graph TB
subgraph Internet
User[Users]
end
User -->|HTTPS| WAF[AWS WAF<br/>OWASP Top 10<br/>Rate Limiting]
WAF -->|Filtered Traffic| IGW[Internet Gateway]
subgraph VPC[VPC 10.0.0.0/16]
IGW --> ALB
subgraph Public[Public Subnets]
ALB[Application Load Balancer<br/>Port 80/443]
NAT[NAT Gateway]
end
ALB -->|Route Traffic| ECS
subgraph Private[Private Subnets - Multi AZ]
subgraph AZ1[Availability Zone 1]
ECS1[ECS Fargate Task 1<br/>0.25 vCPU, 0.5GB]
DB1[PostgreSQL RDS<br/>Primary]
end
subgraph AZ2[Availability Zone 2]
ECS2[ECS Fargate Task 2<br/>0.25 vCPU, 0.5GB]
DB2[PostgreSQL RDS<br/>Standby]
end
ECS[ECS Service<br/>Auto-Scaling 2-4]
ECS --> ECS1
ECS --> ECS2
ECS1 -.->|Port 5432| DB1
ECS2 -.->|Port 5432| DB1
DB1 -.->|Replication| DB2
end
ECS1 -->|Outbound| NAT
ECS2 -->|Outbound| NAT
NAT --> IGW
end
subgraph External[AWS Services]
Secrets[Secrets Manager<br/>DB Credentials]
S3[S3 Bucket<br/>Terraform State]
CW[CloudWatch Logs<br/>Container Logs]
end
ECS1 -.->|Read Secrets| Secrets
ECS2 -.->|Read Secrets| Secrets
ECS1 -.->|Send Logs| CW
ECS2 -.->|Send Logs| CW
style User fill:#333,stroke:#333,color:#fff
style WAF fill:#333,stroke:#333,color:#fff
style IGW fill:#333,stroke:#333,color:#fff
style ALB fill:#333,stroke:#333,color:#fff
style NAT fill:#333,stroke:#333,color:#fff
style ECS fill:#333,stroke:#333,color:#fff
style ECS1 fill:#333,stroke:#333,color:#fff
style ECS2 fill:#333,stroke:#333,color:#fff
style DB1 fill:#333,stroke:#333,color:#fff
style DB2 fill:#333,stroke:#333,color:#fff
style Secrets fill:#333,stroke:#333,color:#fff
style S3 fill:#333,stroke:#333,color:#fff
style CW fill:#333,stroke:#333,color:#fff
style VPC fill:#111,stroke:#666,color:#fff
style Public fill:#222,stroke:#666,color:#fff
style Private fill:#222,stroke:#666,color:#fff
style AZ1 fill:#1a1a1a,stroke:#666,color:#fff
style AZ2 fill:#1a1a1a,stroke:#666,color:#fff
style External fill:#222,stroke:#666,color:#fff
Oghenesuvwe-dev/Terraform-AWS-ECS-fargate
Folders and files
| Name | Name | Last commit date | ||
|---|---|---|---|---|