Terraform EKS & Database Deployment

This repository contains the infrastructure-as-code (IaC) setup using Terraform to deploy a complete AWS environment, including VPC, EKS (Kubernetes), RDS database, and DNS.

---

📁 Project Structure

Bank-Infrastructure/
├── environments/
│   ├── dev/                   # Development deployment root
│   │   ├── main.tf
│   │   ├── provider.tf
│   │   ├── variables.tf
│   │   └── terraform.tfvars
│   └── prod/                  # Production deployment root
│       ├── main.tf
│       ├── provider.tf
│       ├── variables.tf
│       └── terraform.tfvars
├── module-database/           # Terraform module to deploy RDS MySQL
├── module-dns/                # Terraform module for Route53 DNS records
├── module-eks/                # Terraform module to deploy EKS cluster and tooling
├── module-vpc/                # Terraform module to provision VPC and networking
├── .gitignore                 # Ignore local state, secrets, and temp files
├── backend.tf                 # Optional shared backend config for root workspace
├── main.tf                    # Existing root entry point (not used by env roots)
├── output.tf                  # Existing root outputs
├── readme.MD                  # This file
├── terraform.tfvars           # Existing shared tfvars file
└── variable.tf                # Existing shared variables file

✅ Environment usage

Run Terraform from the environment folder you want to deploy:

• cd environments/dev && terraform init
• cd environments/prod && terraform init

Each environment folder provides its own input values via terraform.tfvars and sets environment = "dev" or environment = "prod".

🧩 Modules

The shared modules are:

• module-vpc/ for VPC, subnets, NAT gateways, and network security
• module-eks/ for EKS cluster, node group, IAM roles, Helm charts
• module-dns/ for Route53 hosted zone and DNS records
• module-database/ for RDS MySQL deployment

🏗️ Resources provisioned

This deployment creates the following AWS resources:

• VPC with public subnet -frontend, private subnet - backend, and private subnet -database
• Internet Gateway and NAT Gateways
• Public and private route tables with associations
• Security group for MySQL access
• EKS cluster with managed node group
• IAM roles and policies for EKS cluster and worker nodes
• Helm-deployed NGINX ingress controller
• Route53 hosted zone and DNS records for application hostnames
• RDS MySQL instance with DB subnet group

🔐 Secrets and ignored files

Do not commit sensitive values such as:

• db_username
• db_password
• any local tfstate files
• any .env or private key files

The repo .gitignore already excludes:

• .terraform/
• .terraform.lock.hcl
• *.tfstate
• *.tfstate.backup
• *.pem
• *.key
• .env

📌 Notes

• prod is the production environment.
• dev is the development environment.
• Both env roots reuse the same modules but with separate configuration values.

Architecture