Phase 2 : AWS-Three-Tier-Infrastructure

Project Structure Overview


├── .github/
│   └── workflows/            # CI/CD pipeline definitions using GitHub Actions
│
├── docker-gitrunner-setup/   # Dockerized self-hosted GitHub Actions runner
│   ├── .env
│   ├── entrypoint.sh
│   ├── Dockerfile
│   └── docker-compose.yaml
│
├── .terraform/               # Terraform state & provider plugin files (auto-generated)
│
├── module-database/          # RDS MySQL provisioning module
│   ├── mysql.tf
│   └── variables.tf
│
├── module-dns/               # Route53 DNS + Namecheap integration
│   ├── output.tf
│   ├── variables.tf
│   └── route53-hostedzone.tf
│
├── module-eks/               # Full EKS + Addons + ArgoCD setup
│   ├── addons.tf
│   ├── argocd-values.yaml
│   ├── ecr-repository.tf
│   ├── eks-node-group.tf
│   ├── eks-node-group-role.tf
│   ├── eks-role.tf
│   ├── eks.tf
│   ├── nginx-ingress-values.yaml
│   ├── output.tf
│   └── variables.tf
│
├── module-vpc/               # Network layer: VPC, Subnets, NAT, Route Tables
│   ├── vpc.tf
│   ├── ig.tf
│   ├── public-subnet.tf
│   ├── private-subnet.tf
│   ├── nat-gateway.tf
│   ├── public-routetable.tf
│   ├── private-routetable.tf
│   ├── public-route-associate.tf
│   ├── private-route-associate.tf
│   ├── private-subnet-db.tf
│   ├── mysql-sg.tf
│   ├── output.tf
│   └── variables.tf
│
├── provider.tf               # AWS provider block
├── backend.tf                # Remote state config (S3 + DynamoDB)
├── clusterissuer.yaml        # Let’s Encrypt ClusterIssuer for TLS
├── ingress-argocd.yaml       # Ingress rule for ArgoCD
├── example-app.yaml          # Sample app deployment (for testing)
├── main.tf                   # Root terraform – module orchestration
├── output.tf                 # Root module outputs
├── terraform.tfvars          # Variable values
└── variable.tf               # Root-level variable declarations

📌 Pre-Deployment: IAM User and AWS Credentials Setup

Purpose:

To securely authenticate Terraform and GitHub Actions with AWS, I created an IAM user with appropriate permissions and generated access credentials.

Steps Followed:

Created an IAM User in AWS Console:
- Name: Mproject
- Access Type: Programmatic access only
Attached Policies:
- AdministratorAccess (for testing purposes; in production, use least privilege)
- Optionally: Custom policy scoped to required services like EKS, VPC, RDS, Route53
Generated:
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
Configured Locally (for Terraform CLI usage):

aws configure
# Enter access key, secret key, region, and output format

Added to GitHub Secrets for CI/CD:
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY

Note: IAM user credentials are sensitive. Always store them in secrets, not directly in code or config files.