A collection of real-world AWS infrastructure projects built with Terraform - covering networking, security, serverless, containers, databases, and cloud governance. Each project reflects production-oriented thinking with modular, maintainable code.
Turned an S3 bucket into a globally accessible static website - with a full CI/CD pipeline that automatically deploys on every push. No servers, no maintenance, no manual uploads.
What makes it interesting:
- Zero-server architecture - S3 serves the site directly
- CI/CD pipeline triggers on every Git push - code lands live without touching AWS Console
- CloudFront integration for HTTPS and edge caching 👉 View Project
Started with two isolated VPCs that couldn't talk to each other - solved it with VPC Peering, then scaled it to three VPCs using Transit Gateway to show why peering breaks down at scale.
What makes it interesting:
- Side-by-side comparison: VPC Peering vs Transit Gateway - when to use which
- Demonstrates the N*(N-1)/2 peering problem that Transit Gateway solves
- Pure networking - no shortcuts, built from scratch with route tables and CIDR planning 👉 View Project
Automated the entire IAM lifecycle - users, groups, roles, and policies - using Terraform.
The kind of setup that takes an ops team hours to do manually, done in one terraform apply.
What makes it interesting:
- Policy as Code - every permission is version-controlled and reviewable
- CI/CD integration - access changes go through Git, not the AWS Console
- Least-privilege by design - no wildcard permissions 👉 View Project
Solved the "how do you deploy with zero downtime" problem using a Blue-Green strategy on Elastic Beanstalk. Traffic switches instantly with a CNAME swap - users never see a reload.
What makes it interesting:
- Zero downtime deployments - old environment stays live until new one is healthy
- Instant rollback - if something breaks, swap back in seconds
- Real deployment strategy used by production teams at scale 👉 View Project
Built an event-driven image processing pipeline - upload a file to S3, Lambda triggers automatically, and spits out optimized JPEG, WebP, PNG variants plus thumbnails. No servers running 24/7.
What makes it interesting:
- Fully event-driven - zero manual intervention after upload
- Generates multiple output formats in a single Lambda execution
- Pay-per-invocation - costs nothing when idle
- Private buckets, CloudWatch logging, IAM scoped to least privilege 👉 View Project
Went beyond just launching an EC2 instance - automated everything that happens after it starts. File transfers, remote commands, and local scripts all wired through Terraform provisioners.
What makes it interesting:
- Covers all three provisioner types:
file,remote-exec,local-exec - Server is fully configured and ready the moment Terraform finishes - no manual SSH
- Shows the bridge between infrastructure provisioning and configuration management 👉 View Project
Provisioned a full Amazon EKS Kubernetes cluster the way it would actually look in a real company - multi-AZ, private worker nodes, Spot instances, monitoring, GitOps-ready.
What makes it interesting:
- Private worker nodes - workloads never exposed to the internet
- On-Demand + Spot node groups - significant compute cost reduction
- OIDC / IRSA setup - pods get scoped AWS permissions, no static credentials
- KMS encryption for Kubernetes secrets at rest
- Prometheus + Grafana monitoring stack deployed
- ArgoCD-ready architecture for GitOps workflows
- AWS Load Balancer Controller for production ingress 👉 View Project
Built the security and compliance layer that most teams skip - automated governance across S3, IAM, EBS, and MFA using AWS Config and Terraform. Policy violations are caught automatically.
What makes it interesting:
- Continuous compliance monitoring with AWS Config - not a one-time audit
- Enforces encryption, MFA, and tagging standards across the account automatically
- S3 hardened with versioning, encryption, and public access blocking
- Demonstrates enterprise-level security practices as code - not console clicks 👉 View Project
Deployed a full 2-tier web application on AWS - Flask on EC2, MySQL on RDS - with zero hardcoded secrets, private database isolation, and fully automated server bootstrap. The architecture you'd actually use in a real backend system.
What makes it interesting:
- RDS lives in a private subnet - no direct internet exposure whatsoever
- Passwords are auto-generated and stored in Secrets Manager - nothing sensitive in code or Git
- NAT Gateway enables secure outbound traffic from private subnet without opening inbound
- EC2 fully bootstraps via
user_data.sh- Flask installs, credentials inject, systemd starts the app - 5 reusable Terraform modules:
vpc,security_groups,secrets,rds,ec2👉 View Project
Built a production-grade observability stack for two real scenarios most teams skip - knowing when your Lambda pipeline is breaking, and knowing when someone is poking around your S3 buckets. Logs flow in, patterns get detected, alarms fire, emails land - all automated.
What makes it interesting:
- Two independent monitoring systems in one project: operational + security observability
- 13 CloudWatch Alarms across 3 severity tiers - Critical, Performance, and Log-based each routed to a separate SNS topic so the right person gets the right alert
- CloudWatch Metric Filters extract custom business metrics directly from Lambda logs - processing time, success rate, image size - not just what AWS gives you out of the box
- CloudTrail data events stream into CloudWatch Logs and get scanned for AccessDenied errors and restricted prefix access - suspicious S3 activity triggers an email in under 60 seconds
- IAM Condition blocks restrict CloudWatch metric publishing to a project-specific namespace - least privilege applied beyond just actions and resources
- 9 reusable Terraform modules with clean input/output contracts - swap variables, redeploy against any environment or function 👉 View Project
| Concept | Projects |
|---|---|
| Modular Terraform | 7, 8, 9, 10 |
| Networking & VPC Design | 2, 7, 9 |
| IAM & Least Privilege | 3, 5, 7, 8, 10 |
| Secrets & Credential Management | 7, 9 |
| CI/CD Integration | 1, 3 |
| Serverless & Event-Driven | 5, 10 |
| Container Orchestration | 7 |
| Zero-Downtime Deployments | 4 |
| Compliance & Governance | 8 |
| Database & Storage | 5, 9 |
Infrastructure: Terraform · AWS
Application: Python · Flask · Bash
DevOps: GitHub Actions · Docker · kubectl · ArgoCD · Prometheus · Grafana
These projects are built with production problems in mind - not just to make things work, but to make them secure, maintainable, and scalable. Each one tackles a specific real-world challenge that engineering teams actually face.
⭐ Explore each project folder for architecture diagrams, implementation details, and deployment steps.