Infrastructure as Code (IaC) is one of the most important skills for a modern DevOps engineer. Instead of clicking through cloud consoles, you define your entire environment in code — making it repeatable, reviewable, and easy to tear down and rebuild on demand.
To strengthen my Terraform and AWS skills, I built a Terraform AWS 3-Tier Platform that provisions a complete cloud environment using reusable modules and core AWS networking components. The project focuses on modular infrastructure design, AWS networking fundamentals, security best practices, and IaC principles — and the full source is on GitHub.
Project Overview
The goal was a multi-tier AWS infrastructure that separates application components into different network layers. The stack includes:
- AWS VPC with public and private subnets
- Internet Gateway and route tables
- Security groups scoped per tier
- Frontend EC2 instance (public subnet)
- Backend EC2 instance (private subnet)
- Dockerized applications on both tiers
- Fully modular Terraform code
Why a 3-Tier Architecture?
Presentation layer
The frontend runs on an EC2 instance in the public subnet — serving the web interface via Nginx on port 8080, reachable directly by users.
Application layer
The backend runs on a separate EC2 instance inside the private subnet, handling business logic and internal API calls. Because it has no direct internet exposure, it's protected from external access by default.
Infrastructure layer
AWS networking — VPC, Internet Gateway, route tables, and security groups — ties the tiers together and enforces the boundaries between them. This separation improves maintainability, scalability, and security.
Terraform Module Design
A core goal was avoiding one giant main.tf. The project is split into three reusable modules:
- VPC module — VPC, public/private subnets, Internet Gateway, route tables
- Security Groups module — frontend and backend security groups and rules
- EC2 module — frontend and backend instances with their security group attachments
Networking Design
VPC: 10.0.0.0/16
Public Subnet: 10.0.1.0/24 → frontend (internet-facing)
Private Subnet: 10.0.11.0/24 → backend (isolated)The public subnet hosts the frontend with connectivity through the Internet Gateway. The private subnet hosts the backend, isolated from direct external access — a common enterprise networking pattern.
Security Implementation
Frontend security group allows port 8080 (app) and 22 (SSH for admin access).
Backend security group allows port 3000 — and only from the frontend security group, not from the internet. This follows the principle of least privilege and minimizes the attack surface.
Docker Integration
Both tiers run as Docker containers, giving consistent deployments, portability, faster provisioning, and a clear path to migrating onto ECS or Kubernetes later.
Terraform Best Practices Applied
- Variables — infrastructure values moved out of hardcoded blocks for flexibility and reuse
- Outputs — root outputs expose VPC ID, subnet IDs, frontend public IP, and backend private IP
- Version pinning — a dedicated
versions.tfkeeps provider versions predictable across environments - Documentation — architecture diagram, deployment screenshots, and an interview-prep guide included in the repo
Lessons Learned
This project reinforced Terraform module design, AWS VPC networking, security group relationships, and just how much good documentation adds to a portfolio project — it's the difference between a repo that gets skimmed and one that gets read.
What's Next
Planned production-readiness upgrades:
- Application Load Balancer (ALB) + Auto Scaling Groups
- S3 remote backend with DynamoDB state locking
- GitHub Actions CI/CD pipeline
- CloudWatch monitoring
- RDS database tier
Conclusion
This Terraform AWS 3-Tier Platform shows how Infrastructure as Code can build secure, repeatable, maintainable cloud infrastructure — combining Terraform, AWS networking, EC2, Docker, and modular design into one practical project. If you're learning Terraform and AWS, building something like this hands-on is one of the fastest ways to develop real production instincts.