Three-Tier ECS Infrastructure as Code (IaC)

Overview

This project demonstrates the use of Infrastructure as Code (IaC) tool HCL Terraform to create all the necessary cloud components to run a web application securely, including networking, databases, load balancers, and container hosting. IaC tools like Terraform, and its open source derivative OpenTofu, enable setting up an entire technology stack with one configuration.

Like the Three-Tier EC2 project,Terraform modules and variables are used to provide reusable, data driven components for Infrastructure as Code (IaC) deployment. The specifics of the deployment are configurable through an terraforms.tfvars file which sets values for each Terraform module.

Amazon ECS is particularly advantageous for applications that benefit from containerization, offering simplified management, rapid scaling, cost efficiency, and seamless integration with AWS services. These features make it an attractive choice for modern cloud-native applications compared to traditional VM-based deployments on EC2.

Architecture Diagram

Inputs:

The code takes configuration inputs through variables using variables.tf. Values for these variables are set separately in terraforms.tfvars which is secured. Variables include:

  1. AWS Region for deploy
  2. Project name
  3. Environment (like development or production)
  4. Network addresses (CIDR ranges)
  5. Database settings (engine type, username, password)
  6. Domain name information
  7. Container image details

Outputs:

The code produces one main output - the website URL where the application can be accessed (https://[record_name].[domain_name])

How it works:

The code creates infrastructure in a specific order:

  • First, it sets up a VPC (Virtual Private Cloud) - like creating a private neighborhood
  • Then adds NAT Gateways - allowing private resources to access the internet
  • Creates Security Groups - like setting up security checkpoints
  • Sets up a database (RDS) - for storing application data
  • Requests an SSL certificate - for secure HTTPS connections
  • Creates a load balancer - to distribute traffic
  • Sets up an S3 bucket - for storing configuration files
  • Creates necessary permissions (IAM roles)
  • Sets up ECS (container service) - to run the application
  • Configures auto-scaling - to handle varying loads
  • Finally, sets up DNS (Route 53) - so users can access the site with a domain name

Important Logic Flows:

The code follows a modular approach where each component is created as a separate module. Each module depends on resources created by previous modules. For example, the database needs the security groups and network (VPC) to be created first. The load balancer needs the SSL certificate and network. This creates a chain of dependencies that Terraform automatically manages.

The code uses a consistent naming pattern using project_name and environment variables to keep resources organized. It also separates public and private resources for security - putting databases in private networks while keeping load balancers public for user access.