A production-ready Infrastructure as Code (IaC) solution for deploying a scalable Amazon EKS cluster with automated CI/CD pipeline using Terraform and GitHub Actions.
- Overview
- Architecture
- Features
- Prerequisites
- Quick Start
- Infrastructure Components
- CI/CD Pipeline
- Configuration
- Monitoring & Security
- Cost Optimization
- Contributing
This project demonstrates enterprise-level Infrastructure as Code practices by provisioning a complete Amazon EKS (Elastic Kubernetes Service) environment on AWS. The infrastructure is designed with scalability, security, and cost-efficiency in mind, featuring automated deployment through GitHub Actions.
Key Highlights:
- ποΈ Infrastructure as Code: Complete AWS EKS cluster provisioning using Terraform
- π Automated CI/CD: GitHub Actions workflow for continuous deployment
- π‘οΈ Security First: Private subnets, security groups, and IAM roles following AWS best practices
- π Auto Scaling: Managed node groups with automatic scaling capabilities
- π° Cost Optimized: t3.small instances with efficient resource allocation
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β AWS Cloud β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β VPC (172.20.0.0/16) β β
β β β β
β β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β β
β β β Public Subnetβ β Public Subnetβ β Public Subnetβ β β
β β β AZ-1 β β AZ-2 β β AZ-3 β β β
β β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β β
β β β β β β β
β β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β β
β β βPrivate Subnetβ βPrivate Subnetβ βPrivate Subnetβ β β
β β β EKS Nodes β β EKS Nodes β β EKS Nodes β β β
β β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β β
β β β β
β β EKS Control Plane β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- π Multi-AZ VPC: High availability across 3 availability zones
- π Private EKS Nodes: Worker nodes deployed in private subnets for enhanced security
- πͺ NAT Gateway: Single NAT gateway for cost optimization
- π Auto Scaling: Managed node groups with configurable scaling policies
- π·οΈ Resource Tagging: Comprehensive tagging strategy for resource management
- π GitOps Workflow: Infrastructure changes triggered by Git commits
- β Automated Testing: Terraform validation, formatting, and planning
- π Zero-Downtime Deployment: Automated apply on main branch
- π¦ State Management: Remote state storage in S3 with locking
- ποΈ Environment Separation: Support for multiple environments (main/stage)
- AWS Account with appropriate permissions
- Terraform >= 1.6.6
- AWS CLI configured
- kubectl for cluster management
- GitHub repository with secrets configured
- EKS cluster creation and management
- VPC and networking resources
- IAM roles and policies
- EC2 instances and security groups
git clone https://github.com/Flack74/IAC-Vpro.git
cd IAC-VproSet up the following secrets in your GitHub repository:
AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEYBUCKET_TF_STATE(S3 bucket for Terraform state)
Edit terraform/variables.tf to match your requirements:
variable "region" {
default = "us-east-1" # Change to your preferred region
}
variable "clusterName" {
default = "vprofile-eks74" # Customize cluster name
}Push changes to the main branch to trigger automatic deployment:
git add .
git commit -m "Deploy EKS infrastructure"
git push origin main- CIDR Block: 172.20.0.0/16
- Public Subnets: 3 subnets across different AZs
- Private Subnets: 3 subnets for EKS worker nodes
- Internet Gateway: For public subnet internet access
- NAT Gateway: Single gateway for cost optimization
- Kubernetes Version: 1.27
- Node Groups: 2 managed node groups
- Group 1: 1-3 t3.small instances (desired: 2)
- Group 2: 1-2 t3.small instances (desired: 1)
- AMI Type: Amazon Linux 2 (AL2_x86_64)
- Private subnets for worker nodes
- Security groups with least privilege access
- IAM roles following AWS best practices
- Cluster endpoint accessible from public internet (configurable)
The GitHub Actions workflow (terraform.yml) provides:
- Push to
mainorstagebranches - Pull Request to
mainbranch - Path filtering: Only triggers on
terraform/**changes
- π Code Checkout: Retrieves latest code
- βοΈ Terraform Setup: Installs Terraform CLI
- π§ Initialize: Configures backend and providers
- π Format Check: Ensures code formatting standards
- β Validation: Validates Terraform configuration
- π Planning: Creates execution plan
- π Apply: Deploys infrastructure (main branch only)
- ποΈ Kubectl Config: Configures cluster access
- π Ingress Setup: Installs NGINX ingress controller
AWS_REGION: us-east-1
EKS_CLUSTER: vprofile-eks74
BUCKET_TF_STATE: vprofileactions74backend "s3" {
bucket = "vprofileactions74"
key = "terraform.tfstate"
region = "us-east-1"
}- Instance Types: Modify in
eks-cluster.tf - Scaling Policies: Adjust min/max/desired sizes
- Network CIDR: Update VPC and subnet ranges
- Kubernetes Version: Change cluster version
- β Private subnets for worker nodes
- β IAM roles with minimal required permissions
- β Security groups with restricted access
- β Encrypted communication between components
- β Regular security updates through managed node groups
- CloudWatch integration for cluster metrics
- EKS control plane logging
- Node group health monitoring
- Resource utilization tracking
- Single NAT Gateway: Reduces NAT gateway costs
- t3.small Instances: Cost-effective compute resources
- Auto Scaling: Scales down during low usage
- Spot Instances: Can be configured for additional savings
- Resource Tagging: Enables cost allocation and tracking
- EKS Control Plane: ~$73/month
- Worker Nodes: ~$30-60/month (depending on usage)
- Networking: ~$45/month (NAT Gateway)
- Total: ~$150-180/month
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
For questions or support, please open an issue in the GitHub repository.
Built with β€οΈ using Terraform, AWS EKS, and GitHub Actions
This project demonstrates production-ready Infrastructure as Code practices suitable for enterprise environments.