This Terraform configuration creates a secure, production-ready AWS infrastructure with:
- VPC with public, private, and database subnets across multiple AZs
- RDS MySQL database instance in private subnets with Multi-AZ deployment
- Bastion Host for secure database access
- Security Groups with proper network isolation
- NAT Gateway for outbound internet access from private subnets
┌─────────────────────────────────────────────────────────────┐
│ VPC (10.0.0.0/16) │
├─────────────────────┬───────────────────────────────────────┤
│ Public Subnets │ Private Subnets │
│ │ │
│ ┌─────────────┐ │ ┌─────────────┐ ┌─────────────────┐ │
│ │ Bastion │ │ │ NAT Gateway │ │ Database Subnets│ │
│ │ Host │────┼──│ │ │ │ │
│ │ │ │ │ │ │ ┌─────────────┐ │ │
│ └─────────────┘ │ └─────────────┘ │ │ RDS MySQL │ │ │
│ │ │ │ Multi-AZ │ │ │
│ │ │ └─────────────┘ │ │
│ │ └─────────────────┘ │
└─────────────────────┴───────────────────────────────────────┘
.
├── terraform/ # Main Terraform configuration
│ ├── versions.tf # Terraform and provider versions
│ ├── variables.tf # Input variables
│ ├── locals.tf # Local values
│ ├── vpc.tf # VPC configuration
│ ├── bastion.tf # Bastion host configuration
│ ├── rds.tf # RDS database configuration
│ ├── outputs.tf # Output values
│ ├── terraform.tfvars.example # Example variables file
│ └── secrets.tfvars.example # Example secrets file
├── examples/ # Usage examples (future)
├── .gitignore # Git ignore rules
└── README.md # This file
- Terraform >= 1.6
- AWS CLI configured with appropriate credentials
- An existing EC2 Key Pair in your AWS account
-
Clone the repository
git clone https://github.com/Benjamincode-24/benji-aws-terraform.git cd benji-aws-terraform -
Navigate to terraform directory
cd terraform -
Configure variables
# Copy example files cp terraform.tfvars.example terraform.tfvars cp secrets.tfvars.example secrets.tfvars # Edit with your values # Update terraform.tfvars with your configuration # Update secrets.tfvars with your database credentials
-
Deploy infrastructure
terraform init terraform plan -var-file="secrets.tfvars" terraform apply -var-file="secrets.tfvars"
| Variable | Description | Example |
|---|---|---|
db_username |
Database administrator username | dbadmin |
db_password |
Database administrator password | SecurePassword123! |
| Variable | Description | Default |
|---|---|---|
aws_region |
AWS region | us-east-1 |
environment |
Environment name | dev |
instance_type |
EC2 instance type | t3.micro |
instance_keypair |
EC2 Key Pair name | benskeypair |
db_instance_class |
RDS instance class | db.t3.micro |
After deployment, note these important outputs:
bastion_public_ip: Public IP address for SSH access to bastion hostrds_endpoint: Database endpoint for application connectionsvpc_id: VPC ID for reference
-
SSH to Bastion Host
ssh -i your-key.pem ec2-user@<bastion_public_ip>
-
Install MySQL client on bastion
sudo yum update -y sudo yum install mysql -y
-
Connect to RDS
mysql -h <rds_endpoint> -u <db_username> -p
- ✅ Database in private subnets (no direct internet access)
- ✅ Access only through bastion host
- ✅ Security groups with minimal required access
- ✅ Multi-AZ deployment for high availability
- ✅ Encrypted storage and backups
- ✅ Performance Insights enabled
- ✅ CloudWatch logging enabled
- Uses
t3.microinstances (Free Tier eligible) - Single NAT Gateway to reduce costs
db.t3.microRDS instance (Free Tier eligible)- Configurable storage with auto-scaling
To destroy the infrastructure:
terraform destroy -var-file="secrets.tfvars"- Fork the repository
- Create a feature branch
- Make your changes
- Test thoroughly
- Submit a pull request
This project is licensed under the MIT License.
For issues and questions, please open an issue in the GitHub repository.