This project demonstrates the design and deployment of a scalable, highly available 2-tier web application on AWS using reusable Terraform modules. The infrastructure includes a custom VPC, public and private subnets, SSL certificate, EC2-based Flask application server behind an Application Load Balancer, an Amazon RDS MySQL database, and Amazon S3 for storage, enabling automated, secure, and production-style cloud provisioning.

• ➡️ Custom VPC with public subnets, Private subnet, Nat gateway, EIP, Internet Gateway, and route tables
• ➡️ Security Groups for Flask-App(EC2), RDS(MysQl) and ALB
• ➡️ EC2 Instance for Flask (with User Data installation & DB setup script)
• ➡️ Target Group and Application Load Balancer (ALB) setup
• ➡️ RDS Instance for MysQl
• ➡️ S3 Bucket
• ➡️ IAM Role to access S3 from Ec2
• ➡️ ACM Certificate for HTTPS
• ➡️ DNS Integration with Route 53

Before Running Terraform, Make sure you have the following prerequisites ready:

• ➡️ Terraform v1.3+ (recommended)
• ➡️ AWS CLI configured with proper IAM credentials
• ➡️ A registered domain name (e.g., from GoDaddy, Namecheap, etc.)
• ➡️ Hosted Zone created in Route 53 — Example: hosted zone name: techsaif.gzz.io
• ➡️ Name Servers updated at your domain registrar
• ➡️ Public and Private Key

To work with this whole setup we need to setup Route53 and in Route53 we first need to setup our hosted zone.

• 1️⃣ Navigate to Route 53 → Hosted zones → Create hosted zone
• 2️⃣ In the Domain name field, enter the exact domain name you own (e.g., techsaif.gzz.io)
• 3️⃣ Select Type → Public hosted zone

• 4️⃣ Click Create hosted zone

5️⃣ Once you created you will get four records which is "ns records".

6️⃣ Update these ns recode over your domine register's ns recode.

   git clone https://github.com/xrootms/https://github.com/xrootms/aws-2tier-architecture-terraform.git
   cd aws-2tier-architecture-terraform

  cp terraform.tfvars.example terraform.tfvars

terraform init

terraform plan
terraform apply

SSH EC2

ssh -i ~/Documents/keys/devops_proj1 [email protected]

#verify db connection and db table.
mysql -h mydb.c5ascwcu8igg.ap-south-1.rds.amazonaws.com -u dbuser -p
exit

# flask App configuration
cd /home/ubuntu/ERMS-SRL
# Edit the application to use port 5000
# Update config.py with S3 bucket name and RDS endpoint
# Run the application
sudo python3 EmpApp.py

🔹Accessing Flask-App:

• Once Terraform apply completes and DNS propagation finishes:
• Open https://techsaif.gzz.io in your browser. Ubload image and data.

• The ALB DNS name is mapped to techsaif.gzz.io using a Route 53 A record

• An ACM Certificate is created for: techsaif.gzz.io and attached to the ALB for https traffic.

Notes

• ➡️ ACM and ALB must be in the same AWS region
• ➡️ DNS propagation may take up to 30 minutes
• ➡️ Check ACM validation status in AWS Console → Certificate Manager
• ➡️ To avoid unnecessary costs, destroy the infrastructure when no longer needed

terraform destroy    

⭐ If you found this project interesting, consider giving it a star!