Infrastructure Setup Guide
Document Control​
- Last Updated: February 4, 2025
- Version: 1.0.0
- Status: Active
- Owner: DevOps Team
- Next Review: May 4, 2025
Infrastructure Overview​
Core Components​
- Application servers
- Database servers
- Cache servers
- Load balancers
- CDN
- Monitoring systems
- Backup systems
Cloud Provider​
- AWS (Primary)
- Region: us-west-2
- Backup Region: us-east-1
Base Infrastructure​
Network Setup​
# VPC Configuration
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
enable_dns_hostnames = true
enable_dns_support = true
tags = {
Name = "main"
Environment = var.environment
}
}
# Subnet Configuration
resource "aws_subnet" "public" {
count = length(var.availability_zones)
vpc_id = aws_vpc.main.id
cidr_block = "10.0.${count.index}.0/24"
availability_zone = var.availability_zones[count.index]
tags = {
Name = "public-${count.index + 1}"
Environment = var.environment
}
}
Security Groups​
resource "aws_security_group" "web" {
name = "web"
description = "Web tier security group"
vpc_id = aws_vpc.main.id
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
Application Infrastructure​
ECS Cluster​
resource "aws_ecs_cluster" "main" {
name = "main"
setting {
name = "containerInsights"
value = "enabled"
}
}
resource "aws_ecs_task_definition" "app" {
family = "app"
requires_compatibilities = ["FARGATE"]
network_mode = "awsvpc"
cpu = 256
memory = 512
container_definitions = jsonencode([
{
name = "app"
image = "${var.ecr_repository_url}:latest"
portMappings = [
{
containerPort = 3000
hostPort = 3000
protocol = "tcp"
}
]
}
])
}
Database​
resource "aws_db_instance" "main" {
identifier = "main"
engine = "postgres"
engine_version = "14.5"
instance_class = "db.t3.medium"
allocated_storage = 20
backup_retention_period = 7
multi_az = true
skip_final_snapshot = false
vpc_security_group_ids = [aws_security_group.db.id]
db_subnet_group_name = aws_db_subnet_group.main.name
}
Monitoring Setup​
CloudWatch​
resource "aws_cloudwatch_log_group" "app" {
name = "/ecs/app"
retention_in_days = 30
}
resource "aws_cloudwatch_metric_alarm" "cpu_high" {
alarm_name = "cpu-utilization-high"
comparison_operator = "GreaterThanThreshold"
evaluation_periods = "2"
metric_name = "CPUUtilization"
namespace = "AWS/ECS"
period = "300"
statistic = "Average"
threshold = "85"
}
Alerts​
resource "aws_sns_topic" "alerts" {
name = "infrastructure-alerts"
}
resource "aws_sns_topic_subscription" "alerts_email" {
topic_arn = aws_sns_topic.alerts.arn
protocol = "email"
endpoint = var.alert_email
}
Backup Strategy​
Database Backups​
resource "aws_backup_plan" "db" {
name = "db-backup"
rule {
rule_name = "daily"
target_vault_name = aws_backup_vault.main.name
schedule = "cron(0 5 ? * * *)"
lifecycle {
delete_after = 30
}
}
}
S3 Backups​
resource "aws_s3_bucket" "backups" {
bucket = "app-backups"
versioning {
enabled = true
}
lifecycle_rule {
enabled = true
transition {
days = 30
storage_class = "STANDARD_IA"
}
expiration {
days = 90
}
}
}
Deployment Process​
CI/CD Pipeline​
name: Deploy Infrastructure
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
terraform:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Setup Terraform
uses: hashicorp/setup-terraform@v1
- name: Terraform Init
run: terraform init
- name: Terraform Plan
run: terraform plan
- name: Terraform Apply
if: github.ref == 'refs/heads/main'
run: terraform apply -auto-approve
Security Measures​
IAM Policies​
resource "aws_iam_role" "ecs_task_execution" {
name = "ecs-task-execution"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = {
Service = "ecs-tasks.amazonaws.com"
}
}
]
})
}
KMS Encryption​
resource "aws_kms_key" "main" {
description = "Main encryption key"
enable_key_rotation = true
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Sid = "Enable IAM User Permissions"
Effect = "Allow"
Principal = {
AWS = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"
}
Action = "kms:*"
Resource = "*"
}
]
})
}
Scaling Configuration​
Auto Scaling​
resource "aws_appautoscaling_target" "ecs" {
max_capacity = 10
min_capacity = 1
resource_id = "service/${aws_ecs_cluster.main.name}/${aws_ecs_service.main.name}"
scalable_dimension = "ecs:service:DesiredCount"
service_namespace = "ecs"
}
resource "aws_appautoscaling_policy" "cpu" {
name = "cpu-autoscaling"
policy_type = "TargetTrackingScaling"
resource_id = aws_appautoscaling_target.ecs.resource_id
scalable_dimension = aws_appautoscaling_target.ecs.scalable_dimension
service_namespace = aws_appautoscaling_target.ecs.service_namespace
target_tracking_scaling_policy_configuration {
predefined_metric_specification {
predefined_metric_type = "ECSServiceAverageCPUUtilization"
}
target_value = 80.0
}
}
Related Documents​
- AWS Best Practices
- Security Guidelines
- Monitoring Guide
- Disaster Recovery Plan
- Cost Optimization Guide