Reusable Terraform module for a production AWS setup. VPC with public/private subnets, ECS Fargate service, ALB, RDS, and CloudWatch monitoring.
## Task
Reusable Terraform module for production AWS infrastructure.
## Requirements
- Provider: AWS
- Terraform 1.5+
- Module structure with inputs/outputs
## Architecture
```
┌─────────────────────────────────────┐
│ VPC │
Internet ─── ALB ──►│ Public Subnet │ Private Subnet │
│ (NAT GW) │ (ECS Fargate) │
│ │ (RDS PostgreSQL) │
└─────────────────────────────────────┘
```
## Module Structure
```
modules/
├── vpc/ # VPC, subnets, NAT GW, route tables
├── ecs/ # ECS cluster, task def, service, auto-scaling
├── alb/ # Application Load Balancer, target groups, listeners
├── rds/ # RDS PostgreSQL, subnet group, security group
├── monitoring/ # CloudWatch dashboards, alarms, log groups
└── main.tf # Compose modules together
```
## Key Variables
```hcl
variable "environment" { description = "dev/staging/prod" }
variable "app_name" { description = "Application name for resource naming" }
variable "app_image" { description = "Docker image URI" }
variable "app_port" { description = "Container port" default = 3000 }
variable "cpu" { default = 256 } # Fargate CPU units
variable "memory" { default = 512 } # Fargate memory MB
variable "desired_count" { default = 2 } # ECS task count
variable "db_instance" { default = "db.t4g.micro" }
```
## Implementation Notes
1. Multi-AZ: spread across 2-3 AZs for availability
2. Security groups: least privilege (app → RDS on 5432 only)
3. Auto-scaling: CPU-based with min 2 / max 10 tasks
4. RDS: encrypted at rest, automated backups, 7-day retention
5. ALB: HTTPS with ACM certificate, HTTP → HTTPS redirect
6. Outputs: ALB URL, RDS endpoint, ECS cluster name, CloudWatch dashboard URLNo gallery images yet.