A production-grade infrastructure as code (IaC) project using Terraform to deploy a scalable web application on Google Cloud Platform. This infrastructure includes a secure VPC network, auto-scaling compute instances, managed PostgreSQL database, load balancing, and integrated monitoring. Designed for high availability and security with features like private networking, encrypted storage, and automated scaling.
- VPC Network: Custom VPC network with regional routing mode
- Subnets:
- Webapp Subnet: For hosting web application instances
- Database Subnet: For Cloud SQL instance with private IP
- Proxy-only Subnet: For load balancer
- Firewall Rules: Configured for health checks and proxy access
- Routes: Internet gateway route for webapp subnet
- Instance Template: CentOS-based template for web application VMs
- Instance Group Manager: Manages web application instances
- Autoscaler: Automatically scales instances based on CPU utilization
- Load Balancer: HTTPS load balancer with SSL certificate
- Cloud SQL: PostgreSQL 15 instance with private IP
- Database: Dedicated database for the web application
- User: Database user with secure password
- Cloud Storage: Bucket for application code and assets
- Pub/Sub: Topic for email notifications
- Cloud Functions: Function for email verification
- Service Accounts: Dedicated service accounts for different components
- IAM Roles: Appropriate permissions for service accounts
- KMS: Key management for encryption
- SSL Certificate: For HTTPS load balancer
- Cloud DNS: Managed DNS zone for the application domain
- Google Cloud Platform account
- Terraform installed
- GCP project with billing enabled
- Required API services enabled in GCP project
- SSL certificates for HTTPS load balancer
The infrastructure is configured using variables defined in var.tf. Key configurations include:
- Project ID: csye-6225-419603
- Region: us-east4
- Zone: us-east4-a
- Machine Type: e2-medium
- Database Version: PostgreSQL 15
- Database Tier: db-f1-micro
-
Initialize Terraform:
terraform init
-
Review the planned changes:
terraform plan
-
Apply the infrastructure:
terraform apply
- Private VPC network with restricted access
- Encrypted storage using KMS
- SSL/TLS for HTTPS traffic
- Private IP for database
- Service account-based authentication
- Firewall rules for controlled access
- Cloud Logging integration
- Cloud Monitoring setup
- Health checks for load balancer
To destroy the infrastructure:
terraform destroy- Ensure all required API services are enabled in the GCP project
- Keep SSL certificates secure and up to date
- Monitor costs regularly
- Follow security best practices for managing secrets and credentials