# AWS Terraform Module Patterns

## VPC Module
- VPC with public/private subnets
- Internet Gateway and NAT Gateways
- Route tables and associations
- Network ACLs
- VPC Flow Logs

## EKS Module
- EKS cluster with managed node groups
- IRSA (IAM Roles for Service Accounts)
- Cluster autoscaler
- VPC CNI configuration
- Cluster logging

## RDS Module
- RDS instance or cluster
- Automated backups
- Read replicas
- Parameter groups
- Subnet groups
- Security groups

## S3 Module
- S3 bucket with versioning
- Encryption at rest
- Bucket policies
- Lifecycle rules
- Replication configuration

## ALB Module
- Application Load Balancer
- Target groups
- Listener rules
- SSL/TLS certificates
- Access logs

## Lambda Module
- Lambda function
- IAM execution role
- CloudWatch Logs
- Environment variables
- VPC configuration (optional)

## Security Group Module
- Reusable security group rules
- Ingress/egress rules
- Dynamic rule creation
- Rule descriptions

## Best Practices

1. Use AWS provider version ~> 5.0
2. Enable encryption by default
3. Use least-privilege IAM
4. Tag all resources consistently
5. Enable logging and monitoring
6. Use KMS for encryption
7. Implement backup strategies
8. Use PrivateLink when possible
9. Enable GuardDuty/SecurityHub
10. Follow AWS Well-Architected Framework