Skip to content

Chaitanya5068/aws-multitier-terraform-automation

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

11 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

πŸš€ AWS Multi-Tier Terraform Automation Platform

Production-Grade AWS DevOps Infrastructure Automation

Scalable β€’ Automated β€’ Observable β€’ High Availability β€’ Production-Ready



A production-grade multi-tier AWS infrastructure automation platform built using Terraform, featuring automated deployments, Auto Scaling, monitoring, observability, CloudWatch dashboards, SNS alerts, and event-driven frontend deployment workflows.

This project supports both DEV and PROD environments with isolated Terraform state management, reusable modular architecture, and production-style infrastructure automation.


πŸ“‹ Project Overview

This repository contains a production-grade Infrastructure as Code (IaC) solution built with Terraform that automates deployment and management of a scalable AWS multi-tier architecture.

The infrastructure is fully modular, environment-aware (DEV/PROD), and designed to handle real-world production workloads with:

  • Automated deployment pipelines
  • Auto Scaling & self-healing infrastructure
  • Centralized monitoring & observability
  • CloudWatch dashboards & alarms
  • SNS notifications
  • Secure private subnet deployment
  • Event-driven frontend deployment using S3 + Lambda + SSM

Supported Environments

environments/
β”œβ”€β”€ dev/
β”‚   β”œβ”€β”€ backend.tfvars
β”‚   └── terraform.tfvars
β”‚
└── prod/
    β”œβ”€β”€ backend.tfvars
    └── terraform.tfvars

Key Highlights

  • βœ… Multi-Environment Architecture (DEV & PROD)
  • βœ… Fully Automated Deployment Workflow
  • βœ… Production-Grade Monitoring Stack
  • βœ… Infrastructure as Code using Terraform
  • βœ… Modular AWS Infrastructure
  • βœ… Auto Scaling & High Availability
  • βœ… Real-Time CloudWatch Observability
  • βœ… Secure & Scalable Design

πŸ—οΈ Architecture Overview

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚                        USER TRAFFIC                          β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                               β”‚
                               β–Ό
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚         AWS CloudFront / Route 53 (Optional)                 β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                               β”‚
                               β–Ό
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚               Application Load Balancer (ALB)                β”‚
β”‚  β€’ Multi-AZ Traffic Distribution                             β”‚
β”‚  β€’ Health Checks Enabled                                     β”‚
β”‚  β€’ HTTPS / SSL Termination                                   β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                               β”‚
                               β–Ό
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚                Private Subnets (Multiple AZs)                β”‚
β”‚                                                              β”‚
β”‚   β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”   β”‚
β”‚   β”‚              EC2 Auto Scaling Group                  β”‚   β”‚
β”‚   β”‚                                                      β”‚   β”‚
β”‚   β”‚  β€’ Min Capacity: 2                                   β”‚   β”‚
β”‚   β”‚  β€’ Max Capacity: 4                                   β”‚   β”‚
β”‚   β”‚  β€’ Desired Capacity: 2                               β”‚   β”‚
β”‚   β”‚  β€’ ELB Health Checks                                 β”‚   β”‚
β”‚   β”‚  β€’ Launch Template + User Data                       β”‚   β”‚
β”‚   β”‚  β€’ Nginx Application Server                          β”‚   β”‚
β”‚   β”‚  β€’ Self-Healing Infrastructure                       β”‚   β”‚
β”‚   β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜   β”‚
β”‚                                                              β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                               β–²
                               β”‚
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚             AWS Systems Manager (SSM)                        β”‚
β”‚                 Run Command + IAM Roles                      β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                               β–²
                               β”‚
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚                      AWS Lambda                              β”‚
β”‚             Triggered by S3 Upload Events                    β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                               β–²
                               β”‚
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚                    Amazon S3 Bucket                          β”‚
β”‚                 Frontend Application Assets                  β”‚
β”‚            (HTML, CSS, JS, Images, Static Files)             β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜


β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚             πŸ“Š MONITORING & OBSERVABILITY LAYER             β”‚
β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
β”‚                                                              β”‚
β”‚   β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”   β”‚
β”‚   β”‚ CloudWatch     β”‚  β”‚ CloudWatch     β”‚  β”‚ SNS Alerts   β”‚   β”‚
β”‚   β”‚ Logs           β”‚  β”‚ Dashboards     β”‚  β”‚ Email / SMS  β”‚   β”‚
β”‚   β”‚                β”‚  β”‚                β”‚  β”‚ Notificationsβ”‚   β”‚
β”‚   β”‚ β€’ Nginx Logs   β”‚  β”‚ β€’ ALB Metrics  β”‚  β”‚              β”‚   β”‚
β”‚   β”‚ β€’ Lambda Logs  β”‚  β”‚ β€’ EC2 Metrics  β”‚  β”‚ β€’ High CPU   β”‚   β”‚
β”‚   β”‚ β€’ App Logs     β”‚  β”‚ β€’ Lambda Stats β”‚  β”‚ β€’ Unhealthy  β”‚   β”‚
β”‚   β”‚ β€’ Deploy Logs  β”‚  β”‚ β€’ Traffic Data β”‚  β”‚   Hosts      β”‚   β”‚
β”‚   β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜   β”‚
β”‚                                                              β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

image

Deployment Flow

Frontend Asset Upload
         ↓
    S3 Object
         ↓
  S3 Event Trigger
         ↓
  AWS Lambda Function
         ↓
  SSM Run Command
         ↓
 EC2 Instances (ASG)
         ↓
  File Sync & Nginx Restart
         ↓
  Live Application Updates

☁️ AWS Services Used

Service Purpose Configuration
VPC Network isolation and segmentation Multi-AZ, Public/Private subnets
EC2 Application servers Auto Scaling Group with Launch Template
ALB Load balancing and traffic distribution Multi-AZ, Health checks enabled
Auto Scaling Dynamic capacity management Min: 2, Max: 4, Scale-based policies
S3 Frontend asset storage Versioning, Event notifications
Lambda Automated deployment trigger Event-driven, IAM execution role
Systems Manager Infrastructure automation Run Command for EC2 deployment
CloudWatch Monitoring and observability Custom metrics, dashboards, alarms
SNS Alert notifications Email/SMS subscriptions
IAM Identity and access management Service roles, instance profiles
Security Groups Network access control Inbound/Outbound rules per layer

🎯 Key Features

Infrastructure as Code

  • πŸ“¦ Modular Terraform Design: Separate modules for each AWS service
  • πŸ”„ Reusable Components: DRY principle - shared modules across environments
  • πŸ“ Version Controlled: Complete infrastructure history in Git
  • πŸ” Validated: Terraform validate and plan before apply

High Availability & Scaling

  • 🌍 Multi-AZ Deployment: Services distributed across availability zones
  • πŸ“ˆ Auto Scaling: Automatic scaling based on demand
  • πŸ’ͺ Health Checks: Automatic instance replacement on failure
  • ⚑ Load Balancing: Efficient traffic distribution across instances

Automated Deployment

  • πŸ€– CI/CD Ready: Lambda-triggered deployment pipeline
  • πŸ“¦ S3-Based Deployment: Upload and deploy frontend assets
  • πŸ”„ Zero-Downtime: Rolling updates via Auto Scaling
  • πŸ“Š Deployment Tracking: CloudWatch logs for audit trail

Monitoring & Observability

  • πŸ“Š CloudWatch Dashboards: Real-time infrastructure metrics
  • πŸ“‹ Centralized Logging: Nginx and application logs in CloudWatch
  • 🚨 Intelligent Alerts: SNS notifications for critical metrics
  • πŸ“ˆ Custom Metrics: Application-specific performance tracking

Security

  • πŸ” Private Subnet Deployment: EC2 instances not directly accessible
  • πŸ›‘οΈ IAM Least Privilege: Granular permissions for each service
  • πŸ”’ Security Groups: Network segmentation and access control
  • πŸ“ Audit Trails: CloudWatch Logs for compliance

πŸ—οΈ Infrastructure as Code (IaC) Architecture

Module Structure

modules/
β”œβ”€β”€ vpc/                    # Virtual Private Cloud
β”‚   β”œβ”€β”€ main.tf
β”‚   β”œβ”€β”€ variables.tf
β”‚   └── outputs.tf
β”œβ”€β”€ security/               # Security Groups & NACLs
β”‚   β”œβ”€β”€ main.tf
β”‚   β”œβ”€β”€ variables.tf
β”‚   └── outputs.tf
β”œβ”€β”€ alb/                    # Application Load Balancer
β”‚   β”œβ”€β”€ main.tf
β”‚   β”œβ”€β”€ variables.tf
β”‚   └── outputs.tf
β”œβ”€β”€ ec2/                    # EC2 & Auto Scaling
β”‚   β”œβ”€β”€ main.tf
β”‚   β”œβ”€β”€ variables.tf
β”‚   └── outputs.tf
β”œβ”€β”€ iam/                    # IAM Roles & Policies
β”‚   β”œβ”€β”€ main.tf
β”‚   β”œβ”€β”€ variables.tf
β”‚   └── outputs.tf
β”œβ”€β”€ lambda/                 # Lambda Function
β”‚   β”œβ”€β”€ main.tf
β”‚   β”œβ”€β”€ variables.tf
β”‚   β”œβ”€β”€ outputs.tf
β”‚   └── function/
β”‚       └── index.py        # Python deployment handler
β”œβ”€β”€ s3/                     # S3 Bucket
β”‚   β”œβ”€β”€ main.tf
β”‚   β”œβ”€β”€ variables.tf
β”‚   └── outputs.tf
β”œβ”€β”€ cloudwatch/             # Monitoring & Logs
β”‚   β”œβ”€β”€ main.tf
β”‚   β”œβ”€β”€ variables.tf
β”‚   └── outputs.tf
β”œβ”€β”€ sns/                    # SNS Topic
β”‚   β”œβ”€β”€ main.tf
β”‚   β”œβ”€β”€ variables.tf
β”‚   └── outputs.tf
└── validate_destroy/       # Destruction validations
    └── main.tf

Environment Configuration

environments/
β”œβ”€β”€ dev/
β”‚   β”œβ”€β”€ backend.tfvars      # DEV state backend
β”‚   └── terraform.tfvars    # DEV variables
└── prod/
    β”œβ”€β”€ backend.tfvars      # PROD state backend
    └── terraform.tfvars    # PROD variables

Root Configuration Files

  • main.tf: Module orchestration and composition
  • providers.tf: AWS provider configuration
  • backend.tf: Terraform state management
  • variables.tf: Input variables definition
  • outputs.tf: Infrastructure outputs
  • versions.tf: Terraform version constraints

πŸš€ Automated Deployment Pipeline

How It Works

  1. Frontend Upload: Developer uploads frontend assets to S3 bucket
  2. S3 Event Trigger: S3 sends event notification on object upload
  3. Lambda Invocation: Lambda function receives S3 event payload
  4. SSM Command: Lambda triggers Systems Manager Run Command
  5. EC2 Execution: Run Command executes on all instances in ASG
  6. File Sync: Script syncs files from S3 to EC2 instances
  7. Service Restart: Nginx restarts to serve updated content
  8. Health Check: ALB verifies instance health
  9. Live Update: Users receive updated content

Deployment Script Flow

# On EC2 Instance (via SSM Run Command)
β”œβ”€β”€ Download files from S3
β”œβ”€β”€ Verify checksum/integrity
β”œβ”€β”€ Backup previous version
β”œβ”€β”€ Deploy new files
β”œβ”€β”€ Validate permissions
β”œβ”€β”€ Run health checks
└── Restart Nginx service

πŸ”„ High Availability & Auto Scaling

Auto Scaling Configuration

  • Min Capacity: 2 instances
  • Max Capacity: 4 instances
  • Desired Capacity: 2 instances
  • Health Check Type: ELB
  • Termination Policy: Oldest instance first
  • Cooldown Period: 300 seconds

Scaling Policies

CPU Utilization > 70%  β†’  Scale Up (add instance)
CPU Utilization < 30%  β†’  Scale Down (remove instance)

High Availability Features

  • βœ… Multi-AZ Distribution: Instances spread across 2+ availability zones
  • βœ… Load Balancing: ALB distributes traffic evenly
  • βœ… Health Monitoring: Automatic instance replacement
  • βœ… Connection Draining: Graceful shutdown during updates
  • βœ… DNS Failover: Route 53 integration ready

πŸ“Š Monitoring & Observability

CloudWatch Dashboards

Automated dashboards display:

  • πŸ“ˆ EC2 Metrics

    • CPU Utilization
    • Network In/Out
    • Disk Read/Write
    • Status Checks
  • πŸ”„ Auto Scaling Metrics

    • Group Size
    • Desired Capacity
    • Launch/Termination Events
    • Scaling Activity
  • 🌐 ALB Metrics

    • Target Count
    • Request Count
    • Target Response Time
    • HTTP Status Codes
  • πŸ’Ύ Application Metrics

    • Memory Utilization
    • Disk Usage
    • Application Response Time

CloudWatch Alarms

Configured alarms trigger SNS notifications for:

  • ⚠️ High CPU utilization (> 80%)
  • ⚠️ High memory usage (> 85%)
  • ⚠️ ALB unhealthy targets
  • ⚠️ Failed deployments
  • ⚠️ Auto Scaling failures

SNS Notifications

Alerts sent via:

  • πŸ“§ Email notifications
  • πŸ“± SMS alerts (optional)
  • πŸ”” Custom webhooks

πŸ“‹ Logging System

Centralized Logging

All logs aggregated in CloudWatch Logs:

/aws/ec2/application         # Application logs
/aws/ec2/nginx               # Nginx access & error logs
/aws/lambda/deployment       # Lambda function logs
/aws/autoscaling/asg         # Auto Scaling events

Log Analysis

  • πŸ” CloudWatch Insights: Query logs with SQL-like syntax
  • πŸ“Š Log Filtering: Create custom filters and metrics
  • πŸ“ˆ Log Trending: Identify patterns over time
  • 🚨 Log Alarms: Alert on error patterns

Nginx Logging

Access Logs:  /var/log/nginx/access.log
Error Logs:   /var/log/nginx/error.log
Format:       Combined with response time
Rotation:     Daily, compressed
Retention:    7 days local, 30 days CloudWatch

πŸ“‚ Project Structure

aws-multitier-terraform-automation/
β”‚
β”œβ”€β”€ README.md                          # Project documentation
β”œβ”€β”€ LICENSE                            # MIT License
β”œβ”€β”€ DESTROY_FIXES.md                   # Destruction troubleshooting
β”‚
β”œβ”€β”€ root configuration files
β”œβ”€β”€ main.tf                            # Module orchestration
β”œβ”€β”€ providers.tf                       # AWS provider setup
β”œβ”€β”€ backend.tf                         # State management
β”œβ”€β”€ variables.tf                       # Input variables
β”œβ”€β”€ outputs.tf                         # Infrastructure outputs
β”œβ”€β”€ versions.tf                        # Version constraints
β”‚
β”œβ”€β”€ modules/                           # Reusable Terraform modules
β”‚   β”œβ”€β”€ vpc/                          # VPC, Subnets, Route Tables, NAT Gateway
β”‚   β”œβ”€β”€ security/                     # Security Groups, NACLs
β”‚   β”œβ”€β”€ alb/                          # Application Load Balancer, Listeners
β”‚   β”œβ”€β”€ ec2/                          # Launch Template, Auto Scaling Group
β”‚   β”œβ”€β”€ iam/                          # IAM Roles, Policies, Instance Profile
β”‚   β”œβ”€β”€ lambda/                       # Lambda Function, Permissions, S3 Trigger
β”‚   β”‚   └── function/
β”‚   β”‚       └── index.py              # Python deployment handler
β”‚   β”œβ”€β”€ s3/                           # S3 Bucket, Versioning, Events
β”‚   β”œβ”€β”€ cloudwatch/                   # CloudWatch Logs, Dashboards, Alarms
β”‚   β”œβ”€β”€ sns/                          # SNS Topic, Subscriptions
β”‚   └── validate_destroy/             # Destruction validations
β”‚
β”œβ”€β”€ environments/                      # Environment-specific configurations
β”‚   β”œβ”€β”€ dev/
β”‚   β”‚   β”œβ”€β”€ backend.tfvars            # DEV state backend
β”‚   β”‚   └── terraform.tfvars          # DEV variables
β”‚   └── prod/
β”‚       β”œβ”€β”€ backend.tfvars            # PROD state backend
β”‚       └── terraform.tfvars          # PROD variables
β”‚
└── scripts/                           # Helper scripts
    └── userdata.sh                   # EC2 user data for Nginx setup

πŸ› οΈ Terraform Commands

Prerequisites

# Install Terraform
# https://www.terraform.io/downloads.html

# Verify installation
terraform version

DEV Environment Workflow

# Navigate to dev environment
cd environments/dev

# Initialize Terraform (downloads providers & modules)
terraform init

# Validate configuration syntax
terraform validate

# Preview changes
terraform plan -out=tfplan

# Apply changes (requires approval)
terraform apply tfplan

# Destroy infrastructure
terraform destroy -var-file=terraform.tfvars

PROD Environment Workflow

# Navigate to prod environment
cd environments/prod

# Initialize Terraform
terraform init

# Validate configuration
terraform validate

# Plan with production values
terraform plan -out=tfplan

# Apply production infrastructure
terraform apply tfplan

# View outputs
terraform output

# Destroy (use with caution!)
terraform destroy -var-file=terraform.tfvars

Common Terraform Commands

# Format code
terraform fmt -recursive

# Validate all modules
terraform validate

# View current state
terraform state list
terraform state show aws_instance.example

# Import existing resources
terraform import aws_instance.example i-1234567890abcdef0

# Taint resources (force recreation)
terraform taint aws_instance.example

# Get resource details
terraform show

# Refresh state
terraform refresh

# Clean up .terraform directory
rm -rf .terraform

State Management

# Backup state
cp terraform.tfstate terraform.tfstate.backup

# Remote state operations
terraform state pull > current.tfstate
terraform state push current.tfstate

# Remove resource from state
terraform state rm aws_instance.example

πŸš€ Frontend Deployment Steps

Step 1: Prepare Frontend Assets

# Build your frontend application
npm run build
# or
yarn build
# or for static HTML
# Ensure all assets are in a distribution folder

Step 2: Upload to S3

# Using AWS CLI
aws s3 sync ./dist s3://your-bucket-name/frontend/ \
  --delete \
  --cache-control "max-age=31536000,public"

# Or upload individual files
aws s3 cp ./dist/index.html s3://your-bucket-name/frontend/ \
  --cache-control "max-age=0,no-cache" \
  --content-type "text/html"

Step 3: Automatic Deployment Triggering

  1. S3 detects file upload
  2. Lambda function is invoked automatically
  3. Lambda executes SSM Run Command on EC2 instances
  4. Deployment script runs on all ASG instances
  5. Files are synced from S3
  6. Nginx restarts automatically

Step 4: Verify Deployment

# Check ALB endpoint
curl http://your-alb-dns-name

# Check instance logs
aws logs tail /aws/ec2/nginx --follow

# View Lambda logs
aws logs tail /aws/lambda/deployment --follow

# Check Auto Scaling Group status
aws autoscaling describe-auto-scaling-groups \
  --auto-scaling-group-names your-asg-name

Rollback Procedure

# If deployment fails, S3 versioning allows quick rollback
aws s3api get-object-version-id \
  --bucket your-bucket-name \
  --key frontend/index.html

# Restore previous version
aws s3api restore-object \
  --bucket your-bucket-name \
  --key frontend/index.html

πŸ“Š Monitoring & Logs

Accessing CloudWatch Dashboards

# Open AWS Console and navigate to:
# CloudWatch > Dashboards > your-project-dashboard

Dashboard Widgets:

  • Infrastructure health overview
  • EC2 performance metrics
  • ALB traffic distribution
  • Auto Scaling activity
  • Lambda execution metrics
  • Application error rates

Viewing Logs

# Using AWS CLI
aws logs tail /aws/ec2/nginx --follow
aws logs tail /aws/ec2/application --follow
aws logs tail /aws/lambda/deployment --follow

# Using AWS Console:
# CloudWatch > Log Groups > select log group

Creating Custom Alarms

# Example: Alert on high CPU
aws cloudwatch put-metric-alarm \
  --alarm-name high-cpu-alarm \
  --alarm-description "Alert when CPU > 80%" \
  --metric-name CPUUtilization \
  --namespace AWS/EC2 \
  --statistic Average \
  --period 300 \
  --threshold 80 \
  --comparison-operator GreaterThanThreshold

Performance Optimization

# Monitor key metrics:
# 1. Response Time: p50, p95, p99 latency
# 2. Throughput: Requests per second
# 3. Error Rate: 4xx and 5xx responses
# 4. Resource Utilization: CPU, Memory, Disk
# 5. Scaling Events: ASG launch/termination

πŸ” Security Features

Network Security

  • πŸ›‘οΈ VPC Isolation: Resources in private subnets
  • πŸ”’ Security Groups: Ingress/Egress rules enforced
  • 🌐 ALB: Single entry point with health checks
  • 🚫 NACLs: Network access control lists per subnet

Identity & Access Control

  • πŸ‘€ IAM Roles: Service-specific permissions
  • πŸ”‘ Principle of Least Privilege: Minimal permissions granted
  • πŸ“‹ Instance Profile: EC2 to AWS service authentication
  • πŸ” Lambda Execution Role: Specific permissions for deployment

Data Protection

  • πŸ”’ Encryption at Rest: S3 and EBS encryption enabled
  • πŸ” Encryption in Transit: TLS/HTTPS support
  • πŸ“ Audit Logging: CloudTrail integration ready
  • πŸ”„ Backup & Recovery: Automated snapshots

Monitoring & Compliance

  • πŸ“Š CloudWatch Logs: Complete audit trail
  • 🚨 Security Alarms: Unauthorized access detection
  • πŸ“‹ Compliance Reports: IAM access analyzer
  • πŸ” Vulnerability Scanning: Security group analysis

Best Practices Implemented

  • βœ… No public IP assignments for application servers
  • βœ… Bastion host ready (via SSM Session Manager)
  • βœ… Immutable infrastructure (launch templates)
  • βœ… Secure defaults for all security groups
  • βœ… Regular security group audits
  • βœ… Cross-account access prevented

πŸŽ“ Key Learning Outcomes

By deploying this infrastructure, you'll understand:

Terraform Skills

  • βœ… Modular infrastructure design patterns
  • βœ… State management and remote backends
  • βœ… Variable interpolation and dynamic blocks
  • βœ… Output values and data sources
  • βœ… Terraform best practices

AWS Skills

  • βœ… VPC design with public/private subnets
  • βœ… EC2 Auto Scaling and Launch Templates
  • βœ… Application Load Balancer configuration
  • βœ… Lambda event-driven architecture
  • βœ… IAM role design and policies
  • βœ… CloudWatch monitoring and alarms
  • βœ… S3 event notifications
  • βœ… Systems Manager Run Command

DevOps Skills

  • βœ… Infrastructure as Code principles
  • βœ… CI/CD pipeline design
  • βœ… Multi-environment management
  • βœ… Observability and monitoring
  • βœ… Automated deployment systems
  • βœ… High availability architecture
  • βœ… Scalability patterns

Production Skills

  • βœ… Blue-green deployment strategies
  • βœ… Graceful shutdowns and drain connections
  • βœ… Health check implementation
  • βœ… Centralized logging and log analysis
  • βœ… Alert fatigue management
  • βœ… Incident response automation
  • βœ… Cost optimization

πŸ› οΈ Technologies Used

Category Technology Purpose
IaC Terraform Infrastructure provisioning
Cloud AWS Cloud infrastructure
Compute EC2 Application servers
Network VPC, ALB Networking layer
Automation Lambda, SSM Deployment automation
Storage S3 Frontend asset storage
Monitoring CloudWatch Observability
Alerting SNS Notifications
Security IAM, Security Groups Access control
Web Server Nginx Application server
OS Linux (Amazon Linux 2) EC2 operating system
Scripting Bash User data scripts
VCS Git/GitHub Version control
DevOps Terraform, AWS, Docker-ready CI/CD foundation

πŸš€ Future Improvements

Phase 2: Enhanced Features

  • RDS database integration (MySQL/PostgreSQL)
  • Elasticache (Redis/Memcached) for caching
  • CloudFront CDN for edge content delivery
  • AWS Secrets Manager for sensitive data
  • VPN gateway for secure access
  • Database replication across AZs

Phase 3: Advanced DevOps

  • CI/CD pipeline with GitHub Actions / GitLab CI
  • Automated testing (unit, integration, smoke tests)
  • Container support (ECR + ECS)
  • Infrastructure scanning and compliance checks
  • Cost optimization and budget alerts
  • Automated infrastructure updates

Phase 4: Enterprise Features

  • Multi-region deployment
  • Disaster recovery (DR) strategy
  • Backup and restore automation
  • Terraform Cloud for state management
  • OIDC authentication integration
  • Service mesh (Istio/App Mesh)

Phase 5: Observability Enhancements

  • Prometheus + Grafana stack
  • Distributed tracing (X-Ray)
  • Application performance monitoring (APM)
  • Error tracking (Sentry)
  • Log aggregation (ELK stack)
  • Real-time dashboards

πŸ‘€ Author

Chaitanya Bhosale

Connect With Me


About This Project

This production-grade Terraform automation platform demonstrates industry best practices for AWS infrastructure management. It's designed to be:

  • Educational: Learn enterprise DevOps patterns
  • Scalable: Grow from DEV to PROD with ease
  • Maintainable: Clean, modular code structure
  • Reliable: High availability built-in
  • Secure: Security best practices implemented

Getting Help

  • πŸ“š Documentation: Read DESTROY_FIXES.md for troubleshooting
  • πŸ› Issues: Report bugs and request features
  • πŸ’¬ Discussions: Share knowledge and experiences
  • πŸ“– References: Check AWS and Terraform documentation

License

This project is licensed under the MIT License - see LICENSE file for details.

Contributing

Contributions are welcome! Please feel free to:

  1. Fork the repository
  2. Create a feature branch
  3. Commit your changes
  4. Push to the branch
  5. Create a Pull Request

Acknowledgments

  • AWS Documentation and best practices
  • Terraform community modules
  • DevOps industry standards
  • Cloud security frameworks

πŸ“ž Support & Resources

Official Documentation

Learning Resources

Helpful Tools


Built with ❀️ for DevOps Engineers

⭐ If this project helped you, please consider giving it a star! ⭐

About

Production-grade AWS multi-tier infrastructure automation platform using Terraform with Auto Scaling, ALB, Lambda, S3-triggered deployments, CloudWatch monitoring, SNS alerts, and DEV/PROD environments.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors