{"id":49445431,"url":"https://github.com/mainbank5/stocksystem-infra","last_synced_at":"2026-04-29T22:07:19.379Z","repository":{"id":347838118,"uuid":"1195428606","full_name":"MainBank5/stocksystem-infra","owner":"MainBank5","description":"This repository contains a production-ready AWS EKS architecture built using Terraform.  It is designed with high availability, security, and scalability in mind — following real-world infrastructure patterns, not just a demo setup.","archived":false,"fork":false,"pushed_at":"2026-03-29T18:07:15.000Z","size":24,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-29T19:33:13.730Z","etag":null,"topics":["aws","cloud","devops","ecr","eks-cluster","k8s","k8s-cluster","k8s-deployment","kubernetes-deployment"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MainBank5.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-29T17:01:37.000Z","updated_at":"2026-03-29T18:07:19.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/MainBank5/stocksystem-infra","commit_stats":null,"previous_names":["mainbank5/stocksystem-infra"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/MainBank5/stocksystem-infra","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MainBank5%2Fstocksystem-infra","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MainBank5%2Fstocksystem-infra/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MainBank5%2Fstocksystem-infra/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MainBank5%2Fstocksystem-infra/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MainBank5","download_url":"https://codeload.github.com/MainBank5/stocksystem-infra/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MainBank5%2Fstocksystem-infra/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32445648,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-29T20:22:27.477Z","status":"ssl_error","status_checked_at":"2026-04-29T20:22:26.507Z","response_time":110,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","cloud","devops","ecr","eks-cluster","k8s","k8s-cluster","k8s-deployment","kubernetes-deployment"],"created_at":"2026-04-29T22:07:18.643Z","updated_at":"2026-04-29T22:07:19.374Z","avatar_url":"https://github.com/MainBank5.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Production-Grade AWS EKS Infrastructure (Terraform)\n\nThis repository contains a **production-ready AWS EKS architecture** built using Terraform.\n\nIt is designed with **high availability, security, and scalability** in mind — following real-world infrastructure patterns, not just a demo setup.\n\n---\n\n##  Architecture Overview\n\n                           Internet\n                      |\n              +----------------+\n              |  Internet GW   |\n              +--------+-------+\n                       |\n        +--------------+--------------+\n        |                             |\n    Public Subnet AZ1           Public Subnet AZ2\n    (ELB, NAT GW)               (ELB, NAT GW)\n        |                             |\n        +--------+-----------+--------+\n                 |           |\n        Private Subnet AZ1   Private Subnet AZ2\n            (EKS Nodes)          (EKS Nodes)\n                 |                   |\n                 +--------+----------+\n                          |\n                      EKS Cluster\n                          |\n        +-----------------+------------------+\n        |                 |                  |\n      Pods            Services         EBS Volumes\n                                              |\n                                       EBS CSI Driver\n\n\n\n\n---\n\n##  Key Components\n\n###  Networking\n- Custom VPC (`10.0.0.0/16`)\n- 2 Public Subnets (Multi-AZ)\n- 2 Private Subnets (Multi-AZ)\n- Internet Gateway for public access\n- NAT Gateways (1 per AZ for HA)\n\n---\n\n###  EKS Cluster\n- Kubernetes v1.31 (managed control plane)\n- Public + Private API endpoint access\n- Worker nodes deployed in **private subnets**\n- Managed Node Group:\n  - Instance type: `t3.large`\n  - Auto-scaling enabled\n\n---\n\n### Security (IAM)\n- Dedicated IAM roles for:\n  - EKS Cluster\n  - Worker Nodes\n- IRSA (IAM Roles for Service Accounts) via OIDC\n  - Enables secure pod-to-AWS communication\n  - No hardcoded credentials\n\n---\n\n###  Storage\n- AWS EBS CSI Driver (EKS Add-on)\n- Supports dynamic provisioning via:\n  - Persistent Volume Claims (PVCs)\n\n---\n\n### Load Balancing\n- Public subnets tagged for:\n  - Internet-facing Load Balancers\n- Private subnets tagged for:\n  - Internal Load Balancers\n\n---\n\n##  Design Decisions\n\n### High Availability\n- Multi-AZ architecture across all layers\n- NAT Gateway per AZ (avoids single point of failure)\n\n###  Security First\n- Worker nodes in private subnets\n- No direct exposure to the internet\n- IAM roles + OIDC for fine-grained access control\n\n###  Scalability\n- Auto-scaling node group\n- Kubernetes-native scaling support\n\n###  Infrastructure as Code\n- Fully managed via Terraform\n- Reproducible and version-controlled\n\n---\n\n##  Key Learnings\n\n- Proper subnet design is critical for EKS networking\n- IRSA (OIDC) is essential for secure cloud-native workloads\n- Separating public and private workloads improves security posture\n- Terraform enforces consistency across complex infrastructure\n\n---\n\n\n\n\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmainbank5%2Fstocksystem-infra","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmainbank5%2Fstocksystem-infra","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmainbank5%2Fstocksystem-infra/lists"}