mirror of
https://github.com/wshobson/agents.git
synced 2026-03-18 09:37:15 +00:00
71 lines
1.3 KiB
Markdown
71 lines
1.3 KiB
Markdown
# AWS Terraform Module Patterns
|
|
|
|
## VPC Module
|
|
|
|
- VPC with public/private subnets
|
|
- Internet Gateway and NAT Gateways
|
|
- Route tables and associations
|
|
- Network ACLs
|
|
- VPC Flow Logs
|
|
|
|
## EKS Module
|
|
|
|
- EKS cluster with managed node groups
|
|
- IRSA (IAM Roles for Service Accounts)
|
|
- Cluster autoscaler
|
|
- VPC CNI configuration
|
|
- Cluster logging
|
|
|
|
## RDS Module
|
|
|
|
- RDS instance or cluster
|
|
- Automated backups
|
|
- Read replicas
|
|
- Parameter groups
|
|
- Subnet groups
|
|
- Security groups
|
|
|
|
## S3 Module
|
|
|
|
- S3 bucket with versioning
|
|
- Encryption at rest
|
|
- Bucket policies
|
|
- Lifecycle rules
|
|
- Replication configuration
|
|
|
|
## ALB Module
|
|
|
|
- Application Load Balancer
|
|
- Target groups
|
|
- Listener rules
|
|
- SSL/TLS certificates
|
|
- Access logs
|
|
|
|
## Lambda Module
|
|
|
|
- Lambda function
|
|
- IAM execution role
|
|
- CloudWatch Logs
|
|
- Environment variables
|
|
- VPC configuration (optional)
|
|
|
|
## Security Group Module
|
|
|
|
- Reusable security group rules
|
|
- Ingress/egress rules
|
|
- Dynamic rule creation
|
|
- Rule descriptions
|
|
|
|
## Best Practices
|
|
|
|
1. Use AWS provider version ~> 5.0
|
|
2. Enable encryption by default
|
|
3. Use least-privilege IAM
|
|
4. Tag all resources consistently
|
|
5. Enable logging and monitoring
|
|
6. Use KMS for encryption
|
|
7. Implement backup strategies
|
|
8. Use PrivateLink when possible
|
|
9. Enable GuardDuty/SecurityHub
|
|
10. Follow AWS Well-Architected Framework
|