4.3 KiB
4.3 KiB
🏗️ AWS Multi-Tier Infrastructure - Terraform Project
📋 Overview
Production-ready Terraform project for complete AWS multi-tier infrastructure with HA, security, and scalability best practices.
🏛️ Architecture
Internet → ALB → Public Subnets (Multi-AZ)
↓
NAT Gateways
↓
Private Subnets (App Tier + Auto Scaling)
↓
Database Subnets (RDS PostgreSQL Multi-AZ)
📦 Components
- VPC - Isolated network across 2 AZs
- ALB - Application Load Balancer
- Auto Scaling - EC2 with dynamic scaling
- RDS PostgreSQL - Managed database with backups
- S3 - Storage buckets (data/logs/backups)
- CloudWatch - Monitoring & alerting
- IAM - Security roles & policies
🚀 Quick Start
# 1. Clone
git clone http://git.thedevops.dev/admin/k3s-gitops.git
cd k3s-gitops/terraform/aws-infrastructure
# 2. Configure AWS
export AWS_ACCESS_KEY_ID="your-key"
export AWS_SECRET_ACCESS_KEY="your-secret"
# 3. Create config
cp environments/dev.tfvars terraform.tfvars
vim terraform.tfvars # Edit: project_name, db_password
# 4. Deploy
terraform init
terraform plan
terraform apply
Deploy time: ~15-20 minutes
Dev cost: ~$50-100/month
📁 Project Structure
terraform/aws-infrastructure/
├── main.tf # Main configuration
├── variables.tf # Input variables
├── outputs.tf # Output values
├── Jenkinsfile # CI/CD pipeline
├── environments/ # Environment configs
│ ├── dev.tfvars
│ ├── staging.tfvars
│ └── production.tfvars
├── modules/ # Reusable modules
│ ├── vpc/
│ ├── alb/
│ ├── asg/
│ ├── rds/
│ └── ...
├── scripts/
│ └── user-data.sh # EC2 bootstrap
└── docs/
├── QUICKSTART.md # 5-min setup guide
├── ARCHITECTURE.md # Detailed design
└── SECURITY.md # Best practices
🎯 Usage Examples
Development Environment
terraform apply -var-file="environments/dev.tfvars"
Production Environment
terraform apply -var-file="environments/production.tfvars"
Scale Application
# Edit terraform.tfvars
asg_desired_capacity = 5
terraform apply
🔧 Configuration
Minimum required variables:
# terraform.tfvars
project_name = "myapp"
environment = "dev"
db_username = "admin"
db_password = "SecurePassword123!"
See environments/ for full examples
📊 Outputs
# View all outputs
terraform output
# Get ALB DNS
terraform output alb_dns_name
# Get RDS endpoint
terraform output rds_endpoint
🔐 Security
- ✅ State encryption in S3
- ✅ Private subnets for apps
- ✅ Isolated database subnets
- ✅ Security groups with minimal permissions
- ✅ Secrets in AWS Secrets Manager
- ✅ VPC Flow Logs enabled
- ✅ CloudTrail auditing
⚠️ NEVER commit secrets to Git!
🔄 CI/CD
Jenkins pipeline included with:
- ✅ Terraform validation
- ✅ Security scanning (tfsec)
- ✅ Cost estimation (Infracost)
- ✅ Approval gates for production
- ✅ Automated smoke tests
📚 Documentation
- Quick Start Guide - 5-minute setup
- Architecture Details - Design deep-dive
- Security Best Practices - Hardening guide
- Troubleshooting - Common issues
💰 Cost Estimates
| Environment | Monthly Cost |
|---|---|
| Development | $50-100 |
| Staging | $200-400 |
| Production | $500-1000 |
Actual costs depend on usage and instance types
🧪 Testing
# Validate
terraform validate
# Format check
terraform fmt -check -recursive
# Security scan
docker run --rm -v $(pwd):/src aquasec/tfsec /src
🗑️ Cleanup
# Destroy dev
terraform destroy -var-file="environments/dev.tfvars"
# ⚠️ Production requires manual approval
📞 Support
- 🐛 Issues
- 💬 Slack: #infrastructure
- 📧 Email: devops@example.com
📄 License
MIT License
Status: ✅ Production Ready
Version: 1.0.0
Last Updated: 2026-01-06