Comprehensive Infrastructure as Code with Zero-Cost Validation
Part of the "$0 Cloud Validation" series - Enterprise cloud architecture designed and validated without any cost.
A comprehensive enterprise-grade AWS infrastructure demonstrating how to architect, validate, and prepare production-ready cloud systems without spending money. This methodology emerged from real experience with cloud costs and provides a practical path for anyone learning cloud infrastructure on a budget.
- Project Metrics
- Architecture Diagram
- Project Highlights
- The Story Behind This Architecture
- Architecture Overview
- Safety Implementation
- Technical Stack
- Getting Started
- Project Structure
- Professional Value
| Metric | Value |
|---|---|
| AWS Resources | 57 |
| Terraform Modules | 6 |
| Safety Scripts | 7 |
| CI/CD Workflows | 5 |
| Validation Cycles | 5+ |
| Development Cost | $0 |
This project demonstrates enterprise-grade cloud architecture validated through a strategic zero-cost methodology.
What makes this approach valuable:
- Removes financial barriers to learning cloud infrastructure
- Provides production-ready validation without deployment risks
- Documents real troubleshooting scenarios with 62+ detailed examples
- Makes enterprise-grade methodology accessible to beginners
The zero-cost validation methodology addresses a common challenge: learning cloud infrastructure without fear of unexpected bills.
Complete 57-resource AWS infrastructure with safety-first validation approach
A comprehensive Terraform implementation of AWS 3-tier architecture, professionally engineered and validated through strategic zero-cost methodology. This project demonstrates complete Infrastructure as Code pipeline, with all configurations tested and prepared for deployment.
- 57 AWS Resources designed and validated
- 6 Terraform Modules with enterprise-grade configuration
- Zero-Cost Validation via comprehensive Terraform planning
- Safety-First CI/CD with manual trigger controls
- Full-Stack Applications with Node.js and React
- 7 Safety Scripts for cost management and emergency protocols
- Terraform configurations validated and ready for deployment
Successfully validated across all 6 modules with zero syntax errors
57 AWS resources configured and validated with zero deployment costs
Frontend and backend containers built and verified for enterprise deployment
This project represents a fundamental shift in cloud engineering mindset, born from a critical lesson in cost management that transformed my approach to infrastructure design.
Read the Full Journey: "From $10 Scare to Zero-Cost Mastery"
Terraform Automation Journey - Structured learning path with comprehensive hands-on labs
Manual AWS 3-Tier Implementation - Foundational architecture built through AWS console (115 documented steps)
Enterprise Automation - This project: 57 resources across 6 Terraform modules
Manual Console Operations → Infrastructure as Code Foundation → Enterprise-Grade Automation
Financial responsibility in cloud engineering. Treating every dollar as critical infrastructure cost.
Progressive skill development. Building from manual operations to automated enterprise solutions.
Deep understanding before automation. Mastering AWS services manually before implementing Infrastructure as Code.
Safety-first infrastructure. 7 automation scripts for cost control and emergency protocols.
Real-world problem solving. 62+ documented challenges and solutions from hands-on experience.
VPC (10.0.0.0/16) with DNS support and multi-AZ deployment across us-east-1. Internet Gateway for public subnet access. NAT Gateways with Elastic IPs for private subnet outbound traffic.
Subnets:
- Public Subnets: 10.0.1.0/24, 10.0.2.0/24 (web tier)
- Private App Subnets: 10.0.3.0/24, 10.0.4.0/24 (application tier)
- Private DB Subnets: 10.0.5.0/24, 10.0.6.0/24 (database tier)
Route tables and associations configured for proper traffic routing between availability zones.
Security groups with dynamic ingress and egress rules. Network segmentation between public and private subnets.
Security Groups:
- Web Tier: Ports 80/443 for HTTP/HTTPS traffic
- App Tier: Port 4000 for application traffic
- DB Tier: Port 5432 for PostgreSQL database
IAM roles and policies for EC2 Systems Manager access with least-privilege principles.
EC2 Launch Templates with Amazon Linux 2 AMI and t2.micro instances. Auto Scaling Groups for web and application tiers with health monitoring and load balancer integration.
Auto Scaling Configuration:
- Web Tier ASG: Minimum 2, Maximum 4 instances
- App Tier ASG: Minimum 2, Maximum 4 instances
Scaling policies based on CPU utilization with CloudWatch alarm integration.
Application Load Balancer with HTTP listeners on port 80. Target groups with health checks on /health endpoint. Cross-zone load balancing enabled for high availability.
Health check configuration with 30-second intervals and traffic distribution across multiple availability zones.
RDS PostgreSQL 14.9 with multi-AZ deployment for high availability. DB subnet group for isolated database network placement. Encrypted storage with automated backups and 7-day retention.
Performance Insights enabled for database monitoring. Parameter groups and maintenance windows configured for enterprise standards.
CloudWatch Dashboard with 4 comprehensive widgets tracking EC2 CPU utilization, ALB health and request metrics, RDS performance metrics, and Auto Scaling Group instances.
CloudWatch Alarms:
- High CPU utilization (Web/App tiers over 80%)
- Database performance issues (over 75% CPU)
- ALB 5XX errors (over 10 errors threshold)
SNS topics configured for alert notifications to operations team.
Active Workflows (Safe Validation):
- Terraform Validation: Syntax checking, configuration validation, planning only
- Security Scanning: npm audit, Gitleaks, code quality with continue-on-error
Disabled Workflows (Safety Measure):
- Backend Deployment: EC2 deployment and application installation
- Frontend Deployment: S3 sync and CloudFront invalidation
- Terraform Apply: AWS resource creation and state modification
comprehensive-cost-check.sh - Detailed AWS cost auditing with resource enumeration
cost-checker.sh - Quick cost assessment and running resource identification
emergency-nuke-all.sh - Complete infrastructure termination for emergency situations
pre-deploy-check.sh - Pre-deployment validation and safety verification
post-deploy-check.sh - Post-deployment verification and health checks
quick-cost-check.sh - Rapid cost estimation and budget compliance
safety-destroy.sh - Safe infrastructure teardown with confirmation prompts
Terraform planning only. No terraform apply commands executed during development.
Backend and frontend validation through build and test processes without EC2 or S3 deployment.
Safety protocols with manual triggers and disabled automatic deployments.
Cost guarantee: Zero AWS resources created, only configuration validation performed.
View Complete Log Reports on GitHub
5 complete Terraform plans showing full validation cycles. Resource count tracking confirming all AWS resources planned. Error resolution logs documenting troubleshooting process. Application logs showing backend and frontend validation. Cost audit reports verifying zero-cost compliance.
Terraform - Infrastructure as Code managing 57 AWS resources across 6 modules
GitHub Actions - CI/CD pipeline with safety controls and manual triggers
Docker - Containerization for frontend and backend applications
AWS CLI - Cloud management and automation scripting
Compute: EC2, Auto Scaling Groups, Launch Templates
Networking: VPC, Internet Gateway, NAT Gateway, Route Tables, Subnets
Database: RDS PostgreSQL, DB Subnet Groups
Load Balancing: Application Load Balancer, Target Groups, Listeners
Security: Security Groups, IAM Roles, IAM Policies, Network ACLs
Monitoring: CloudWatch Dashboards, CloudWatch Alarms, SNS Topics
Storage: EBS (via RDS), S3 (configured for frontend deployment)
Backend: Node.js, Express, JWT authentication, PostgreSQL, Jest testing
Frontend: React, modern JavaScript, CSS, Testing Library
Process Management: PM2 for enterprise process management
Web Server: nginx for frontend serving and reverse proxy
This entire architecture can be validated locally without any AWS account or costs.
Clone and validate the infrastructure:
# Clone the repository
git clone https://github.com/Sabin-Rana/enterprise-aws-3tier-architecture
cd enterprise-aws-3tier-architecture
# Validate Terraform configuration
cd terraform/environments/production
terraform init -backend=false
terraform validate
terraform plan
# You will see all 57 resources planned without any AWS chargesTest the backend and frontend locally:
# Backend validation
cd backend
npm install
npm test
npm start
# Frontend validation
cd frontend
npm install
npm run build
npm test# Comprehensive cost audit
./scripts/comprehensive-cost-check.sh
# Quick cost verification
./scripts/quick-cost-check.sh
# Emergency termination (if needed)
./scripts/emergency-nuke-all.shenterprise-aws-3tier-architecture/
├── .github/workflows/ # CI/CD Pipeline
│ ├── terraform-validation.yml # Active validation workflow
│ ├── security-scan.yml # Active security checks
│ └── disabled/ # Disabled deployment workflows
├── backend/ # Node.js API
│ ├── src/ # Application source
│ ├── tests/ # Test suites
│ └── ecosystem.config.js # PM2 configuration
├── frontend/ # React Application
│ ├── src/ # React components
│ ├── build/ # Enterprise build
│ └── Dockerfile # Container configuration
├── terraform/ # Infrastructure as Code
│ ├── modules/ # 6 Terraform modules
│ │ ├── vpc/ # Networking foundation
│ │ ├── security/ # Security groups and IAM
│ │ ├── database/ # RDS PostgreSQL
│ │ ├── compute/ # EC2 and Auto Scaling
│ │ ├── load_balancing/ # ALB and Target Groups
│ │ └── monitoring/ # CloudWatch and SNS
│ └── environments/production/ # Enterprise configuration
├── scripts/ # Safety and Automation
│ ├── comprehensive-cost-check.sh
│ ├── cost-checker.sh
│ ├── emergency-nuke-all.sh
│ ├── pre-deploy-check.sh
│ ├── post-deploy-check.sh
│ ├── quick-cost-check.sh
│ └── safety-destroy.sh
├── docs/ # Documentation
│ ├── architecture-diagram/
│ ├── screenshots-organized/
│ └── logs-reports/
└── README.md
This project demonstrates enterprise-level skills in:
Cloud Architecture Design - Complete 3-tier AWS infrastructure with multi-AZ high availability
Infrastructure as Code - 57-resource Terraform configuration with modular design
DevOps and CI/CD - Pipeline design with safety controls and validation workflows
Cost Optimization - Zero-cost validation methodology proving financial responsibility
Security Implementation - Network segmentation, IAM policies, and defense-in-depth
Monitoring and Observability - CloudWatch dashboards, alarms, and automated alerting
Problem Solving - 62+ documented troubleshooting scenarios with solutions
Full-Stack Development - React frontend and Node.js backend with comprehensive testing
Containerization - Docker implementation for production deployment readiness
Documentation - Professional-grade project documentation and architecture diagrams
View Complete Troubleshooting Documentation
Seven phases of real engineering challenges documented with screenshots and solutions:
Phase 1: VPC networking challenges and availability zone configuration
Phase 2: Security group conflicts and module dependency resolution
Phase 3: Database configuration and RDS parameter optimization
Phase 4: Infrastructure integration and module output coordination
Phase 5: Terraform validation and syntax correction
Phase 6: IAM role configuration and permission troubleshooting
Phase 7: CI/CD pipeline recovery and workflow optimization
Over 62 documented challenges showing real problems and real solutions from hands-on experience.
This project is licensed under the MIT License - see the LICENSE file for details.
Free to use, modify, and distribute. Commercial use permitted. Attribution required.
Sabin Rana
GitHub: @Sabin-Rana
LinkedIn: Sabin Rana
Blog: Hashnode
Certifications: Credly Profile
Star this repository if you find the zero-cost validation approach useful for your cloud learning journey.
Share it with others who want to learn cloud infrastructure without financial risk.