The architecture contains:VPC with public subnets EKS Cluster with managed node group Retail Store microservices deployed via Helm LoadBalancer exposing the UI publicly S3 bucket triggering Lambda on object upload CloudWatch logging integration

aws-retail-website/
├── terraform/
│   └── project-bedrock/
│       ├── main.tf
│       ├── variables.tf
│       ├── outputs.tf
│       ├── terraform.tfvars
│       ├── backend.tf
│       ├── grading.json
│       │
│       ├── vpc/
│       ├── eks/
│       ├── iam/
│       ├── logging/
│       └── s3-lambda/
│
├── src/
│   └── app/
│       ├── chart/                  # Helm chart configuration
│       │   ├── Chart.yaml
│       │   └── values.yaml
│       ├── cart/
│       ├── catalog/
│       ├── checkout/
│       ├── e2e/
│       ├── load-generator/
│       ├── misc/
│       ├── orders/
│       └── ui/
│
└── .github/
    └── workflows/
        └── terraform.yml

README.md

Infrastructure Provisioning

1. Terraform Initialization -terraform init

2. Validate Configuration -terraform validate

3. Apply Infrastructure -terraform apply -var-file="terraform.tfvars"

The Terraform remote backend uses:

Example AWS CLI Commands Used Create S3 Bucket (for Terraform state) aws s3api create-bucket --bucket bedrock-tf-state-yourid --region us-east-1

Enable Versioning aws s3api put-bucket-versioning --bucket bedrock-tf-state-yourid --versioning-configuration Status=Enabled

Create DynamoDB Table (State Lock) aws dynamodb create-table --table-name bedrock-tf-locks --attribute-definitions AttributeName=LockID,AttributeType=S --key-schema AttributeName=LockID,KeyType=HASH --billing-mode PAY_PER_REQUEST --region us-east-1

After Terraform created the cluster:

aws eks update-kubeconfig --region us-east-1 --name project-bedrock-cluster

Verify nodes:

kubectl get nodes

Expected output: STATUS = Ready

The existing Helm chart structure was used as-is.

No modifications were made to the chart templates. The chart is located at:

/src/app/chart

helm dependency build

helm install retail-store

By default, services were deployed as ClusterIP.

To expose the UI publicly, the following command was used:

kubectl patch svc ui -p "{\"spec\": {\"type\": \"LoadBalancer\"}}"

Verify:

kubectl get svc ui

http://

http://checkthedocisumbitted.us-east-1.elb.amazonaws.com

The Terraform module provisions:

• S3 bucket for assets

• Lambda function

• IAM role for Lambda

• S3 event notification trigger

Generate Infrastructure Output JSON

From Terraform root:

terraform output -json > grading.json

Commit this file to the repository root.

IAM User: bedrock-dev-view

Access Key and Secret Key are provided separately for grading purposes.

⚠ These credentials are NOT committed to this repository.

Verification Commands

Check pods:

kubectl get pods

Check services:

kubectl get svc

Check logs:

kubectl logs <pod-name>

Cleanup Instructions

To avoid AWS charges:

helm uninstall retail-store terraform destroy -var-file="terraform.tfvars"

This project is a copy of the popular aws retail store.