Skip to content

RScrafted/terraform-aws-baseline

BranchesTags

Repository files navigation

AWS Infrastructure Baseline

A small, production‑style AWS web infrastructure built with Terraform, focusing on secure networking, high availability, and team‑friendly remote state.

1. Technical Highlights

  • Dynamic AMI Selection: Uses Terraform data sources and filters to always pick the latest Amazon Linux AMI, reducing manual image management and keeping instances up to date.
  • Network Isolation: The Auto Scaling Group runs only in private subnets with no public IPs. Traffic from the internet always goes through the Application Load Balancer first.
  • Remote state and locking: Uses an S3 backend with DynamoDB locking so multiple people can work safely without corrupting Terraform state.
  • Security group lifecycle: Uses standalone aws_vpc_security_group_ingress_rule and egress_rule resources instead of inline blocks to make rules easier to track, review, and change over time.

2. Architecture Overview

  • Region: eu-west-2 (configurable via variables).
  • High availability: Multi‑AZ deployment across eu-west-2a and eu-west-2b for both public and private subnets.
  • Outbound access: Private instances reach the internet via a NAT gateway in a public subnet, so they can update and pull dependencies without being publicly exposed.

Note: This setup is aimed at a dev environment. For production, a second NAT gateway in another AZ is recommended to avoid a single point of failure.

3. Expected Output

ASG EC2 Instance 1

ASG EC2 Instance 2

4. How to Use

4.1. Configure console and verify

Important: Never share or commit your AWS credentials or config files. Treat them as sensitive.

  • Install AWS CLI on your local machine.
  • Create AWS credentials in the AWS Console.
  • Configure locally using a named profile: 
    aws configure --profile dev
  • Verify Configuration: 
    cat ~/.aws/credentials
cat ~/.aws/config

Note: This approach is for a dev environment. In production, IAM roles and SSO are to be considered.

4.2. S3 bucket for backend.tf

  1. Clone this repo.
git clone https://github.com/RScrafted/aws-infrastructure-baseline.git --progress
  1. Create S3 bucket unique-name (one-time step).
  2. Create backend-<env>.hcl with your bucket details (from step 2) and run terraform init -backend-config=backend-<env>.hcl.

4.3. Terraform Workflow

  1. Initialize:
terraform init -backend-config=backend-dev.hcl
  1. Plan & Review:
terraform plan
  1. Deploy:
terraform apply

Terraform Outputs

  1. Post‑Deployment Checks List all deployed resources:
terraform state list

Terraform State List

4.4. Terraform configurations notes

  • Update the AWS profile in provider.tf when switching environments (dev/test/prod).
  • AWS Provider version is flexible; currently using: 
    version = "~> 6.0"
  • var.tags is applied in main.tf along with resource names for consistent tagging.

4.5. Cleanup

terraform destroy

About

Production-ready AWS Infrastructure Baseline using Terraform. Features a multi-AZ VPC, public/private subnet isolation, ALB/ASG integration, and remote state management.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

 
 
 

Contributors

Languages