https://github.com/trafik255/platform-engineering-starter-kit
A complete AWS platform engineering reference architecture using Terraform, ECS Fargate, ALB, CloudWatch, and GitHub Actions.
https://github.com/trafik255/platform-engineering-starter-kit
alb aws aws-ecs aws-vpc cicd cloudwatch devops ecs fastapi infrastructure-as-code microservices observability platform-engineering sre starter-kit terraform
Last synced: 4 months ago
JSON representation
A complete AWS platform engineering reference architecture using Terraform, ECS Fargate, ALB, CloudWatch, and GitHub Actions.
- Host: GitHub
- URL: https://github.com/trafik255/platform-engineering-starter-kit
- Owner: trafik255
- Created: 2025-11-13T01:22:10.000Z (4 months ago)
- Default Branch: main
- Last Pushed: 2025-11-20T04:32:00.000Z (4 months ago)
- Last Synced: 2025-11-20T06:15:34.515Z (4 months ago)
- Topics: alb, aws, aws-ecs, aws-vpc, cicd, cloudwatch, devops, ecs, fastapi, infrastructure-as-code, microservices, observability, platform-engineering, sre, starter-kit, terraform
- Language: HCL
- Homepage:
- Size: 41 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Platform Engineering Starter Repo
A complete, end-to-end reference implementation of core Platform Engineering patterns on AWS.
This repository includes fully working Terraform modules, a containerized microservice, an ECS + ALB deployment, CloudWatch logging, and GitHub Actions CI/CD workflows.
---
# Repository Structure
```
platform-engineering-starter-kit/
├── .github/
│ └── workflows/
│ ├── build.yml
│ ├── ecr-build-and-push.yml
│ └── terraform-ci.yml
│
├── app/
│ ├── app.py
│ ├── Dockerfile
│ └── init.py
│
├── docs/
│ ├── architecture.md
│ └── deploy.md
│
├── terraform/
│ ├── alb/
│ ├── cloudwatch/
│ ├── ecs-app/
│ ├── examples/
│ ├── iam/
│ ├── secrets/
│ ├── vpc/
│ ├── .terraform/
│ ├── main.tf
│ ├── outputs.tf
│ └── variables.tf
│
└── .gitignore
```
---
# Components
## **Terraform Modules**
### `vpc/`
- VPC, subnets, routing, IGW/NAT, and baseline security boundaries.
### `alb/`
- Application Load Balancer, listeners, target groups, and ECS service attachment.
### `ecs-app/`
- ECS cluster, service, task definition, networking mode, ALB integration.
### `cloudwatch/`
- Log groups, retention policies, ECS log driver configuration.
### `iam/`
- ECS task execution roles, task roles, and GitHub Actions OIDC trust policies.
### `secrets/`
- AWS Secrets Manager patterns for service configuration.
### `examples/`
- Small, self-contained deployments showing module usage.
---
## **Application (Microservice Example)**
The `app/` directory contains a simple Python service used as the ECS workload.
It demonstrates:
- Basic FastAPI-style structure
- Containerization via Dockerfile
- Health check integration for ALB
- How Terraform modules deploy workload end-to-end
---
## **CI/CD Workflows**
Located under `.github/workflows/`:
### `build.yml`
Builds the application container.
### `ecr-build-and-push.yml`
Builds & pushes the Docker image to Amazon ECR.
### `terraform-ci.yml`
Runs Terraform format, validate, and plan.
Can be extended to apply via GitHub OIDC.
The workflows show modern Cloud-native pipeline patterns with no long-lived AWS credentials.
---
# Goals
This project illustrates:
- Infrastructure-as-Code using Terraform
- Modular AWS architecture (VPC → ALB → ECS → IAM → CloudWatch)
- Real microservice deployment
- GitHub Actions-based CI/CD
- Secure AWS access via OIDC
- Clean, scalable platform layout
---
# Documentation
Found in `docs/`:
- **architecture.md** — system design and module overview
- **deploy.md** — how to stand up the stack
---
# License
MIT License.