AWS, Cloud Computing

5 Mins Read

A Guide to Setting Up a Secure Two-Tier Application with OpenVPN in AWS


Ensuring your applications are secure in the rapidly changing world of cloud computing is crucial. This blog will lead you through building up a powerful and secure two-tier application on Amazon Web Services (AWS) with the added layer of protection offered by an OpenVPN server. A front-end web server and a back-end database server comprise the two-tier architecture, promoting better scalability and concern separation. By incorporating OpenVPN into this configuration, we improve security by establishing a private, encrypted communication channel between the servers. This comprehensive guide will walk you through the step-by-step process, from provisioning the necessary AWS resources to configuring the OpenVPN server, providing you with the tools and knowledge to establish a secure foundation for your applications on the AWS cloud.

Introduction to Two-Tier Architecture

Two-tier architecture is a fundamental model in application design, divides the system into two main components: a front-end web server for user interaction and content delivery and a back-end database server for data storage and retrieval.

This separation streamlines development, improves scalability, and enhances performance. In this blog, we’ll guide you through setting up a secure two-tier application on Amazon Web Services (AWS), augmented with the added security layer of an OpenVPN server. Join us as we explore the benefits of this architecture and walk through the steps to create a robust, scalable, and secure application in the AWS cloud.

Pioneers in Cloud Consulting & Migration Services

  • Reduced infrastructural costs
  • Accelerated application deployment
Get Started


  • Prior basic knowledge of AWS cloud (Amazon RDS, Amazon EC2).
  • Amazon EC2 instance will be public and serve as our front-end application for users to interact.
  • The Amazon RDS instance for the backend will store our application’s database. Amazon RDS will be in the private subnet.

Steps to Setup OpenVPN EC2 server

­Step 1: Go to the Amazon EC2 console in your Amazon account and click on launch instance.


Step 2: Give a name to your instance, then click on Browse more AMIs to choose the AMI of the OpenVPN server.


Step 3: Click on AWS Marketplace AMIs, then search OpenVpn in the AMI search bar and select OpenVPN Access server image.


Step 4: Select Amazon VPC and subnet, then launch the instance.


Step 5: SSH into your OpenVPN server. You will be asked some configuration questions.

  • First, you will be asked to accept the OpenVPN agreement. You need to give it a
  • Then, it will ask if this server is your primary node or standby node.
  • By default, it will be set as the primary node.
  • If you want to change you need to give You can keep configurations as default. It will ask for the ports, and you can keep them default.
  • It will ask, “Should client traffic be routed by default through the VPN?”, “Should client DNS traffic be routed by default through the VPN?”. Give both as

Step 6: You’ll be provided one Admin UI URL and one Client UI URL. Copy the admin URL and open it in the browser.


Login with the admin credentials that you have set.

Step 7: You will be taken to the admin page to manage your OpenVPN server, such as creating users and assigning permissions and server configuration. Click on User Management, then user permissions.


Here, you can create users who can access and log into your OpenVPN access server, and you can also assign admin access to those users. There is already one admin user created, which you have created earlier.

Here, you have configured your VPN server. Now, it is time to configure your Amazon EC2 and Amazon RDS to allow access through VPN only.

Steps to Configure Amazon RDS and Amazon EC2 security groups to allow access through VPN only

Step 1: Open your web server Amazon EC2 security group and edit inbound rules.

Open the SSH port, and in the source, add the public IP of your OpenVPN EC2 server. Similarly, allow HTTP and HTTPS ports from the VPN server’s public IP.


Step 2: Open the security group of the Amazon RDS instance and allow MySQL port 3306 from the security group of your frontend Amazon EC2 instance.


Now, we can access our application only when connected to a VPN. The next section will see how to connect to OpenVPN and set up profiles.

Steps to Setup a VPN profile to connect to the VPN

Step 1: Open the public IP of your OpenVPN server in the browser. You will be taken to the client UI of the OpenVPN server. Log in with the username and password of the user you created on the admin page.


Step 2: After logging in, you will see a page where you can choose your operating system. It will download the OpenVPN connect application in your system, which you can use to connect to the VPN.

Step 3. Open the application that has been downloaded. And paste the IP of the OpenVPN server in the field and click on next.


Step 4: Now, create a profile in the app. For that, give the username and password of the user you already created in the admin UI and click on import.


Now, you will be connected to the VPN. You can confirm that by seeing the spikes in the image below. Which means you are connected to the internet through VPN. You can also check that by searching “what is my ip” on Google. You will see your IP is the same as the public IP of the OpenVPN server.



By constructing a safe two-tier architecture on AWS and adding an OpenVPN server as a firewall, we have strengthened our applications’ defenses against potential attacks. We improve scalability and simplify development by deliberately dividing front-end and back-end components. An additional layer of security is added by integrating OpenVPN, which guarantees private and encrypted server communication. This guide covers AWS setup, server configurations, and security measures, offering a roadmap for building resilient applications. Remember, security is an ongoing process, and AWS provides the flexibility to scale with evolving needs. By implementing these strategies, you’re securing your applications and contributing to a dynamic and adaptive cloud environment.

Drop a query if you have any questions regarding Two-tier architecture and we will get back to you quickly.

Making IT Networks Enterprise-ready – Cloud Management Services

  • Accelerated cloud migration
  • End-to-end view of the cloud environment
Get Started

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

CloudThat is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 650k+ professionals in 500+ cloud certifications and completed 300+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training PartnerAWS Migration PartnerAWS Data and Analytics PartnerAWS DevOps Competency PartnerAmazon QuickSight Service Delivery PartnerAmazon EKS Service Delivery PartnerAWS Microsoft Workload PartnersAmazon EC2 Service Delivery Partner, and many more.

To get started, go through our Consultancy page and Managed Services PackageCloudThat’s offerings.


1. Why choose a two-tier architecture for my application on AWS?

ANS: – A two-tier architecture improves scalability and simplifies development and maintenance by providing a distinct division of responsibilities between the front and back end. This architecture optimizes resource utilization and offers a strong basis for cloud-based applications by enabling the independent scaling of each tier in response to demand.

2. How does integrating an OpenVPN server enhance the security of my two-tier application?

ANS: – Creating a secret, encrypted communication channel between the front-end and back-end servers, including an OpenVPN server, boosts security even further. This contributes to a strong security posture by protecting data transmission, reducing potential risks, and guaranteeing the confidentiality of critical information.

3. What are some best practices for maintaining the security of a two-tier application on AWS over time?

ANS: – Implementing firewall rules and security groups, keeping an eye out for security events, and routinely updating and patching software are all essential for maintaining the security of your two-tier application on AWS. A proactive and adaptive security strategy also includes implementing backup and disaster recovery plans, adhering to AWS best practices for networking, and keeping up with new threats.

WRITTEN BY Shakti Singh Chouhan

Shakti Singh is a Research Associate (Infra, Migration, and Security) at CloudThat. He is a passionate learner committed to learning new things every day. Shakti enjoys sharing his knowledge with others. He likes singing and listening to music in his leisure time. 



    Click to Comment

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!