Multi-environment, workspace-based AWS infrastructure management with modular Terraform
- Overview
- Features
- Architecture
- Available Infrastructure
- Quick Start
- Project Structure
- Variable Structure
- Documentation
- Examples
- Cost Considerations
- Contributing
- Support
This Terraform framework provides a comprehensive, production-ready infrastructure-as-code solution for AWS. Built with modularity, scalability, and multi-environment support at its core, it enables teams to manage complex AWS architectures across development, QA, and production environments using a single codebase.
- Workspace-Based Multi-Environment - Separate dev, QE, and prod using Terraform workspaces
- DRY (Don't Repeat Yourself) - Reusable modules with consistent interfaces
- Dynamic Resource Resolution - Automatic ID injection and reference resolution
- Production-Ready - Battle-tested patterns and best practices
- Cost-Aware - Built-in cost optimization strategies
- Well-Documented - Comprehensive documentation for every module
- β VPC Networking - Fully isolated virtual networks
- β Multi-AZ Subnets - Public, private, and database tiers
- β Internet & NAT Gateways - Managed internet connectivity
- β Route Tables - Dynamic routing with automatic gateway resolution
- β Security Groups - Firewall rules with SG-to-SG references
- β VPC Endpoints - Private AWS service connectivity (Gateway & Interface)
- β EKS Clusters - Managed Kubernetes control planes
- β EKS Node Groups - Worker nodes with launch templates
- β Elastic IPs - Static public IP addresses
- π― Workspace Isolation -
terraform workspacesupport for environment separation - π Automatic Resource Linking - Modules reference each other by name, not ID
- π¦ Modular Design - Each resource type is a self-contained module
- π·οΈ Consistent Tagging - Automatic
Nametags plus custom tag support - π State Management - Designed for remote state with locking
- π Output Chaining - Structured outputs for cross-module dependencies
- π‘οΈ Type Safety - Strongly-typed variables with validation
- π Comprehensive Docs - Module-level and root-level documentation
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Terraform Root β
β β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
β β Workspace β β Workspace β β Workspace β β
β β default β β qe β β prod β β
β β (dev) β β (staging) β β (production) β β
β ββββββββ¬ββββββββ ββββββββ¬ββββββββ ββββββββ¬ββββββββ β
β β β β β
β βββββββββββββββββββ΄ββββββββββββββββββ β
β β β
β βββββββββββββββββββ΄ββββββββββββββββββ β
β β β β
β ββββββΌβββββ βββββΌβββββ β
β β VPC(s) β β EKS β β
β β β βCluster β β
β β ββββββββΌβββββββ βββββ¬βββββ β
β β β Subnets β β β
β β β Public / β βββββΌβββββββββ β
β β β Private β β Node β β
β β ββββββββ¬βββββββ β Groups β β
β β β ββββββββββββββ β
β β ββββββββΌβββββββ β
β β β Gateways β β
β β β IGW / NAT β β
β β ββββββββ¬βββββββ β
β β β β
β β ββββββββΌβββββββ β
β β βRoute Tables β β
β β ββββββββ¬βββββββ β
β β β β
β β ββββββββΌβββββββ β
β β β Security β β
β β β Groups β β
β β βββββββββββββββ β
β βββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Internet
β
βΌ
βββββββββββββββββ
βInternet Gatewayβ
βββββββββ¬βββββββββ
β
ββββββββββββββββ΄βββββββββββββββ
β β
βββββΌββββββ ββββΌβββββββ
β Public β β Public β
βSubnet 1 β βSubnet 2 β
β (AZ1) β β (AZ2) β
βββββ¬ββββββ ββββ¬βββββββ
β β
βββββββΌβββββββ ββββββββΌββββββ
βNAT Gateway β βNAT Gateway β
β (AZ1) β β (AZ2) β
βββββββ¬βββββββ ββββββββ¬ββββββ
β β
βββββΌββββββ ββββΌβββββββ
β Private β β Private β
βSubnet 1 β βSubnet 2 β
β (AZ1) β β (AZ2) β
βββββ¬ββββββ ββββ¬βββββββ
β β
ββββββΌβββββ βββββΌββββββ
β EKS β β EKS β
β Nodes β β Nodes β
βββββββββββ βββββββββββ
| Module | Resource | AWS Cost | Purpose |
|---|---|---|---|
| VPC | aws_vpc |
FREE | Isolated virtual network |
| Subnet | aws_subnet |
FREE | Network segmentation (public/private) |
| Internet Gateway | aws_internet_gateway |
FREE | Internet access for public subnets |
| NAT Gateway | aws_nat_gateway |
$32.40/mo | Internet access for private subnets |
| Route Table | aws_route_table |
FREE | Traffic routing rules |
| Elastic IP | aws_eip |
FREE* | Static public IP addresses |
*FREE when attached; $3.60/month when idle
| Module | Resource | AWS Cost | Purpose |
|---|---|---|---|
| Security Group | aws_security_group |
FREE | Virtual firewall rules |
| Security Rules | aws_vpc_security_group_*_rule |
FREE | Ingress/egress traffic control |
| Module | Resource | AWS Cost | Purpose |
|---|---|---|---|
| Gateway Endpoint | aws_vpc_endpoint (Gateway) |
FREE | Private S3/DynamoDB access |
| Interface Endpoint | aws_vpc_endpoint (Interface) |
$7.30/mo | Private AWS service access |
| Module | Resource | AWS Cost | Purpose |
|---|---|---|---|
| EKS Cluster | aws_eks_cluster |
$73/mo | Managed Kubernetes control plane |
| EKS Node Group | aws_eks_node_group |
Variable* | Kubernetes worker nodes |
*Node group cost = EC2 instance costs (e.g., t3.medium = $30/month)
modules/
βββ vpc/ # VPC creation
βββ subnet/ # Subnet management
βββ igw/ # Internet Gateway
βββ nat_gw/ # NAT Gateway
βββ rt/ # Route Tables
βββ eip/ # Elastic IPs
βββ security_group/ # Security Groups & Rules
βββ vpc_endpoint/ # VPC Endpoints
βββ eks_mng/
βββ eks_cluster/ # EKS Control Plane
βββ eks_nodegroups/ # EKS Worker Nodes
Development Environment:
1 VPC = FREE
4 Subnets = FREE
1 Internet Gateway = FREE
1 NAT Gateway = $32.40
2 Route Tables = FREE
2 Security Groups = FREE
1 EKS Cluster = $73.00
2 t3.small nodes = $30.00
βββββββββββββββββββββββββββββ
Total β $135.40/month
Production Environment (HA):
1 VPC = FREE
9 Subnets (3 AZs) = FREE
1 Internet Gateway = FREE
3 NAT Gateways = $97.20
5 Route Tables = FREE
5 Security Groups = FREE
3 EKS Clusters = $219.00
10 t3.medium nodes = $300.00
βββββββββββββββββββββββββββββ
Total β $616.20/month
- Terraform >= 1.0
- AWS CLI configured with credentials
- AWS account with appropriate IAM permissions
- Basic understanding of AWS networking and Terraform
# Clone the repository
git clone <repository-url>
cd terraform-aws-infrastructure-framework
# Initialize Terraform
terraform init
# Create workspace for your environment
terraform workspace new dev
terraform workspace select dev- Copy example configuration:
cp examples/mini_test.tfvars terraform.tfvars- Edit
terraform.tfvarswith your configuration:
# VPC Configuration
vpc_parameters = {
default = {
my_vpc = {
cidr_block = "10.10.0.0/16"
tags = {
Environment = "dev"
Project = "my-project"
}
}
}
}
# Subnet Configuration
subnet_parameters = {
default = {
public_subnet_az1 = {
cidr_block = "10.10.1.0/24"
vpc_name = "my_vpc"
az_index = 0
map_public_ip_on_launch = true
tags = { Type = "public" }
}
private_subnet_az1 = {
cidr_block = "10.10.10.0/24"
vpc_name = "my_vpc"
az_index = 0
map_public_ip_on_launch = false
tags = { Type = "private" }
}
}
}
# Validate configuration
terraform validate
# Preview changes
terraform plan
# Deploy infrastructure
terraform apply
# View outputs
terraform output# Check created resources
terraform show
# Verify VPC
aws ec2 describe-vpcs --filters "Name=tag:Name,Values=my_vpc"
# Verify subnets
aws ec2 describe-subnets --filters "Name=vpc-id,Values=<vpc-id>"
# Check EKS cluster (if deployed)
aws eks describe-cluster --name <cluster-name>.
βββ README.md # This file
βββ CHANGELOG.md
βββ CONTRIBUTORS.md
βββ SECURITY.md # Project security report
βββ LICENSE
βββ terraform.tfvars # User configuration (git-ignored)
βββ variables.tf # Root variable definitions
βββ outputs.tf # Root outputs
βββ provider.tf # AWS provider configuration
β
βββ 01_locals.tf # Local value transformations
βββ 02_vpc.tf # VPC module calls
βββ 03_subnet.tf # Subnet module calls
βββ 04_rt.tf # Route Table module calls
βββ 05_security_group.tf # Security Group module calls
βββ 06_eip.tf # Elastic IP module calls
βββ 07_eks.tf # EKS Cluster module calls
βββ 08_gateway.tf # IGW, NAT Gateway module calls
βββ 09_vpc_endpoint.tf # VPC Endpoint module calls
β
βββ backendfiles/ # Backend configuration files
β βββ backend.default.conf.demo
β βββ backend.prod.conf
β βββ backend.qe.conf
β
βββ docs/ # Documentation
β βββ GETTING_STARTED.md
β βββ NETWORKING.md
β βββ NETWORK_SECURITY.md
β βββ VPC_ENDPOINTS.md
β βββ EKS.md
β βββ EXAMPLE.md
β βββ TROUBLESHOOTING.md
β βββ COST_OPTIMIZATION.md
β
βββ examples/
β βββ all_example.tfvars
β βββ mini_test.tfvars
β βββ pub_test.tfvars
β
βββ modules/ # Reusable modules
βββ vpc/
β βββ main.tf
β βββ variables.tf
β βββ outputs.tf
β βββ README.md
βββ subnet/
βββ rt/
βββ igw/
βββ nat_gw/
βββ eip/
βββ security_group/
βββ vpc_endpoint/
βββ eks_mng/
βββ eks_cluster/
βββ eks_nodegroups/
This framework uses a three-layer variable architecture with automatic resource ID injection and reference resolution:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β VARIABLE FLOW ARCHITECTURE β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Layer 1: USER INPUT (terraform.tfvars)
ββ Workspace-scoped configuration
ββ Human-readable resource names (not IDs)
ββ Minimal required parameters
ββ Structure: map(map(object({...})))
β
βΌ
Layer 2: ROOT TRANSFORMATION
ββ Automatic ID injection
ββ Reference resolution (names β IDs)
ββ Dynamic parameter generation
ββ Workspace selection via lookup()
ββ Structure: Generated maps with injected IDs
β
βΌ
Layer 3: MODULE CONSUMPTION (modules/*/main.tf)
ββ Receives fully-resolved parameters
ββ Creates AWS resources
ββ Returns outputs (IDs, ARNs, etc.)
ββ Structure: map(object({...})) with IDs
All root variables follow this structure:
variable "<resource>_parameters" {
type = map( # Workspace level
map( # Resource level
object({ # Configuration level
# User-provided parameters (names, not IDs)
<resource_name> = string # e.g., vpc_name, subnet_name
<configuration> = <type> # Resource-specific config
# Auto-injected by root (NOT provided by user)
<resource_id> = string # e.g., vpc_id, subnet_ids
tags = optional(map(string))
})
)
)
}Structure Breakdown:
- First map: Workspaces (
default,qe,prod) - Second map: Resource instances (unique identifiers)
- Object: Resource configuration (parameters + auto-injected IDs)
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β USER INPUT (terraform.tfvars) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
subnet_parameters = {
default = { # β Workspace
my_subnet = { # β Resource name
cidr_block = "10.0.1.0/24"
vpc_name = "my_vpc" # β Human-readable reference
az_index = 0
}
}
}
β
β Root Transformation
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β GENERATED PARAMETERS β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
locals {
generated_subnet_parameters = {
for workspace, subnets in var.subnet_parameters :
workspace => {
for name, subnet in subnets :
name => merge(subnet, {
vpc_id = local.vpc_id_by_name[subnet.vpc_name]
# ββββββββββββββββ ββββββββββββββββββββββββββββββββββββββ
# β² β²
# Auto-injected Lookup from VPC outputs
availability_zone = data.aws_availability_zones.available.names[subnet.az_index]
# ββββββββββββββββ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
# β² β²
# Auto-resolved AWS data source lookup
})
}
}
}
β
β Module Call (02_vpc.tf)
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β MODULE RECEIVES (modules/subnet) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
{
cidr_block = "10.0.1.0/24"
vpc_id = "vpc-0abc123def456" # β Injected ID
availability_zone = "ap-south-1a" # β Resolved AZ
}βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β USER INPUT (terraform.tfvars) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
eks_clusters = {
default = {
my_cluster = {
cluster_version = "1.34"
vpc_name = "my_vpc" # β VPC name
subnet_name = ["sub1", "sub2"] # β Subnet names (list)
sg_name = ["cluster_sg"] # β Security group names
}
}
}
β
β Root Transformation (07_eks.tf)
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β GENERATED PARAMETERS β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
locals {
generated_cluster_config = {
for workspace, clusters in var.eks_clusters :
workspace => {
for name, cluster in clusters :
name => merge(cluster, {
vpc_id = local.vpc_id_by_name[cluster.vpc_name]
subnet_ids = [
for sn in cluster.subnet_name :
local.subnet_id_by_name[sn] # β Loop through list
]
# ββββββββββββ ββββββββββββββββββββ
# β² β²
# List of IDs Lookup each name
security_group_ids = [
for sg in cluster.sg_name :
local.sgs_id_by_name[sg]
]
})
}
}
}
β
β Module Call
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β MODULE RECEIVES (modules/eks_mng/eks_cluster) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
{
cluster_version = "1.34"
vpc_id = "vpc-0abc123"
subnet_ids = ["subnet-111", "subnet-222"] # β Injected list
security_group_ids = ["sg-0abc123"] # β Injected list
}βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β USER INPUT (terraform.tfvars) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ipv4_ingress_rule = {
default = {
web_from_alb = {
vpc_name = "my_vpc"
sg_name = "web_sg" # β Target SG (name)
source_security_group_name = "alb_sg" # β Source SG (name)
from_port = 80
protocol = "TCP"
}
}
}
β
β Root Transformation (03_security_group.tf)
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β GENERATED PARAMETERS β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
locals {
generated_ipv4_ingress_parameters = {
for workspace, rules in var.ipv4_ingress_rule :
workspace => {
for name, rule in rules :
name => merge(rule, {
security_group_id = local.sgs_id_by_name[rule.sg_name]
# βββββββββββββββ βββββββββββββββββββββββββββββββββββ
# β² β²
# Target SG ID Lookup target by name
referenced_security_group_id = local.sgs_id_by_name[rule.source_security_group_name]
# ββββββββββββββββββββββββββ βββββββββββββββββββββββββββββββββββββββββββββββββββββ
# β² β²
# Source SG ID Lookup source by name
})
}
}
}
β
β Module Call
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β MODULE RECEIVES (modules/security_group) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
{
security_group_id = "sg-web123" # β Target SG ID
referenced_security_group_id = "sg-alb456" # β Source SG ID
from_port = 80
protocol = "TCP"
}After module creates resources, IDs are extracted for use by other modules:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β MODULE OUTPUT (modules/vpc/outputs.tf) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
output "vpcs" {
value = {
for key, vpc in aws_vpc.vpc_module:
key => {
name = vpc.tags["Name"]
id = vpc.id # β VPC ID
cidr_block = vpc.cidr_block
}
}
}
β
β Root Extraction
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β LOCAL VALUE EXTRACTION β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
locals {
vpc_id_by_name = {
for name, vpc in module.chat_app_vpc.vpcs :
name => vpc.id
# ββ ββββββ
# β² β²
# Key Value
}
}
# Result:
# {
# "my_vpc" = "vpc-0abc123"
# "prod_vpc" = "vpc-0def456"
# }
β
β Used by other modules
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β LOOKUP IN OTHER MODULES β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
vpc_id = local.vpc_id_by_name[subnet.vpc_name]
# ββββββββββββββββββ ββββββββββββββββ
# β² β²
# Lookup map User-provided nameβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β END-TO-END VARIABLE FLOW β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Step 1: USER CONFIGURATION
terraform.tfvars
- Workspace-scoped maps
- Resource names (NOT IDs)
- Minimal required parameters
Step 2: ROOT VARIABLE DEFINITIONS
variables.tf
- Type definitions
- Workspace map structure
- Validation rules
Step 3: MODULE OUTPUTS
modules/*/outputs.tf
- Export created resource IDs
- Structured output maps
Step 4: LOCAL EXTRACTION
01_locals.tf
- Extract IDs from module outputs
- Create name-to-ID lookup maps
- Example: vpc_id_by_name, subnet_id_by_name
Step 5: LOCAL TRANSFORMATION
01_locals.tf, 02_vpc.tf, etc.
- Merge user config with auto-injected IDs
- Resolve references (names β IDs)
- Generate final module parameters
Step 6: MODULE CONSUMPTION
modules/*/main.tf
- Receive fully-resolved parameters
- Create AWS resources with IDs
- Return outputs for next iteration
All variables use workspace-based scoping:
variable "<resource>_parameters" {
type = map( # β Workspace level
map( # β Resource level
object({...}) # β Configuration
)
)
}
# Usage in root:
lookup(var.<resource>_parameters, terraform.workspace, {} )
# ββββββββββββββββββββββββ ββββββββββββββββββββ
# β² β²
# Variable name Current workspaceSome modules require two separate calls:
# Phase 1: Create base resources (Security Groups)
module "security_group" {
source = "./modules/security_group"
security_group_parameters = lookup(...)
}
# Phase 2: Create dependent resources (Rules)
module "security_rules" {
source = "./modules/security_group"
ipv4_ingress_rule = lookup(...)
sg_name_to_id_map = local.sgs_id_by_name # β From Phase 1
depends_on = [module.security_group]
}User Provides (Static):
- Resource names (
vpc_name,subnet_name) - Configuration values (
cidr_block,instance_type) - Tags, ports, protocols
Framework Injects (Dynamic):
- Resource IDs (
vpc_id,subnet_ids) - Resolved values (
availability_zone) - Cross-module references (
security_group_ids)
For detailed variable schemas, see:
- Root variables:
variables.tf- Complete type definitions - Module variables:
modules/*/variables.tf- Module-specific inputs - Module README:
modules/*/README.md- Parameter descriptions and examples - Transformation logic:
01_locals.tf,02_vpc.tf, etc. - Dynamic generation code - Usage examples:
docs/EXAMPLES.md- Real-world configurations
| Document | Description |
|---|---|
| Getting Started | Initial setup, deployment, workspace management |
| Networking | VPC, Subnets, Route Tables, Gateways |
| Security | Security Groups, Rules, Best Practices |
| VPC Endpoints | Gateway & Interface Endpoints |
| EKS | EKS Clusters & Node Groups |
| Examples | Complete architecture examples |
| Troubleshooting | Common issues and solutions |
| Cost Optimization | Cost-saving strategies |
Each module has comprehensive documentation:
- Purpose & Use Cases
- Input Variables
- Output Values
- Configuration Examples
- Best Practices
- Troubleshooting
See modules/<module>/README.md for module-specific docs.
# terraform.tfvars
vpc_parameters = {
default = {
dev_vpc = {
cidr_block = "10.10.0.0/16"
tags = { Environment = "dev" }
}
}
}
subnet_parameters = {
default = {
public_subnet = {
cidr_block = "10.10.1.0/24"
vpc_name = "dev_vpc"
az_index = 0
map_public_ip_on_launch = true
}
private_subnet = {
cidr_block = "10.10.10.0/24"
vpc_name = "dev_vpc"
az_index = 0
}
}
}Result: Single-AZ development VPC with public and private subnets.
# terraform.tfvars (simplified)
eks_clusters = {
prod = {
prod_cluster = {
cluster_version = "1.34"
vpc_name = "prod_vpc"
subnet_name = ["pri_sub1", "pri_sub2", "pri_sub3"]
sg_name = ["eks_cluster_sg"]
endpoint_public_access = false
endpoint_private_access = true
tags = { Environment = "prod" }
}
}
}
eks_nodegroups = {
prod = {
prod_cluster = {
prod_nodes = {
k8s_version = "1.34"
arch = "arm64"
min_size = 3
max_size = 10
desired_size = 5
instance_types = "t4g.medium"
subnet_name = ["pri_sub1", "pri_sub2", "pri_sub3"]
node_security_group_names = ["eks_node_sg"]
tags = { Tier = "application" }
}
}
}
}Result: Private EKS cluster with multi-AZ node groups using ARM instances.
vpc_endpoint_parameters = {
default = {
s3_endpoint = {
region = "ap-south-1"
vpc_name = "my_vpc"
service_name = "s3"
vpc_endpoint_type = "Gateway"
route_table_names = ["private_rt"]
tags = { Purpose = "S3-Private-Access" }
}
}
}Result: Free S3 access from private subnets without NAT Gateway costs.
See docs/EXAMPLES.md for complete architecture examples.
- VPC, Subnets, Route Tables, Internet Gateway
- Security Groups and Rules
- Gateway Endpoints (S3, DynamoDB)
- Elastic IPs (when attached)
| Resource | Cost | Optimization Tip |
|---|---|---|
| NAT Gateway | $32.40/mo + $0.045/GB | Use one per AZ (HA) or single for dev |
| EKS Cluster | $73/mo | Share clusters when possible |
| EC2 Nodes | Variable | Use ARM (t4g) for 20% savings |
| Interface Endpoints | $7.30/mo + $0.01/GB | Only for high-volume traffic |
| Idle Elastic IPs | $3.60/mo | Release immediately after use |
- Development: Single NAT Gateway, shared EKS cluster
- Production: Multi-AZ NAT, separate EKS clusters per tier
- Use ARM instances (t4g) instead of x86 (t3) for ~20% savings
- VPC Endpoints for S3/DynamoDB (free Gateway endpoints)
- Cluster Autoscaler to scale nodes based on demand
See docs/COST_OPTIMIZATION.md for detailed strategies.
Contributions are welcome! Please follow these guidelines:
- Fork the repository
- Create a feature branch:
git checkout -b feature/my-feature - Make your changes
- Update documentation
- Test thoroughly
- Submit a pull request
- Follow existing code style
- Add tests for new features
- Update module README.md files
- Run
terraform fmtbefore committing - Add examples for new configurations
- Use GitHub Issues
- Include Terraform version, AWS region, error messages
- Provide minimal reproducible example
- Check existing issues first
- Documentation: Start with docs/ folder
- Module Docs: Check
modules/<module>/README.md - Examples: See docs/EXAMPLES.md
- Troubleshooting: Refer to docs/TROUBLESHOOTING.md
- Issues: Submit a GitHub issue
# Workspace management
terraform workspace list
terraform workspace select <workspace>
terraform workspace new <workspace>
# Validation
terraform validate
terraform fmt -recursive
terraform plan
# Inspection
terraform state list
terraform show
terraform output
# Cleanup
terraform destroyThis project is licensed under the Apache-2.0 license - see the LICENSE file for details.
- AWS for comprehensive cloud services
- HashiCorp for Terraform
- Open-source community for best practices
- β VPC, Subnets, Gateways(NAT,IGW), RoutTable, EIP
- β Security Groups
- β VPC Endpoints
- β EKS Clusters & Node Groups
- Project Owner: rajarshigit2441139
- Status: Active Development
- Stability: Production-Ready (core modules)
- Maintenance: Actively Maintained
- Last Updated: January 2026
Built with β€οΈ by the Infrastructure Team
Questions? Issues? Feedback?
- Read Documents
- Open a GitHub Issue
- Join Slack