Production-grade, reusable Terraform modules for AWS infrastructure. Built and battle-tested at enterprise scale across 15+ microservices.
| Metric | Result |
|---|---|
| π Provisioning errors | β 70% across all teams |
| β±οΈ Time per environment cycle | 8 hours saved per cycle |
| π¦ Modules published | 12 production modules |
| π’ Services using these modules | 15+ microservices |
| π Compliance | PCI-DSS aligned |
| π Environments | Dev Β· Staging Β· Production |
| Module | Description | Status |
|---|---|---|
| vpc | Production VPC with public/private subnets, NAT Gateway, VPC Flow Logs | β Stable |
| eks-cluster | EKS cluster with IRSA, KMS encryption, managed node groups | β Stable |
| rds-multi-az | MySQL RDS Multi-AZ with PITR, 99.99% SLA | β Stable |
| alb | Application Load Balancer with HTTPS, WAF, access logs | β Stable |
| asg | Auto Scaling Group with launch templates, mixed instances | β Stable |
| s3-secure | S3 bucket with encryption, versioning, lifecycle, block public access | β Stable |
| efs | EFS file system with encryption, mount targets, access points | β Stable |
| karpenter | Karpenter autoscaler with Spot adoption, ~30% cost reduction | β Stable |
| irsa | IAM Roles for Service Accounts β least privilege pod access | β Stable |
| security-group | Reusable security groups with least privilege rules | β Stable |
| nat-gateway | NAT Gateway with Elastic IP and route table management | β Stable |
| vpc-endpoints | VPC Endpoints for S3, ECR, Secrets Manager (no internet needed) | β Stable |
module "vpc" {
source = "github.com/kiransurya-devops/aws-terraform-modules//modules/vpc"
name = "production"
cidr = "10.0.0.0/16"
availability_zones = ["ap-south-1a", "ap-south-1b", "ap-south-1c"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
enable_nat_gateway = true
single_nat_gateway = false # One per AZ for HA
enable_vpn_gateway = false
enable_flow_logs = true
tags = {
Environment = "production"
Team = "platform"
ManagedBy = "terraform"
}
}cd examples/complete-eks-platform
cp terraform.tfvars.example terraform.tfvars
# Edit terraform.tfvars with your values
terraform init
terraform plan
terraform applyAll modules follow these standards:
- Idempotent β safe to run multiple times
- Least privilege β IAM policies grant minimum required permissions
- Encrypted β all data encrypted at rest with KMS
- Tagged β consistent tagging for cost allocation
- Documented β every variable and output has a description
- Tested β CI validates syntax, format, and security on every PR
- Versioned β semantic versioning with changelogs
Every module enforces:
- β Encryption at rest (KMS)
- β Encryption in transit (TLS)
- β No public access by default
- β CloudTrail logging enabled
- β Security scanning with Checkov on every PR
- β CIS AWS Benchmark aligned
aws-terraform-modules/ βββ modules/ # All reusable modules β βββ vpc/ # Networking foundation β βββ eks-cluster/ # Kubernetes platform β βββ rds-multi-az/ # Database layer β βββ alb/ # Load balancing β βββ asg/ # Compute autoscaling β βββ s3-secure/ # Object storage β βββ efs/ # Shared file storage β βββ karpenter/ # EKS autoscaling β βββ irsa/ # Pod IAM access β βββ security-group/ # Network security β βββ nat-gateway/ # Outbound internet β βββ vpc-endpoints/ # Private AWS access β βββ examples/ # Complete working examples β βββ complete-eks-platform/ # Full EKS deployment β βββ complete-networking/ # VPC + NAT + Endpoints β βββ .github/workflows/ # CI/CD pipeline βββ docs/ # Documentation
# Step 1: Networking
module "vpc" { source = "./modules/vpc" ... }
# Step 2: Compute
module "eks" {
source = "./modules/eks-cluster"
vpc_id = module.vpc.vpc_id
private_subnet_ids = module.vpc.private_subnet_ids
}
# Step 3: Database
module "rds" {
source = "./modules/rds-multi-az"
vpc_id = module.vpc.vpc_id
private_subnet_ids = module.vpc.private_subnet_ids
}
# Step 4: Load Balancer
module "alb" {
source = "./modules/alb"
vpc_id = module.vpc.vpc_id
public_subnet_ids = module.vpc.public_subnet_ids
}Kiran S β Senior DevOps & Platform Engineer LinkedIn | GitHub | Email
These modules are extracted from real enterprise production deployments. Every module has been used in systems serving 99.99% SLA requirements.