Terraform with AWS (day-01)

End-to-End Observability on AWS Using Terraform A Real-World Serverless Project (Day 23 Completed) As a DevOps engineer, I’ve learned that building applications is only half the job . The real challenge begins when those applications are running in production. If you can’t observe your system—logs, metrics, alerts, failures—you’re flying blind. On Day 23  of my hands-on DevOps journey, I completed an end-to-end observability stack on AWS using Terraform for a real-world serverless image-processing application . This project focuses on building production-grade monitoring, logging, dashboards, alarms, and notifications , all fully automated and reproducible . This blog walks through what I built, why I built it, and how it works in practice . Project Overview: Serverless Image Processing Pipeline At the core of this project is a simple but realistic serverless workflow: A user uploads an image to an S3 upload bucket An AWS Lambda function is triggered The functio...

Building a 2-Tier AWS Architecture with Terraform (EC2 + RDS) Learning, Building, and Moving Forward as a DevOps Engineer Day 22 of my DevOps journey is complete. Despite being in an active job search phase and managing real-life responsibilities, I’m continuing to focus on hands-on, production-style cloud architecture . Today’s work was about designing and implementing a secure, modular two-tier AWS architecture using Terraform — the kind of setup that forms the backbone of many real-world applications. This wasn’t a demo-only exercise. I pulled the code, extended it, and implemented a NAT Gateway with proper routing to enable secure outbound access for the database tier — exactly how it should be done in real environments. Architecture Overview The design follows a classic two-tier application model , implemented with security and scalability in mind: Web Tier (Public) EC2 instance running a Flask application Deployed in a public subnet Internet access via Internet Gateway Listens ...

Day 21 – AWS Policy & Governance as Code with Terraform As AWS environments scale, manual security checks and ad‑hoc governance simply don’t work . The only sustainable way is to define policy and governance as code — repeatable, auditable, and automated. Today marks Day 21 of my continuous DevOps learning journey. While actively searching for a DevOps role , managing home responsibilities, I’m still pushing myself to learn and document real‑world cloud security practices. This post covers how I implemented AWS policy and governance using Terraform , combining preventive controls (IAM) and detective controls (AWS Config) — the same patterns used in production environments. Policy vs Governance (Clear Difference) Policy – Preventive Controls Policies enforce rules at request time . If a request violates the rule, it simply fails. Examples: Deny delete actions if MFA is not enabled Block S3 uploads over HTTP Enforce mandatory tags on resource creation These controls stop risky ac...

Terraform Custom Modules for EKS: From Zero to Production As Terraform projects grow, a single flat configuration quickly becomes hard to manage, review, and scale. This becomes especially clear when provisioning complex platforms like Amazon EKS, where networking, IAM, cluster configuration, and secrets management are tightly coupled but conceptually separate concerns. On Day 20 of my AWS with Terraform journey, I focused on designing and using custom Terraform modules to build a production-ready EKS architecture . This day was less about writing individual resources and more about learning how to structure infrastructure like real engineering systems. Why Terraform Modules Matter in Production Terraform modules allow you to package infrastructure logic into reusable, versioned units. Instead of duplicating the same VPC, IAM, or EKS code across environments and repositories, modules let you encapsulate complexity behind well-defined inputs and outputs. In production environments...

Terraform Provisioners Explained: local-exec, remote-exec, and file Provisioners in Terraform are often misunderstood. Many beginners either overuse them or avoid them entirely without understanding where they fit. In this post, I’ll explain what Terraform provisioners actually do, when they make sense, and how local-exec , remote-exec , and file provisioners behave in real-world scenarios, based on a hands-on EC2 demonstration. This was part of my Day 19 learning, focused on understanding the imperative escape hatch Terraform provides when declarative resources alone are not enough. What are Terraform Provisioners? A provisioner allows Terraform to execute imperative actions during a resource’s lifecycle, usually at creation time or destruction time. Provisioners are commonly used for: Bootstrapping instances Copying files to servers Running scripts or commands that Terraform resources cannot express directly Terraform documentation clearly states that provisioner...

Day 18: Image Processing Serverless Project using AWS Lambda and Terraform As part of my ongoing hands-on AWS Terraform learning, I completed a serverless image processing project that demonstrates how to build an event-driven, scalable workflow using AWS Lambda. The entire infrastructure is provisioned using Terraform, keeping the setup reproducible, version-controlled, and production-aligned. The goal of this project was simple but practical: upload a single image and automatically generate multiple optimized variants without managing any servers. Project Overview This project implements an automated image processing pipeline using AWS serverless services. When an image is uploaded to a source S3 bucket, an S3 event triggers a Lambda function. The Lambda function processes the image using the Pillow library and stores multiple optimized versions in a destination S3 bucket. Logging and execution metrics are captured in CloudWatch. The entire workflow is deployed using Terraform...

Blue-Green Deployment on AWS Elastic Beanstalk Using Terraform Seamless Releases. Zero Downtime. Maximum Confidence. Today’s focus was on one of the most essential real-world DevOps deployment strategies: Blue-Green Deployment using AWS Elastic Beanstalk + Terraform . I cloned the repository, applied file permissions, packaged application versions, deployed both blue & green environments, and even executed the final DNS swap. Everything worked smoothly end-to-end. This blog captures the full journey. What is Blue-Green Deployment? Blue-Green deployment maintains two identical environments : Blue → Active production environment Green → Staging/testing environment You deploy updates to Green, validate everything, then swap traffic to Green using DNS/CNAME. Rollback? One click. Swap back. No downtime, no user impact, no surprises. Why Elastic Beanstalk + Terraform? Combining Elastic Beanstalk with Terraform provides: Automation Infrastructure is codified — no ...

Advanced AWS IAM User Management with Terraform (CSV-Driven, MFA Enabled, Policies Added) Today I pushed my IAM automation project further by turning a basic CSV-driven setup into a production-ready IAM onboarding system powered entirely by Terraform. This wasn’t just about creating IAM users — the goal was to build a repeatable, scalable, secure identity-management workflow that any DevOps team can adopt. What I Built Today A complete IAM onboarding automation pipeline , including: Bulk IAM user creation from CSV Extended CSV now includes: first_name , last_name , email , phone , employe_id , department , job_title , location Terraform loads the CSV with csvdecode() Creates a typed list/map for dynamic iteration Automated username generation Normalized, lowercase usernames Combines first name + last name + emp_id Ensures uniqueness & traceability Console access + MFA-first login Users get a login profile password_reset_required = true Enfo...

AWS VPC Peering Using Terraform Today I completed Day 15 of the #30DaysOfAWSTerraform challenge , and this was one of the most meaningful and practical lessons so far: Building a fully functional AWS VPC Peering setup between two regions using Terraform , protected with routing, security rules, and private connectivity across networks. As DevOps engineers, we often need multiple VPCs for environment isolation such as dev, staging, and prod , or multi-region deployments for latency reduction and high availability . VPC Peering helps us enable private communication without exposing traffic to the public internet . What is VPC Peering? VPC Peering allows private, low-latency, encrypted communication between two VPCs using private IP addresses . It’s useful when deploying: Multi-region microservices Shared services like monitoring, logging, authentication Hybrid cloud or cross-VPC database access It’s important because it improves: ✔ Security (no internet traversal, no...