https://github.com/mainbank5/stocksystem-infra
This repository contains a production-ready AWS EKS architecture built using Terraform. It is designed with high availability, security, and scalability in mind — following real-world infrastructure patterns, not just a demo setup.
https://github.com/mainbank5/stocksystem-infra
aws cloud devops ecr eks-cluster k8s k8s-cluster k8s-deployment kubernetes-deployment
Last synced: about 1 month ago
JSON representation
This repository contains a production-ready AWS EKS architecture built using Terraform. It is designed with high availability, security, and scalability in mind — following real-world infrastructure patterns, not just a demo setup.
- Host: GitHub
- URL: https://github.com/mainbank5/stocksystem-infra
- Owner: MainBank5
- Created: 2026-03-29T17:01:37.000Z (3 months ago)
- Default Branch: main
- Last Pushed: 2026-03-29T18:07:15.000Z (3 months ago)
- Last Synced: 2026-03-29T19:33:13.730Z (3 months ago)
- Topics: aws, cloud, devops, ecr, eks-cluster, k8s, k8s-cluster, k8s-deployment, kubernetes-deployment
- Language: HCL
- Homepage:
- Size: 23.4 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Production-Grade AWS EKS Infrastructure (Terraform)
This repository contains a **production-ready AWS EKS architecture** built using Terraform.
It is designed with **high availability, security, and scalability** in mind — following real-world infrastructure patterns, not just a demo setup.
---
## Architecture Overview
Internet
|
+----------------+
| Internet GW |
+--------+-------+
|
+--------------+--------------+
| |
Public Subnet AZ1 Public Subnet AZ2
(ELB, NAT GW) (ELB, NAT GW)
| |
+--------+-----------+--------+
| |
Private Subnet AZ1 Private Subnet AZ2
(EKS Nodes) (EKS Nodes)
| |
+--------+----------+
|
EKS Cluster
|
+-----------------+------------------+
| | |
Pods Services EBS Volumes
|
EBS CSI Driver
---
## Key Components
### Networking
- Custom VPC (`10.0.0.0/16`)
- 2 Public Subnets (Multi-AZ)
- 2 Private Subnets (Multi-AZ)
- Internet Gateway for public access
- NAT Gateways (1 per AZ for HA)
---
### EKS Cluster
- Kubernetes v1.31 (managed control plane)
- Public + Private API endpoint access
- Worker nodes deployed in **private subnets**
- Managed Node Group:
- Instance type: `t3.large`
- Auto-scaling enabled
---
### Security (IAM)
- Dedicated IAM roles for:
- EKS Cluster
- Worker Nodes
- IRSA (IAM Roles for Service Accounts) via OIDC
- Enables secure pod-to-AWS communication
- No hardcoded credentials
---
### Storage
- AWS EBS CSI Driver (EKS Add-on)
- Supports dynamic provisioning via:
- Persistent Volume Claims (PVCs)
---
### Load Balancing
- Public subnets tagged for:
- Internet-facing Load Balancers
- Private subnets tagged for:
- Internal Load Balancers
---
## Design Decisions
### High Availability
- Multi-AZ architecture across all layers
- NAT Gateway per AZ (avoids single point of failure)
### Security First
- Worker nodes in private subnets
- No direct exposure to the internet
- IAM roles + OIDC for fine-grained access control
### Scalability
- Auto-scaling node group
- Kubernetes-native scaling support
### Infrastructure as Code
- Fully managed via Terraform
- Reproducible and version-controlled
---
## Key Learnings
- Proper subnet design is critical for EKS networking
- IRSA (OIDC) is essential for secure cloud-native workloads
- Separating public and private workloads improves security posture
- Terraform enforces consistency across complex infrastructure
---