A comprehensive AWS infrastructure project built with AWS CDK (Cloud Development Kit) in TypeScript, implementing a three-tier architecture with VPC, EC2, and RDS components following AWS best practices.
- π― Project Overview
- ποΈ Architecture
- π§ Components
- π° Cost Estimation
- π Getting Started
- π¦ Deployment
- π Security Features
- π Monitoring & Management
- π§Ή Cleanup
- π Learning Resources
This project demonstrates the implementation of a scalable three-tier web architecture on AWS using Infrastructure as Code (IaC) principles. The architecture includes:
- Presentation Tier: Public subnets for load balancers and web servers
- Application Tier: Private subnets for application servers (EC2 instances)
- Data Tier: Isolated database subnets for RDS MySQL instances
- π Multi-AZ VPC with proper subnet segmentation
- π₯οΈ EC2 instances in private subnets for security
- ποΈ MySQL RDS database in isolated subnets
- π Security best practices implemented throughout
- π Performance monitoring with CloudWatch integration
- π·οΈ Comprehensive tagging for resource management
- πΎ Automated backups and disaster recovery planning
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β AWS VPC β
β βββββββββββββββββββ βββββββββββββββββββ β
β β Availability β β Availability β β
β β Zone A β β Zone B β β
β β β β β β
β β βββββββββββββββ β β βββββββββββββββ β Public Tier β
β β β Public β β β β Public β β (Load Balancer) β
β β β Subnet β β β β Subnet β β β
β β βββββββββββββββ β β βββββββββββββββ β β
β β β β β β
β β βββββββββββββββ β β βββββββββββββββ β Private Tier β
β β β Private β β β β Private β β (EC2 App β
β β β Subnet β β β β Subnet β β Servers) β
β β βββββββββββββββ β β βββββββββββββββ β β
β β β β β β
β β βββββββββββββββ β β βββββββββββββββ β Database Tier β
β β β Database β β β β Database β β (RDS MySQL) β
β β β Subnet β β β β Subnet β β β
β β βββββββββββββββ β β βββββββββββββββ β β
β βββββββββββββββββββ βββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
| Component | CIDR Block | Purpose | Internet Access |
|---|---|---|---|
| VPC | 10.0.0.0/16 |
Main network container | N/A |
| Public Subnets | 10.0.1.0/24, 10.0.2.0/24 |
Load balancers, NAT gateways | β Direct |
| Private Subnets | 10.0.3.0/24, 10.0.4.0/24 |
Application servers | π Via NAT |
| Database Subnets | 10.0.5.0/24, 10.0.6.0/24 |
RDS instances | β Isolated |
Purpose: Creates the foundational network infrastructure
Resources Created:
- β VPC with DNS resolution enabled
- β Internet Gateway for public internet access
- β Public subnets across 2 Availability Zones
- β Private isolated subnets for applications
- β Database subnets for RDS placement
- β Route tables and security configurations
Key Features:
- Multi-AZ deployment for high availability
- Proper subnet segregation following AWS best practices
- CIDR planning for future scalability
Purpose: Deploys application servers in private subnets
Resources Created:
- β EC2 instances in private subnets
- β Security groups with restricted access
- β IAM roles and policies
- β Auto-scaling capabilities (if configured)
Security Configuration:
- No direct internet access (private subnet placement)
- Controlled communication via security groups
- IAM role-based permissions following least privilege principle
Purpose: Provides managed MySQL database service
| Setting | Value | Description |
|---|---|---|
| Engine | MySQL 8.0.35 | Latest stable MySQL version |
| Instance Type | t3.micro | Cost-effective for development |
| Storage | 20GB initial, 30GB max | Auto-scaling enabled |
| Multi-AZ | Disabled | For cost optimization (enable for production) |
| Encryption | Enabled | Data encryption at rest |
| Backup Retention | 7 days | Automated daily backups |
- π AWS Secrets Manager integration for credential management
- π Performance Insights enabled (7-day retention)
- π Enhanced Monitoring with 60-second intervals
- βοΈ Custom Parameter Group for MySQL optimization
- π·οΈ Comprehensive tagging for resource management
-- InnoDB Buffer Pool optimized for t3.micro
innodb_buffer_pool_size = 75% of instance memory (~750MB)| Service | Configuration | Estimated Cost |
|---|---|---|
| VPC | Standard VPC with subnets | Free |
| EC2 | t3.micro instances | ~$8.50/month |
| RDS | t3.micro MySQL | ~$15.00/month |
| Storage | 20GB GP2 | ~$2.00/month |
| Data Transfer | Minimal usage | ~$1.00/month |
| Total | ~$26.50/month |
π‘ Free Tier Eligible: New AWS accounts can run this architecture within the free tier limits for 12 months!
- β AWS Account with appropriate permissions
- β AWS CLI configured with credentials
- β Node.js (16.x or later)
- β AWS CDK installed globally
- β Git for version control
- Clone the repository
git clone <git@github.com:TopCoderJP/AWS-CDK-Automation-Typescript.git>
cd vpc-cdk-project- Install dependencies
npm install- Configure AWS credentials
aws configure
# Enter your Access Key ID, Secret Access Key, Region, and Output format- Bootstrap CDK (first time only)
cdk bootstrapvpc-cdk-project/
βββ bin/
β βββ vpc-cdk-project.ts # Main app entry point
βββ lib/
β βββ vpc-cdk-project-stack.ts # VPC infrastructure
β βββ ec2-stack.ts # EC2 instances
β βββ rds-stack.ts # RDS database
βββ package.json # Dependencies
βββ tsconfig.json # TypeScript config
βββ README.md # This file
- Validate the code
npm run build- Preview changes
cdk diff- Deploy all stacks
cdk deploy --allOr deploy individually:
cdk deploy VpcCdkProjectStack # Deploy VPC first
cdk deploy MyEC2Stack # Deploy EC2 instances
cdk deploy MyRDSStack # Deploy RDS databaseAfter successful deployment, you'll receive:
- π VPC ID: For reference in other projects
- π RDS Endpoint: Database connection string
- π Secret ARN: Database credentials location
- π Database Identifier: RDS instance identifier
- π‘οΈ Private Subnets: Application servers isolated from internet
- π Database Isolation: RDS in dedicated isolated subnets
- πͺ Security Groups: Controlled traffic flow between tiers
- π NACLs: Additional network-level security (if configured)
- π Encryption at Rest: All RDS storage encrypted
- π Secrets Management: Database credentials in AWS Secrets Manager
- π Automated Rotation: Credential rotation capabilities
- π IAM Policies: Least privilege access controls
- π·οΈ Resource Tagging: For governance and cost tracking
- π CloudTrail Integration: API call logging (if enabled)
- π VPC Flow Logs: Network traffic monitoring (if enabled)
- π Performance Insights: Database performance monitoring
β οΈ CloudWatch Alarms: Automated alerting (configurable)- π Custom Metrics: Application-specific monitoring
- π Log Aggregation: Centralized logging
- πΎ Automated Backups: Daily RDS snapshots
- π Point-in-time Recovery: 7-day retention window
- π¦ Manual Snapshots: On-demand backup capability
- π Cross-region Backup: (Configurable for production)
# Destroy all stacks (be careful!)
cdk destroy --allcdk destroy MyRDSStack # Remove database first
cdk destroy MyEC2Stack # Remove EC2 instances
cdk destroy VpcCdkProjectStack # Remove VPC last
β οΈ Warning: This will permanently delete all resources and data. Ensure you have backups if needed!
- π AWS CDK Developer Guide
- π VPC Best Practices
- ποΈ RDS Best Practices
- π₯οΈ EC2 Best Practices
- ποΈ AWS Well-Architected Framework
- π Three-Tier Architecture Pattern
- π Multi-AZ Deployments
- π» CDK Patterns
- π― CDK Workshop
- π TypeScript CDK Examples
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
Built with β€οΈ by Topcoder using AWS CDK and TypeScript