Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/johnnymarquez/multi-protocol-aws-terraform-ansible

AWS ALB target group for NLB Infrastructure, Nginx Configuration & Linux Security Hardening.
https://github.com/johnnymarquez/multi-protocol-aws-terraform-ansible

ansible aws devops infrastructure linux terraform

Last synced: 28 days ago
JSON representation

AWS ALB target group for NLB Infrastructure, Nginx Configuration & Linux Security Hardening.

Host: GitHub
URL: https://github.com/johnnymarquez/multi-protocol-aws-terraform-ansible
Owner: johnnymarquez
Created: 2022-12-31T12:47:45.000Z (almost 2 years ago)
Default Branch: main
Last Pushed: 2023-01-21T18:08:30.000Z (almost 2 years ago)
Last Synced: 2024-03-16T02:26:01.704Z (10 months ago)
Topics: ansible, aws, devops, infrastructure, linux, terraform
Language: HCL
Homepage:
Size: 20.5 KB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# AWS ALB target group for NLB Infrastructure, Nginx Configuration & Security Hardening

This repository contains a complete example & workflow of an AWS architecture. The infrastructure is backed up by
terraform, configuration management by Ansible, Linux security hardening scripts and workflow automated deployment with
GitHub Actions. The most important feature of this sample architecture is the provisioning of both Layer 7 & layer 4 by
implementing an Application Load Balancer and Network Load Balancer in the same traffic route. This feature is unique
and provides the possibility of using static IP, AWS PrivateLink for ALB, and multiprotocol connections.

[Application Load Balancer target group for Network Load Balancer](https://aws.amazon.com/blogs/networking-and-content-delivery/application-load-balancer-type-target-group-for-network-load-balancer/)

## Architecture

The code implements EC2 instances with the latest Amazon Linux 2 image, backed up by en Autoscaling Group which
implements a Launch Template configured with a Linux security hardening script at ./scripts/cis.sh. The instances are
configured behind an Application Load balancer, which at the same time it's configured behind a Network Load Balancer.

## Terraform

In the root directory terraform files can be found with the necessary values to implement an example infrastructure with
customized modules. Intentionally no environments/workspaces were implemented here to show only 1 of nested values. This
way, terraform file at the root level invoke the customized modules, which contain the necessary variables assigned. A
better implementation of this infrastructure would be ```.tfvars``` files with different environments.
Resource include:

- Providers.
- Local backend.
- Autoscaling group.
- Application load balancer.
- Network load balancer.
- Cloudwwatch alarms.
- Security groups.
- Eventbridge rules.
- Lambda functions.

# Ansible

Once the infrastructure is fully provisioned, the EC2 instances can be configured as Nginx servers by Ansible playbook
at ./playbook/nginx.yaml