This repository contains Terraform scripts to deploy a 3-tier application architecture on AWS. The architecture consists of ECS (Elastic Container Service) for frontend and backend containers, RDS (Relational Database Service) as the database, ECR (Elastic Container Registry) for Docker image repository, and ALB (Application Load Balancer) on top of the frontend.
For Practical Scenarios, refer my blog post: https://anyonecandeploy.com/
-
If you already have frontend and backend application ready as an Docker Image, and planning to create 3 tier Infrastructure in AWS in one go, than you are on the right place
-
Imagine you're excited to launch your application, but the overwhelming responsibility of deploying a secure, cost-effective, and automated infrastructure is hindering you. Don't worry! With just a few CLI commands and our carefully designed Terraform setup, you can get your application up and running quickly.
Before you begin, make sure you have the following prerequisites installed:
-
Terraform
-
AWS CLI
-
Docker (if you're building custom Docker images)
-
Basic Working Knowledge of Terraform and AWS CLI required
Follow these steps to deploy the infrastructure using Terraform:
-
Clone this repository to your local machine:
git clone [email protected]:var1914/automated-3-tier-infrastructure.git
-
Navigate to the repository directory:
cd automated-3-tier-infrastructure -
Initialize Terraform:
terraform init
-
Go Through
variables.tf, analyse what all variables you want to customise as per your needs -
Review and modify file like
stage.tfvars/prod.tfvars, add more variables inmain.tf, if you are adding atstage.tfvars/prod.tfvarsfiles to set your desired configurations. You may need to update variables such as region, AWS profile, etc on local machine.
Note: I have used temporary acm_certificate_arn inside stage/prod tfvars, please update it with actual one
The automated script will only work if you have an ACM certs, as ALB HTTPS Listener requires TLS certificate.
OR ELSE SCRIPT WILL FAIL
-
If you are planning to create multiple environment, its good to create terraform workspaces, which will make sure of isolation of your multiple duplicated environment
For e.g.: terraform workspace new stage OR terraform workspace new prod
Note: Terraform workspaces are a feature that allows you to manage multiple states of your infrastructure within a single Terraform directory, enabling you to switch between different sets of resources, variables, and outputs without interfering with each other.
-
Plan the Terraform configuration to review the infrastructure:
terraform workspace select stage/prod terraform plan --var-file stage.tfvars/prod.tfvars
Note: Basically TFVARS define variables and their values for Terraform configurations, enabling dynamic parameterization of infrastructure resources
-
Apply the Terraform configuration to create the infrastructure:
terraform workspace select stage/prod terraform apply --var-file stage.tfvars/prod.tfvars
-
Confirm the deployment by reviewing the Terraform Apply and entering 'yes' when prompted.
-
Once the deployment is complete, You need to push docker image.
Note: ALB will give 503 error, until you push frontend and backend docker images to ECR
-
Build and push your custom Docker images to ECR:
# Login to ECR aws ecr get-login-password --region <REGION> | docker login --username AWS --password- stdin <AWS_ACCOUNT_ID>.dkr.ecr.<REGION>.amazonaws.com FOR FRONTEND: # Build the Docker images docker build -t your-image-name . # Tag the Docker image for ECR docker tag your-image-name:latest <AWS_ACCOUNT_ID>.dkr.ecr.<REGION>.amazonaws.com/"${var.project_name}-${var.environment}-frontend":latest # Push to ECR docker push <AWS_ACCOUNT_ID>.dkr.ecr.<REGION>.amazonaws.com/"${var.project_name}-${var.environment}-frontend" FOR BACKEND: # Build the Docker images docker build -t your-image-name . # Tag the Docker image for ECR docker tag your-image-name:latest <AWS_ACCOUNT_ID>.dkr.ecr.<REGION>.amazonaws.com/"${var.project_name}-${var.environment}-backend":latest # Push to ECR docker push <AWS_ACCOUNT_ID>.dkr.ecr.<REGION>.amazonaws.com/"${var.project_name}-${var.environment}-backend"
-
Access your application by mapping ALB DNS ( Which you will get from Terraform Output ) to your DNS.
To tear down the infrastructure and delete all resources created by Terraform, run:
```bash
terraform workspace select stage/prod
terraform destroy
```
No resources.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| acm_certificate_arn | The ARN for the ACM certificate | string |
n/a | yes |
| alb_public_access | Whether the ALB should be publicly accessible | bool |
true |
no |
| backend_readonly_root_filesystem | Whether the backend service should have a read-only root filesystem | bool |
true |
no |
| backend_service_cpu | The CPU units for the backend service | number |
256 |
no |
| backend_service_environment | Environment variables for the backend service | list(map(string)) |
null |
no |
| backend_service_memory | The memory for the backend service | number |
512 |
no |
| backend_service_port | The port for the backend service | number |
3000 |
no |
| create_env_bucket | Whether to create an environment bucket | bool |
false |
no |
| db_engine | The engine for the database | string |
"postgres" |
no |
| db_engine_version | The version for the database engine | string |
"11.5" |
no |
| db_instance_class | The instance class for the database | string |
"db.t2.micro" |
no |
| db_parameter_group_family | The family for the database parameter group | string |
"postgres11" |
no |
| db_port | The port for the database | number |
5432 |
no |
| db_publicly_accessible | Whether the database should be publicly accessible | bool |
false |
no |
| db_storage_size | The storage size for the database | number |
20 |
no |
| environment | The environment for the infrastructure | string |
"stage" |
no |
| frontend_service_cpu | The CPU units for the frontend service | number |
256 |
no |
| frontend_service_environment | Environment variables for the frontend service | list(map(string)) |
null |
no |
| frontend_service_memory | The memory for the frontend service | number |
512 |
no |
| frontend_service_port | The port for the frontend service | number |
80 |
no |
| project_name | The name of the project | string |
n/a | yes |
| region | The region for the infrastructure | string |
"us-west-2" |
no |
| skip_final_snapshot | Whether to skip the final snapshot | bool |
true |
no |
| vpc_cidr | The CIDR block for the VPC | string |
"10.0.0.0/16" |
no |
| Name | Description |
|---|---|
| alb_dns_name | The DNS name of the ALB |
| backend_ecr | The ECR URL for the backend |
| frontend_ecr | The ECR URL for the frontend |