mirror of
https://github.com/wshobson/agents.git
synced 2026-03-18 09:37:15 +00:00
24df162978
Adds awareness of Oracle Cloud Infrastructure to any plugin that referenced at least two of the major cloud vendors already. Skills updated to include OCI services. Also updated some of the other cloud references. Signed-off-by: Avi Miller <me@dje.li>
71 lines
1.3 KiB
Markdown
71 lines
1.3 KiB
Markdown
# AWS Terraform Module Patterns
|
|
|
|
## VPC Module
|
|
|
|
- VPC with public/private subnets
|
|
- Internet Gateway and NAT Gateways
|
|
- Route tables and associations
|
|
- Network ACLs
|
|
- VPC Flow Logs
|
|
|
|
## EKS Module
|
|
|
|
- EKS cluster with managed node groups
|
|
- IRSA (IAM Roles for Service Accounts)
|
|
- Cluster autoscaler
|
|
- VPC CNI configuration
|
|
- Cluster logging
|
|
|
|
## RDS Module
|
|
|
|
- RDS instance or cluster
|
|
- Automated backups
|
|
- Read replicas
|
|
- Parameter groups
|
|
- Subnet groups
|
|
- Security groups
|
|
|
|
## S3 Module
|
|
|
|
- S3 bucket with versioning
|
|
- Encryption at rest
|
|
- Bucket policies
|
|
- Lifecycle rules
|
|
- Replication configuration
|
|
|
|
## ALB Module
|
|
|
|
- Application Load Balancer
|
|
- Target groups
|
|
- Listener rules
|
|
- SSL/TLS certificates
|
|
- Access logs
|
|
|
|
## Lambda Module
|
|
|
|
- Lambda function
|
|
- IAM execution role
|
|
- CloudWatch Logs
|
|
- Environment variables
|
|
- VPC configuration (optional)
|
|
|
|
## Security Group Module
|
|
|
|
- Reusable security group rules
|
|
- Ingress/egress rules
|
|
- Dynamic rule creation
|
|
- Rule descriptions
|
|
|
|
## Best Practices
|
|
|
|
1. Use AWS provider version `~> 6.31`
|
|
2. Enable encryption by default
|
|
3. Use least-privilege IAM
|
|
4. Tag all resources consistently
|
|
5. Enable logging and monitoring
|
|
6. Use KMS for encryption
|
|
7. Implement backup strategies
|
|
8. Use PrivateLink when possible
|
|
9. Enable GuardDuty/SecurityHub
|
|
10. Follow AWS Well-Architected Framework
|