Initial commit

skills/terraform-module-library/references/aws-modules.md

@@ -0,0 +1,63 @@
+# AWS Terraform Module Patterns
+
+## VPC Module
+- VPC with public/private subnets
+- Internet Gateway and NAT Gateways
+- Route tables and associations
+- Network ACLs
+- VPC Flow Logs
+
+## EKS Module
+- EKS cluster with managed node groups
+- IRSA (IAM Roles for Service Accounts)
+- Cluster autoscaler
+- VPC CNI configuration
+- Cluster logging
+
+## RDS Module
+- RDS instance or cluster
+- Automated backups
+- Read replicas
+- Parameter groups
+- Subnet groups
+- Security groups
+
+## S3 Module
+- S3 bucket with versioning
+- Encryption at rest
+- Bucket policies
+- Lifecycle rules
+- Replication configuration
+
+## ALB Module
+- Application Load Balancer
+- Target groups
+- Listener rules
+- SSL/TLS certificates
+- Access logs
+
+## Lambda Module
+- Lambda function
+- IAM execution role
+- CloudWatch Logs
+- Environment variables
+- VPC configuration (optional)
+
+## Security Group Module
+- Reusable security group rules
+- Ingress/egress rules
+- Dynamic rule creation
+- Rule descriptions
+
+## Best Practices
+
+1. Use AWS provider version ~> 5.0
+2. Enable encryption by default
+3. Use least-privilege IAM
+4. Tag all resources consistently
+5. Enable logging and monitoring
+6. Use KMS for encryption
+7. Implement backup strategies
+8. Use PrivateLink when possible
+9. Enable GuardDuty/SecurityHub
+10. Follow AWS Well-Architected Framework