Collection of frequently used modules and how to start a new project.
- Encryption at Rest (AES256 or KMS)
- Encryption in Transit (TLSv1.2)
- High availability and redundancy (Multi AZ)
- Least permission roles
- Tags: (Name, Terraform, Cost-Center, Environment)
$ brew install terraform$ npm run install:npm${project}-infrastructure
|-- package.json # script shortcuts (lint, install, deploy, test) & versioning?
|-- master # Setup for root level account
| |-- users # IAM roles
| |-- state # Sets up state management for terraform
|-- operations # Setup for operation pieces
| |-- cicd # Jenkins
| |-- dns # Route53
| |-- logging # ELK & CloudWatch
| |-- monitoring # CloudTrail
| |-- secrets # HashiCorp Vault
| |-- state # Sets up state management for terraform
|-- environments
| |-- app # Public static assets
| |-- api # Public/Private API endpoints and support infrastructure
| |-- dashboard # Ops dashboards
| |-- db # Databases
| |-- state # Sets up state management for terraform
| |-- users # Sets up IAM roles for users
| |-- vpc # VPC & Networking
|-- modules # collection of project specific modulesMost application will have similar modules, most included in this project. Execution order is important.
- state
- users
- vpc
- db
- api
- app
- dashboard
Each environment module will follow the following format.
${module}
|-- main.tf # Includes state management & module inclusion
|-- terraform.tfvars # Includes ENV that apply to all env
|-- env.development.tfvars.enc # Includes `development` ENV
|-- env.testing.tfvars.enc # Includes `testing` ENV
|-- env.staging.tfvars.enc # Includes `staging` ENV
|-- env.production.tfvars.enc # Includes `production` ENV
All env.*.tfvars will be encrypted. (TODO add in script to do that with CI/CD)
Project specific modules should follow the following structure:
modules
|-- waf
| |-- variables.tf # inputs
| |-- locals.tf # internal variables
| |-- main.tf # setup
| |-- ... # tf file for each logical part of the module
| |-- output # outputs
$ terraform apply -var-file=env.${environment}.${region}.tfvars
# review changes
$ yes- VPC (bastion, proxy, nat w/ Multi-AZ)
- EC2 (ECS, EKS) w/ Multi-AZ
- DB (RDS, ES, DynamoDB) w/ Multi-AZ & Read Replicas
- Cache (redis) w/ Multi-AZ & Read Replicas
- Static Assets
- APIG
- WAF
- EKS
- User Account Auth
- Cognito
- CI/CD
- DNS
- VPN w/ Peering?
- VPC w/ Peering
- DB
- S3
- DNS
- Audit Logging
- Monitoring
- MS Azure
- OpenStack
See Developer Guide (TODO add link)
We use SemVer for versioning. For the versions available, see the tags on this repository.
See also the list of contributors who participated in this project.
This project is licensed under the MIT License - see the LICENSE.md file for details