A comprehensive, production-ready AWS infrastructure blueprint managed via Terraform. This repository provides a modular and scalable foundation for deploying a modern cloud-native application stack, including networking, compute (EKS), databases, storage, and observability.
This blueprint automates the provisioning of a robust AWS environment designed for high availability, security, and developer productivity. It leverages industry-best practices such as Infrastructure as Code (IaC), least-privilege IAM roles, and automated scaling.
- Networking: Custom VPC with public and private subnets across multiple AZs.
- Compute (EKS): Managed Kubernetes service with Karpenter for high-performance, cost-optimized node autoscaling.
- API Gateway: Kong Gateway deployed on EKS for advanced traffic management and security.
- Databases: Managed Amazon RDS instances configured for private-network access.
- Storage: Scalable Amazon S3 buckets for application data and Terraform state.
- Frontend Hosting: AWS Amplify integration for automated web deployments.
- Container Registry: Amazon ECR for secure microservice image management.
- Observability: Amazon Managed Grafana and CloudWatch integration, with Fluent Bit for log forwarding.
- Security: OIDC-based IAM Roles for Service Accounts (IRSA), Bastion host for secure database access, and JWT-based authentication at the gateway.
The infrastructure is organized into discrete modules:
- Networking: Base VPC, Internet Gateway, NAT Gateways, and Subnetting.
- Compute: EKS Cluster, OIDC Provider, Karpenter, and a Bastion host.
- Databases: Multi-instance RDS support within private subnets.
- Storage: Centralized S3 bucket management.
- Container Registry: ECR repositories for microservices.
- Hosting: Amplify for CI/CD of frontend applications.
- Monitoring: Grafana workspaces and IAM roles for Prometheus/CloudWatch.
.
├── modules/
│ ├── compute/ # EKS, Karpenter, Bastion host
│ ├── container_registry/ # ECR Repositories
│ ├── databases/ # RDS Instances
│ ├── hosting/ # AWS Amplify & CloudFront
│ ├── networking/ # VPC, Subnets, Gateways
│ └── storage/ # S3 Buckets
├── main.tf # Root manifest orchestrating modules
├── providers.tf # AWS, Helm, Kubernetes providers
├── variables.tf # Input variable definitions
├── outputs.tf # Infrastructure output definitions
├── monitoring.tf # Observability & Grafana configuration
└── backend.tf # Remote state configuration
- Terraform:
v1.5.0+ - AWS CLI: Configured with appropriate credentials.
- kubectl: For interacting with the EKS cluster.
- Helm: For deploying platform services.
- GitHub/GitLab Token: Required for AWS Amplify repository integration.
Create a terraform.tfvars file to customize your deployment:
project_name = "my-awesome-app"
environment = "prod"
aws_region = "us-east-1"
domain_name = "example.com"
db_configs = {
main = {
db_name = "appdb"
username = "admin"
password = "securepassword" # Use secrets management in production!
}
}
services = ["auth-service", "api-service"]
s3_buckets = {
uploads = "my-app-uploads"
}
amplify_repository = "https://github.com/user/repo"
amplify_access_token = "ghp_xxxxxxxxxxxx"
jwt_secret = "your-super-secret-jwt-key"-
Initialize Terraform:
terraform init
-
Plan the Deployment:
terraform plan
-
Apply Changes:
terraform apply
-
Update Kubeconfig: After deployment, configure your local
kubectl:aws eks update-kubeconfig --region us-east-1 --name <cluster_name>
The blueprint provides several useful outputs, including:
cluster_endpoint: The EKS API server URL.backend_api_url: The DNS name of the Kong Gateway Load Balancer.grafana_url: Access link for the Managed Grafana workspace.rds_endpoints: Connection strings for the deployed databases.ecr_repository_urls: Endpoints for pushing your Docker images.
To tear down the infrastructure and avoid ongoing costs:
terraform destroyNote: Ensure all S3 buckets are empty before destruction.
This project is licensed under the MIT License - see the LICENSE file for details.