Design and Implementation of a Secure and Cost-Effective Three Tier Cloud Network on AWS
Sigdel, Kamal (2026)
2026
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi-fe2026040725673
https://urn.fi/URN:NBN:fi-fe2026040725673
Tiivistelmä
This thesis presents the design and implementation of a secure and cost-effective three-tier cloud network architecture using Amazon Web Services (AWS). The objective of the study was to demonstrate how proper network segmentation and controlled communication between system components can improve security and fault isolation while maintaining low operational cost.
The work was carried out using a project-based approach. The architecture was first designed based on common cloud networking principles and then implemented in a real AWS environment. Core services such as Virtual Private Cloud, Amazon instances, and Amazon Relational Database were used to build separate web, application, and database tiers. The system was evaluated through practical connectivity and security testing to verify correct communication between tiers and protection against unauthorized access. A cost analysis was also conducted based on actual usage and AWS pricing data.
The findings show that the implemented three-tier architecture functions correctly. The web tier allowed internet access, while the application and database tiers were secured in private subnets. Internal communication between tiers was limited to private IP addresses, and unauthorized access attempts were successfully blocked. In addition, the cost analysis confirmed that these security and segmentation goals were achieved without introducing significant monthly expenses.
The study demonstrates that secure and well-structured cloud network architectures can be implemented in a cost-effective manner when resources are carefully sized and managed. The proposed solution provides a practical reference model suitable for small organizations, educational environments, and budget-constrained projects.
The work was carried out using a project-based approach. The architecture was first designed based on common cloud networking principles and then implemented in a real AWS environment. Core services such as Virtual Private Cloud, Amazon instances, and Amazon Relational Database were used to build separate web, application, and database tiers. The system was evaluated through practical connectivity and security testing to verify correct communication between tiers and protection against unauthorized access. A cost analysis was also conducted based on actual usage and AWS pricing data.
The findings show that the implemented three-tier architecture functions correctly. The web tier allowed internet access, while the application and database tiers were secured in private subnets. Internal communication between tiers was limited to private IP addresses, and unauthorized access attempts were successfully blocked. In addition, the cost analysis confirmed that these security and segmentation goals were achieved without introducing significant monthly expenses.
The study demonstrates that secure and well-structured cloud network architectures can be implemented in a cost-effective manner when resources are carefully sized and managed. The proposed solution provides a practical reference model suitable for small organizations, educational environments, and budget-constrained projects.