diff --git a/terraform/aws-infrastructure/README.md b/terraform/aws-infrastructure/README.md new file mode 100644 index 0000000..96612e9 --- /dev/null +++ b/terraform/aws-infrastructure/README.md @@ -0,0 +1,229 @@ +# ๐Ÿ—๏ธ AWS Multi-Tier Infrastructure - Terraform Project + +## ๐Ÿ“‹ Overview + +Production-ready Terraform project for complete AWS multi-tier infrastructure with HA, security, and scalability best practices. + +### ๐Ÿ›๏ธ Architecture + +``` +Internet โ†’ ALB โ†’ Public Subnets (Multi-AZ) + โ†“ + NAT Gateways + โ†“ + Private Subnets (App Tier + Auto Scaling) + โ†“ + Database Subnets (RDS PostgreSQL Multi-AZ) +``` + +### ๐Ÿ“ฆ Components + +- **VPC** - Isolated network across 2 AZs +- **ALB** - Application Load Balancer +- **Auto Scaling** - EC2 with dynamic scaling +- **RDS PostgreSQL** - Managed database with backups +- **S3** - Storage buckets (data/logs/backups) +- **CloudWatch** - Monitoring & alerting +- **IAM** - Security roles & policies + +--- + +## ๐Ÿš€ Quick Start + +```bash +# 1. Clone +git clone http://git.thedevops.dev/admin/k3s-gitops.git +cd k3s-gitops/terraform/aws-infrastructure + +# 2. Configure AWS +export AWS_ACCESS_KEY_ID="your-key" +export AWS_SECRET_ACCESS_KEY="your-secret" + +# 3. Create config +cp environments/dev.tfvars terraform.tfvars +vim terraform.tfvars # Edit: project_name, db_password + +# 4. Deploy +terraform init +terraform plan +terraform apply +``` + +**Deploy time:** ~15-20 minutes +**Dev cost:** ~$50-100/month + +--- + +## ๐Ÿ“ Project Structure + +``` +terraform/aws-infrastructure/ +โ”œโ”€โ”€ main.tf # Main configuration +โ”œโ”€โ”€ variables.tf # Input variables +โ”œโ”€โ”€ outputs.tf # Output values +โ”œโ”€โ”€ Jenkinsfile # CI/CD pipeline +โ”œโ”€โ”€ environments/ # Environment configs +โ”‚ โ”œโ”€โ”€ dev.tfvars +โ”‚ โ”œโ”€โ”€ staging.tfvars +โ”‚ โ””โ”€โ”€ production.tfvars +โ”œโ”€โ”€ modules/ # Reusable modules +โ”‚ โ”œโ”€โ”€ vpc/ +โ”‚ โ”œโ”€โ”€ alb/ +โ”‚ โ”œโ”€โ”€ asg/ +โ”‚ โ”œโ”€โ”€ rds/ +โ”‚ โ””โ”€โ”€ ... +โ”œโ”€โ”€ scripts/ +โ”‚ โ””โ”€โ”€ user-data.sh # EC2 bootstrap +โ””โ”€โ”€ docs/ + โ”œโ”€โ”€ QUICKSTART.md # 5-min setup guide + โ”œโ”€โ”€ ARCHITECTURE.md # Detailed design + โ””โ”€โ”€ SECURITY.md # Best practices +``` + +--- + +## ๐ŸŽฏ Usage Examples + +### Development Environment + +```bash +terraform apply -var-file="environments/dev.tfvars" +``` + +### Production Environment + +```bash +terraform apply -var-file="environments/production.tfvars" +``` + +### Scale Application + +```bash +# Edit terraform.tfvars +asg_desired_capacity = 5 + +terraform apply +``` + +--- + +## ๐Ÿ”ง Configuration + +**Minimum required variables:** + +```hcl +# terraform.tfvars +project_name = "myapp" +environment = "dev" +db_username = "admin" +db_password = "SecurePassword123!" +``` + +**See `environments/` for full examples** + +--- + +## ๐Ÿ“Š Outputs + +```bash +# View all outputs +terraform output + +# Get ALB DNS +terraform output alb_dns_name + +# Get RDS endpoint +terraform output rds_endpoint +``` + +--- + +## ๐Ÿ” Security + +- โœ… State encryption in S3 +- โœ… Private subnets for apps +- โœ… Isolated database subnets +- โœ… Security groups with minimal permissions +- โœ… Secrets in AWS Secrets Manager +- โœ… VPC Flow Logs enabled +- โœ… CloudTrail auditing + +**โš ๏ธ NEVER commit secrets to Git!** + +--- + +## ๐Ÿ”„ CI/CD + +Jenkins pipeline included with: +- โœ… Terraform validation +- โœ… Security scanning (tfsec) +- โœ… Cost estimation (Infracost) +- โœ… Approval gates for production +- โœ… Automated smoke tests + +--- + +## ๐Ÿ“š Documentation + +- [Quick Start Guide](docs/QUICKSTART.md) - 5-minute setup +- [Architecture Details](docs/ARCHITECTURE.md) - Design deep-dive +- [Security Best Practices](docs/SECURITY.md) - Hardening guide +- [Troubleshooting](docs/TROUBLESHOOTING.md) - Common issues + +--- + +## ๐Ÿ’ฐ Cost Estimates + +| Environment | Monthly Cost | +|-------------|--------------| +| Development | $50-100 | +| Staging | $200-400 | +| Production | $500-1000 | + +*Actual costs depend on usage and instance types* + +--- + +## ๐Ÿงช Testing + +```bash +# Validate +terraform validate + +# Format check +terraform fmt -check -recursive + +# Security scan +docker run --rm -v $(pwd):/src aquasec/tfsec /src +``` + +--- + +## ๐Ÿ—‘๏ธ Cleanup + +```bash +# Destroy dev +terraform destroy -var-file="environments/dev.tfvars" + +# โš ๏ธ Production requires manual approval +``` + +--- + +## ๐Ÿ“ž Support + +- ๐Ÿ› [Issues](http://git.thedevops.dev/admin/k3s-gitops/issues) +- ๐Ÿ’ฌ Slack: #infrastructure +- ๐Ÿ“ง Email: devops@example.com + +--- + +## ๐Ÿ“„ License + +MIT License + +--- + +**Status:** โœ… Production Ready +**Version:** 1.0.0 +**Last Updated:** 2026-01-06