DevOps Project 23

Deploy Two-Tier Architecture on AWS using Terraform



In the world of cloud computing, infrastructure as code (IaC) plays a pivotal role in automating the deployment and management of resources. This blog post provides a step-by-step guide on creating a Two-Tier architecture on AWS using Terraform. We’ll explore the essential services involved, ensuring high availability, security, and scalability for hosting a static website.

Also, we are adopting a modular approach with enhanced security measures. The infrastructure is organized into dedicated modules, ensuring a scalable, maintainable, and secure deployment.

Directory Overview

Directory Overview

  • bloody-sweet:
  • Configuration for Terraform backend, specifying where to store the Terraform state.
  • Main Terraform configuration orchestrating the deployment.
  • Definition of variables used in the main Terraform configuration.
  • variables.tfvars: Input values for the defined variables.
  • modules:
  • alb-tg:
  • Terraform script to gather information about the Application Load Balancer (ALB) and Target Group (TG).
  • Main Terraform configuration for ALB and TG.
  • Definition of variables used in the ALB and TG module.
  • aws-autoscaling:
  • Shell script for deploying the Auto Scaling Group.
  • Terraform script to gather information about the Auto Scaling Group.
  • Main Terraform configuration for the Auto Scaling Group.
  • Definition of variables used in the Auto Scaling Group module.
  • aws-iam:
  • Terraform configuration for IAM instance profile.
  • iam-policy.json: JSON file containing the IAM policy.
  • Terraform configuration for IAM policy.
  • iam-role.json: JSON file containing the IAM role.
  • Terraform configuration for IAM role.
  • Definition of variables used in the IAM module.
  • aws-rds:
  • Terraform script to gather information about the RDS cluster.
  • Main Terraform configuration for the RDS cluster.
  • Definition of variables used in the RDS module.
  • aws-vpc:
  • Main Terraform configuration for the Virtual Private Cloud (VPC) and other Networking Services like Public/Private Subnet, ElasticIP, etc.
  • Definition of variables used in the VPC module.
  • aws-waf-cdn-acm-route53:
  • Terraform configuration for ACM (Amazon Certificate Manager).
  • Terraform configuration for CDN (Content Delivery Network).
  • Terraform script to gather information about WAF, CDN, ACM, and Route 53.
  • Terraform configuration for Route 53.
  • Definition of variables used in the WAF, CDN, ACM, and Route 53 modules.
  • Terraform configuration for AWS WAF (Web Application Firewall).
  • security-group:
  • Terraform script to gather information about security groups.
  • Main Terraform configuration for security groups.
  • Definition of variables used in the security group module.

This modular approach enhances the project’s maintainability, making it easier to manage and scale as your infrastructure requirements evolve. Each module focuses on a specific aspect of the infrastructure, promoting reusability and clarity in configuration.


Before diving into the infrastructure creation, make sure you have the following:

  • An AWS Account
  • Terraform installed on your local machine
  • AWS Access and Secret Access keys configured
  • Domain Name Configured manually and add the Name Servers to your Domain Provider

Step-by-Step Guide

To get started, clone the repository using the following command:

git clone

Navigate to the project folder:

cd Non-Modularized/Two-Tier-Application/bloody-sweet

Planning and Deployment

Execute the following Terraform commands to plan and deploy the infrastructure:

terraform plan -var-file=variables.tfvars
terraform apply -var-file=variables.tfvars --auto-approve

Once the deployment is complete, you can inspect the created services using the provided snippets for each service.

VPC & Other Networking related Services


Public and Private Subnets

Public and Private Route tables

Internet Gateway

Elastic IP addresses

NAT Gateways

Security Groups

EC2 & AutoScaling Group

Launch template

AutoScaling Group

Target Group & Load Balancer

Target Group

Load balancer


Subnet Group for RDS

RDS Cluster

After Core Service, Deploy Service on Server


AWS Certificate Manager

AWS Web Application Firewall


IAM Role

IAM Policy

IAM instance profile

TF State file and State lock

Backend- TF State file stored on S3

TF State lock file

Once the deployment is completed, you can enter your domain name in the browser to validate whether your servers are perfectly running or not.

As you can see in the below snippet, the Application is running


When you’re done exploring the Two-Tier architecture and want to avoid incurring unnecessary costs, follow these steps to clean up the resources:

Run the following command to initiate the destruction of the infrastructure.

terraform destroy -var-file=variables.tfvars --auto-approve

Delete the Repository (Optional):

  • If you cloned the Git repository for this project and no longer need it, you can delete it locally.
rm -rf Terraform-for-AWS

This step is optional and depends on whether you plan to reuse the repository for future exploration.

By following these cleanup steps, you ensure that AWS resources are properly decommissioned, and you won’t incur unnecessary charges. Always exercise caution when performing destructive actions like terraform destroy to avoid unintended consequences.

Leave a Comment

MFH IT Solutions (Regd No -LIN : AP-03-46-003-03147775)

Consultation & project support organization.


MFH IT Solutions (Regd)
NAD Kotha Road, Opp Bashyam School, Butchurajupalem, Jaya Prakash Nagar Visakhapatnam, Andhra Pradesh – 530027