaper 
  • This Guidance uses managed AWS services that automatically scale to match changes in demand. API Gateway accepts and processes up to hundreds of thousands of concurrent API calls. It handles automatic scaling, throttling, and monitoring to help you build a resilient and observable architecture that recovers rapidly from failures. Application Load Balancer distributes loads to healthy Amazon ECS services, balances traffic across multiple AZs, and performs health checks on targets, helping you improve workload availability, handle spikes in traffic, and react to failures quickly. Application Load Balancer also integrates with the automatic scaling of Fargate, which is built on a fault-tolerant infrastructure and enhances workload availability and resilience. 

    Additionally, this Guidance uses Route 53, a DNS that routes end users to healthy application endpoints through automatic failover, latency-based routing, and health checks. In a case of failure, it can redirect traffic to an alternate AZ.

    Read the Reliability whitepaper 
  • This Guidance uses managed services that handle infrastructure management so that you can focus on your application code. These services scale dynamically so that your web application can handle increased traffic without compromising performance or user experience. Amazon ECS uses Fargate, which handles scaling and infrastructure management, increasing resource utilization and availability without any need for you to provision or optimize servers yourself. 

    DynamoDB handles provisioning, replication, scaling, and hardware maintenance automatically. Additionally, CloudFront provides a global CDN that caches content closer to your users, with low latency and high transfer speeds. This reduces data transfer costs, requires no servers to manage, and seamlessly scales to handle traffic spikes without provisioning capacity.

    Read the Performance Efficiency whitepaper 
  • This Guidance uses AWS services to help you optimize resource allocation through scaling. For example, using Fargate, you pay only for the virtual CPU and memory resources consumed by your containers, thus removing the need to provision and manage infrastructure and reducing costs. DynamoDB scales throughput and storage to avoid overprovisioning and has no servers to manage, removing administrative overhead and offering predictable, on-demand capacity pricing with no minimum fees. 

    Additionally, CloudFront integrates with Amazon S3. You can serve static content directly from an S3 bucket without needing to provision a web server, and CloudFront caches content at the edge to minimize data transfer costs, compressing objects to reduce size and automatically scaling to handle traffic spikes. 

    Read the Cost Optimization whitepaper 
  • This Guidance runs Amazon ECS on Fargate so you can run containers without managing servers, increasing resource utilization and helping you avoid overprovisioning and waste. DynamoDB, which also helps you avoid overprovisioning, has an energy-efficient infrastructure that uses renewable energy, and its serverless model scales throughput and storage to meet demand. Additionally, DynamoDB has a global footprint, which lets you locate tables close to users to reduce network transit impacts. 

    Read the Sustainability whitepaper 

Implementation Resources

A detailed guide is provided to experiment and use within your AWS account. Each stage of building the Guidance, including deployment, usage, and cleanup, is examined to prepare it for deployment.

The sample code is a starting point. It is industry validated, prescriptive but not definitive, and a peek under the hood to help you begin.

AWS Architecture


This post demonstrates how...


The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.

Was this page helpful?