This project implements a three-layer architecture in AWS using Terraform:
- Web Layer - Public-facing web servers in public subnets
- Application Layer - Application servers in private subnets
- Database Layer - RDS MySQL database in isolated database subnets
The architecture includes:
- VPC: A dedicated VPC with CIDR block 10.0.0.0/16
- Subnets: Public, private, and database subnets across multiple availability zones
- Internet Gateway: Allows internet access from public subnets
- NAT Gateway: Allows internet access from private and database subnets
- Route Tables: Configured for each subnet type
- Security Groups: Defined for web, application, and database layers
- Load Balancers: Application Load Balancers for web and application layers
- EC2 Instances: Web servers and application servers
- RDS Database: Multi-AZ MySQL database
- AWS CLI configured with appropriate permissions
- Terraform v1.0.0+ installed
- SSH key pair created in AWS (referenced in the configuration)
infrastructure/
├── main.tf # Main Terraform configuration
├── variables.tf # Input variables
├── outputs.tf # Output values
├── modules/
│ ├── networking/ # VPC, subnets, security groups, etc.
│ ├── compute/ # EC2 instances, load balancers
│ └── database/ # RDS database
└── environments/
├── dev/ # Development environment configuration
└── prod/ # Production environment configuration
cd infrastructure
terraform initcd environments/dev
terraform init
terraform plan
terraform applycd environments/prod
terraform init
terraform plan
terraform apply- In a production environment, improve security by:
- Using AWS Secrets Manager or Parameter Store for database credentials
- Restricting SSH access to specific CIDR blocks
- Implementing a bastion host for SSH access
- Adding AWS WAF to the web ALB
- Enabling encryption for all data at rest and in transit
To destroy all resources:
cd environments/dev # or prod
terraform destroy