1.3 KiB
1.3 KiB
AWS Terraform Module Patterns
VPC Module
- VPC with public/private subnets
- Internet Gateway and NAT Gateways
- Route tables and associations
- Network ACLs
- VPC Flow Logs
EKS Module
- EKS cluster with managed node groups
- IRSA (IAM Roles for Service Accounts)
- Cluster autoscaler
- VPC CNI configuration
- Cluster logging
RDS Module
- RDS instance or cluster
- Automated backups
- Read replicas
- Parameter groups
- Subnet groups
- Security groups
S3 Module
- S3 bucket with versioning
- Encryption at rest
- Bucket policies
- Lifecycle rules
- Replication configuration
ALB Module
- Application Load Balancer
- Target groups
- Listener rules
- SSL/TLS certificates
- Access logs
Lambda Module
- Lambda function
- IAM execution role
- CloudWatch Logs
- Environment variables
- VPC configuration (optional)
Security Group Module
- Reusable security group rules
- Ingress/egress rules
- Dynamic rule creation
- Rule descriptions
Best Practices
- Use AWS provider version ~> 5.0
- Enable encryption by default
- Use least-privilege IAM
- Tag all resources consistently
- Enable logging and monitoring
- Use KMS for encryption
- Implement backup strategies
- Use PrivateLink when possible
- Enable GuardDuty/SecurityHub
- Follow AWS Well-Architected Framework