The latest articles on DEV Community by Deepanshu (@deepanshub09). https://dev.to/deepanshub09 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3384310%2Fc8d9a2d3-dcba-4014-bbf0-697e186a2996.jpg https://dev.to/deepanshub09 en Deepanshu Thu, 08 Jan 2026 20:59:16 +0000 https://dev.to/deepanshub09/building-a-production-grade-e-commerce-platform-on-gcp-a-complete-devops-journey-4lj4 https://dev.to/deepanshub09/building-a-production-grade-e-commerce-platform-on-gcp-a-complete-devops-journey-4lj4 <p>Hey there, fellow developers!</p> <p>Have you ever wondered what it takes to build and deploy a <strong>real production-grade application</strong> on the cloud? Not just a simple "Hello World" app, but a full-fledged microservices platform with proper CI/CD, monitoring, security, and all the bells and whistles that make it truly production-ready?</p> <p>Well, you're in the right place! In this comprehensive guide, I'll walk you through my journey of building and deploying a complete e-commerce platform on <strong>Google Cloud Platform (GCP)</strong> using modern DevOps practices. Whether you're a beginner taking your first steps into cloud-native development or an experienced engineer looking to level up your skills, this guide has something for everyone.</p> <h2> What You'll Learn </h2> <p>By the end of this guide, you'll understand:</p> <ul> <li>How to architect a <strong>microservices-based application</strong> from scratch</li> <li>Setting up <strong>Google Kubernetes Engine (GKE)</strong> for production workloads</li> <li>Implementing <strong>GitOps</strong> with ArgoCD for automated deployments</li> <li>Building a complete <strong>CI/CD pipeline</strong> with GitHub Actions</li> <li>Adding <strong>full observability</strong> with Datadog and SonarQube</li> <li>Managing <strong>infrastructure as code</strong> with Terraform</li> <li>Implementing <strong>security best practices</strong> (SSL/TLS, secrets management, vulnerability scanning)</li> <li>Setting up <strong>automated monitoring and alerting</strong> </li> </ul> <h2> Why This Project? </h2> <p>I created this project to bridge the gap between simple tutorials and real-world production systems. Most tutorials show you how to deploy a single container, but they don't show you:</p> <ul> <li>How to manage multiple microservices</li> <li>How to set up proper CI/CD pipelines</li> <li>How to monitor and debug issues in production</li> <li>How to handle secrets and security</li> <li>How to make your infrastructure reproducible</li> </ul> <p>This project addresses all of these challenges and more!</p> <p>Application Souce Code: <a href="https://github.com/deepanshub9/Microservice-Ecom-Store-K8s" rel="noopener noreferrer"> Link </a> </p> <h2> Project Overview </h2> <p>This is a <strong>cloud-native e-commerce platform</strong> built with:</p> <ul> <li> <strong>5 microservices</strong> written in Java, Go, and Node.js</li> <li> <strong>Kubernetes (GKE)</strong> for container orchestration</li> <li> <strong>ArgoCD</strong> for GitOps-based deployments</li> <li> <strong>GitHub Actions</strong> for CI/CD automation</li> <li> <strong>Datadog</strong> for monitoring, logging, and APM</li> <li> <strong>SonarQube</strong> for code quality analysis</li> <li> <strong>Terraform</strong> for infrastructure provisioning</li> <li> <strong>Helm</strong> for Kubernetes package management</li> </ul> <h3> The Architecture </h3> <p>Let me show you the high-level architecture of what we're building:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>┌─────────────────────────────────────────────────────────────┐ │ Internet Traffic (HTTPS) │ └────────────────────┬────────────────────────────────────────┘ │ ┌────────▼────────┐ │ GCP Load │ │ Balancer │ └────────┬────────┘ │ ┌────────▼────────┐ │ NGINX Ingress │ │ Controller │ │ (SSL/TLS) │ └────────┬────────┘ │ ┌────────────┼────────────┐ │ │ │ ┌────▼───┐ ┌────▼───┐ ┌────▼───┐ │ UI │ │ Cart │ │Checkout│ │ Service│ │ Service│ │ Service│ └────┬───┘ └────┬───┘ └────┬───┘ │ │ │ └───────┬───┴────────┬───┘ │ │ ┌────▼───┐ ┌───▼────┐ │Catalog │ │ Orders │ │ Service│ │ Service│ └────┬───┘ └───┬────┘ │ │ └─────┬─────┘ │ ┌─────▼─────┐ │ MySQL │ │ Database │ └───────────┘ </code></pre> </div> <p><strong>Key Components:</strong></p> <ol> <li> <strong>Frontend (UI Service)</strong>: Java-based web interface for customers</li> <li> <strong>Cart Service</strong>: Manages shopping cart operations (Java)</li> <li> <strong>Catalog Service</strong>: Product catalog and inventory (Go)</li> <li> <strong>Checkout Service</strong>: Handles order processing (Node.js)</li> <li> <strong>Orders Service</strong>: Order management and history (Java)</li> <li> <strong>MySQL Database</strong>: Persistent data storage</li> </ol> <p>All of this runs on <strong>Google Kubernetes Engine</strong>, managed by <strong>ArgoCD</strong>, monitored by <strong>Datadog</strong>, and deployed automatically via <strong>GitHub Actions</strong>.</p> <h2> Key Features </h2> <h3> DevOps Excellence </h3> <ul> <li>** GitOps Workflow**: Every deployment is version-controlled and declarative</li> <li>** Automated CI/CD**: Push code → Build → Test → Scan → Deploy (all automatic!)</li> <li>** Full Observability**: See everything happening in your cluster in real-time</li> <li> <strong>Security First</strong>: Automated vulnerability scanning, secrets management, SSL/TLS</li> <li>** Infrastructure as Code**: Entire infrastructure defined in Terraform</li> <li>** Self-Healing**: Kubernetes automatically restarts failed containers</li> </ul> <h3> Production-Ready Features </h3> <ul> <li> <strong>Auto-scaling</strong>: Automatically scales based on traffic</li> <li> <strong>Zero-downtime deployments</strong>: Update without affecting users</li> <li> <strong>Multi-zone deployment</strong>: High availability across multiple zones</li> <li> <strong>Automated SSL certificates</strong>: Let's Encrypt integration</li> <li> <strong>Centralized logging</strong>: All logs in one place</li> <li> <strong>Distributed tracing</strong>: Track requests across microservices</li> </ul> <h2> Technology Stack </h2> <p>Let me break down the technologies we'll be using:</p> <h3> Cloud &amp; Infrastructure </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Technology</th> <th>Purpose</th> <th>Why We Use It</th> </tr> </thead> <tbody> <tr> <td><strong>Google Cloud Platform</strong></td> <td>Cloud provider</td> <td>Excellent Kubernetes support, competitive pricing</td> </tr> <tr> <td><strong>GKE (Google Kubernetes Engine)</strong></td> <td>Container orchestration</td> <td>Managed Kubernetes, auto-updates, built-in monitoring</td> </tr> <tr> <td><strong>Terraform</strong></td> <td>Infrastructure as Code</td> <td>Reproducible infrastructure, version control</td> </tr> <tr> <td><strong>Helm</strong></td> <td>Kubernetes package manager</td> <td>Simplifies complex deployments</td> </tr> </tbody> </table></div> <h3> CI/CD &amp; GitOps </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Technology</th> <th>Purpose</th> <th>Why We Use It</th> </tr> </thead> <tbody> <tr> <td><strong>GitHub Actions</strong></td> <td>CI/CD pipeline</td> <td>Free for public repos, easy to configure</td> </tr> <tr> <td><strong>ArgoCD</strong></td> <td>GitOps controller</td> <td>Automated deployments, easy rollbacks</td> </tr> <tr> <td><strong>GCP Artifact Registry</strong></td> <td>Container registry</td> <td>Native GCP integration, secure</td> </tr> </tbody> </table></div> <h3> Monitoring &amp; Quality </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Technology</th> <th>Purpose</th> <th>Why We Use It</th> </tr> </thead> <tbody> <tr> <td><strong>Datadog</strong></td> <td>Monitoring &amp; APM</td> <td>Best-in-class observability platform</td> </tr> <tr> <td><strong>SonarQube</strong></td> <td>Code quality</td> <td>Catches bugs and security issues early</td> </tr> <tr> <td><strong>Trivy</strong></td> <td>Security scanning</td> <td>Finds vulnerabilities in container images</td> </tr> </tbody> </table></div> <h3> Networking &amp; Security </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Technology</th> <th>Purpose</th> <th>Why We Use It</th> </tr> </thead> <tbody> <tr> <td><strong>NGINX Ingress</strong></td> <td>Traffic routing</td> <td>Industry standard, highly configurable</td> </tr> <tr> <td><strong>Cert-Manager</strong></td> <td>SSL/TLS automation</td> <td>Free SSL certificates from Let's Encrypt</td> </tr> <tr> <td><strong>Kubernetes Secrets</strong></td> <td>Secrets management</td> <td>Secure credential storage</td> </tr> </tbody> </table></div> <h2> Prerequisites </h2> <p>Before we dive in, make sure you have:</p> <h3> Required Tools </h3> <ol> <li> <strong>Google Cloud Account</strong> (with billing enabled)</li> </ol> <ul> <li><a href="https://cloud.google.com/free" rel="noopener noreferrer">Sign up here</a></li> <li>You get $300 in free credits!</li> </ul> <ol> <li> <strong>gcloud CLI</strong> - Google Cloud command-line tool </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="c"># Install on Linux/macOS</span> curl https://sdk.cloud.google.com | bash <span class="c"># Or use package manager</span> <span class="c"># macOS: brew install google-cloud-sdk</span> <span class="c"># Windows: Download installer from cloud.google.com</span> </code></pre> </div> <ol> <li> <strong>kubectl</strong> - Kubernetes command-line tool </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="c"># Install via gcloud</span> gcloud components <span class="nb">install </span>kubectl <span class="c"># Or standalone</span> <span class="c"># macOS: brew install kubectl</span> <span class="c"># Linux: snap install kubectl --classic</span> </code></pre> </div> <ol> <li> <strong>Terraform</strong> - Infrastructure as Code tool </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="c"># macOS</span> brew <span class="nb">install </span>terraform <span class="c"># Linux</span> wget https://releases.hashicorp.com/terraform/1.6.0/terraform_1.6.0_linux_amd64.zip unzip terraform_1.6.0_linux_amd64.zip <span class="nb">sudo mv </span>terraform /usr/local/bin/ </code></pre> </div> <ol> <li> <strong>Docker</strong> - For building container images </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="c"># Install from docker.com/get-started</span> </code></pre> </div> <ol> <li> <strong>Helm</strong> - Kubernetes package manager </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="c"># macOS</span> brew <span class="nb">install </span>helm <span class="c"># Linux</span> curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash </code></pre> </div> <ol> <li> <strong>Git</strong> - Version control </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="c"># Most systems have this pre-installed</span> git <span class="nt">--version</span> </code></pre> </div> <h3> Required Accounts </h3> <ul> <li> <strong>GitHub Account</strong> (for code hosting and CI/CD)</li> <li> <strong>Datadog Account</strong> (free trial available at datadoghq.com)</li> <li> <strong>Domain Name</strong> (optional, but recommended for production)</li> </ul> <h3> Knowledge Prerequisites </h3> <p><strong>Beginner-Friendly!</strong> You should have:</p> <ul> <li>Basic understanding of Docker containers</li> <li>Familiarity with command-line interfaces</li> <li>Basic Git knowledge (clone, commit, push)</li> <li>Willingness to learn!</li> </ul> <p><strong>Nice to Have (but not required):</strong></p> <ul> <li>Understanding of Kubernetes concepts</li> <li>Experience with cloud platforms</li> <li>Knowledge of CI/CD pipelines</li> </ul> <p>Don't worry if you're missing some of these - I'll explain everything as we go!</p> <h1> Part 1: Getting Started &amp; Infrastructure Setup </h1> <h2> Step 1: Initial Setup &amp; Authentication </h2> <p>First, let's set up your local environment and authenticate with Google Cloud.</p> <h3> 1.1 Clone the Repository </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Clone the repository</span> git clone https://github.com/YOUR_USERNAME/Ecommerce-K8s.git <span class="nb">cd </span>Ecommerce-K8s </code></pre> </div> <h3> 1.2 Authenticate with Google Cloud </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Login to Google Cloud</span> gcloud auth login <span class="c"># This will open a browser window - sign in with your Google account</span> </code></pre> </div> <h3> 1.3 Create a GCP Project </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create a new project (replace PROJECT_ID with your desired ID)</span> gcloud projects create YOUR_PROJECT_ID <span class="nt">--name</span><span class="o">=</span><span class="s2">"E-Commerce Platform"</span> <span class="c"># Set as default project</span> gcloud config <span class="nb">set </span>project YOUR_PROJECT_ID <span class="c"># Enable billing (required for GKE)</span> <span class="c"># You'll need to do this in the GCP Console: console.cloud.google.com</span> </code></pre> </div> <h3> 1.4 Enable Required APIs </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Enable all necessary GCP APIs</span> gcloud services <span class="nb">enable </span>container.googleapis.com gcloud services <span class="nb">enable </span>compute.googleapis.com gcloud services <span class="nb">enable </span>artifactregistry.googleapis.com gcloud services <span class="nb">enable </span>cloudresourcemanager.googleapis.com gcloud services <span class="nb">enable </span>iam.googleapis.com gcloud services <span class="nb">enable </span>dns.googleapis.com </code></pre> </div> <p>** Pro Tip**: This step might take 2-3 minutes. Grab a coffee! ☕</p> <h3> 1.5 Set Your Region and Zone </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Choose a region close to your users</span> <span class="c"># Popular choices: us-central1, europe-west1, asia-southeast1</span> gcloud config <span class="nb">set </span>compute/region us-central1 gcloud config <span class="nb">set </span>compute/zone us-central1-a </code></pre> </div> <h2> Step 2: Infrastructure Provisioning with Terraform </h2> <p>Now we'll use Terraform to create all the infrastructure we need.</p> <h3> 2.1 Configure Terraform Variables </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cd </span>terraform <span class="c"># Create a terraform.tfvars file</span> <span class="nb">cat</span> <span class="o">&gt;</span> terraform.tfvars <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"> project_id = "YOUR_PROJECT_ID" region = "us-central1" zone = "us-central1-a" cluster_name = "ecommerce-gke-cluster" </span><span class="no">EOF </span></code></pre> </div> <h3> 2.2 Initialize Terraform </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Initialize Terraform (downloads required providers)</span> terraform init </code></pre> </div> <p>You should see output like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Initializing the backend... Initializing provider plugins... - Finding latest version of hashicorp/google... - Installing hashicorp/google v5.x.x... Terraform has been successfully initialized! </code></pre> </div> <h3> 2.3 Review the Infrastructure Plan </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># See what Terraform will create</span> terraform plan </code></pre> </div> <p>This shows you:</p> <ul> <li>VPC network and subnets</li> <li>GKE cluster with node pools</li> <li>Artifact Registry for container images</li> <li>IAM roles and service accounts</li> <li>Firewall rules</li> </ul> <p>** What's Being Created?**</p> <ul> <li> <strong>VPC Network</strong>: Isolated network for your resources</li> <li> <strong>GKE Cluster</strong>: Kubernetes cluster with 3 nodes (auto-scaling enabled)</li> <li> <strong>Artifact Registry</strong>: Private container registry</li> <li> <strong>Service Account</strong>: For GitHub Actions to deploy</li> <li> <strong>Firewall Rules</strong>: Security rules for your cluster</li> </ul> <h3> 2.4 Apply the Configuration </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create the infrastructure (this takes 10-15 minutes)</span> terraform apply <span class="c"># Type 'yes' when prompted</span> </code></pre> </div> <p>** Time for a break!** Creating a GKE cluster takes about 10-15 minutes. This is a good time to:</p> <ul> <li>Read through the ArgoCD documentation</li> <li>Set up your Datadog account</li> <li>Grab another coffee ☕</li> </ul> <h3> 2.5 Verify the Cluster </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Configure kubectl to use your new cluster</span> gcloud container clusters get-credentials ecommerce-gke-cluster <span class="se">\</span> <span class="nt">--region</span> us-central1 <span class="c"># Verify connection</span> kubectl get nodes </code></pre> </div> <p>You should see something like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>NAME STATUS ROLES AGE VERSION gke-ecommerce-default-pool-xxxxx-xxxx Ready &lt;none&gt; 5m v1.28.x gke-ecommerce-default-pool-xxxxx-yyyy Ready &lt;none&gt; 5m v1.28.x gke-ecommerce-default-pool-xxxxx-zzzz Ready &lt;none&gt; 5m v1.28.x </code></pre> </div> <p><strong>Congratulations!</strong> Your Kubernetes cluster is ready!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4h9weboiydb1vrfl9vx2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4h9weboiydb1vrfl9vx2.png" alt=" " width="800" height="317"></a></p> <p><em>The GKE cluster running in Google Cloud Console, showing nodes and cluster configuration</em></p> <h2> 🔧 Step 3: Installing Core Components </h2> <p>Now let's install the essential components: NGINX Ingress, Cert-Manager, and ArgoCD.</p> <h3> 3.1 Install NGINX Ingress Controller </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Add Helm repository</span> helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm repo update <span class="c"># Install NGINX Ingress</span> helm <span class="nb">install </span>ingress-nginx ingress-nginx/ingress-nginx <span class="se">\</span> <span class="nt">--namespace</span> ingress-nginx <span class="se">\</span> <span class="nt">--create-namespace</span> <span class="se">\</span> <span class="nt">--set</span> controller.service.type<span class="o">=</span>LoadBalancer </code></pre> </div> <p><strong>Wait for the Load Balancer to be ready:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># This might take 2-3 minutes</span> kubectl get svc <span class="nt">-n</span> ingress-nginx <span class="nt">-w</span> </code></pre> </div> <p>Press <code>Ctrl+C</code> when you see an EXTERNAL-IP assigned.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5wlu62ulfa17cs8a2gkp.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5wlu62ulfa17cs8a2gkp.png" alt=" " width="800" height="366"></a></p> <p><em>Load balancers created for external traffic routing</em></p> <h3> 3.2 Install Cert-Manager (for SSL/TLS) </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Add Helm repository</span> helm repo add jetstack https://charts.jetstack.io helm repo update <span class="c"># Install Cert-Manager</span> helm <span class="nb">install </span>cert-manager jetstack/cert-manager <span class="se">\</span> <span class="nt">--namespace</span> cert-manager <span class="se">\</span> <span class="nt">--create-namespace</span> <span class="se">\</span> <span class="nt">--set</span> <span class="nv">installCRDs</span><span class="o">=</span><span class="nb">true</span> </code></pre> </div> <p><strong>Verify installation:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl get pods <span class="nt">-n</span> cert-manager </code></pre> </div> <p>All pods should be in <code>Running</code> state.</p> <h3> 3.3 Configure Let's Encrypt </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create ClusterIssuer for SSL certificates</span> kubectl apply <span class="nt">-f</span> - <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"> apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt-prod spec: acme: server: https://acme-v02.api.letsencrypt.org/directory email: your-email@example.com # Change this! privateKeySecretRef: name: letsencrypt-prod solvers: - http01: ingress: class: nginx </span><span class="no">EOF </span></code></pre> </div> <p>** Important**: Replace <code>your-email@example.com</code> with your actual email!</p> <h3> 3.4 Install ArgoCD </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create namespace</span> kubectl create namespace argocd <span class="c"># Install ArgoCD</span> kubectl apply <span class="nt">-n</span> argocd <span class="nt">-f</span> https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml <span class="c"># Wait for pods to be ready</span> kubectl <span class="nb">wait</span> <span class="nt">--for</span><span class="o">=</span><span class="nv">condition</span><span class="o">=</span>Ready pods <span class="nt">--all</span> <span class="nt">-n</span> argocd <span class="nt">--timeout</span><span class="o">=</span>300s </code></pre> </div> <p><strong>Get ArgoCD admin password:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Retrieve the initial admin password</span> kubectl <span class="nt">-n</span> argocd get secret argocd-initial-admin-secret <span class="se">\</span> <span class="nt">-o</span> <span class="nv">jsonpath</span><span class="o">=</span><span class="s2">"{.data.password}"</span> | <span class="nb">base64</span> <span class="nt">-d</span> <span class="o">&amp;&amp;</span> <span class="nb">echo</span> </code></pre> </div> <p>** Save this password!** You'll need it to login to ArgoCD.</p> <p><strong>Access ArgoCD UI:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Port-forward to access locally</span> kubectl port-forward svc/argocd-server <span class="nt">-n</span> argocd 8080:443 </code></pre> </div> <p>Now open your browser to: <code>https://localhost:8080</code></p> <ul> <li>Username: <code>admin</code> </li> <li>Password: (the password you just retrieved)</li> </ul> <p><strong>You now have ArgoCD running!</strong></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwy8c9zolrc5v9knoy9ey.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwy8c9zolrc5v9knoy9ey.png" alt=" " width="800" height="404"></a></p> <p><em>ArgoCD dashboard showing all microservices managed via GitOps</em></p> <h2> Step 4: Setting Up the Database </h2> <p>Before deploying microservices, we need a database.</p> <h3> 4.1 Create Namespace </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create namespace for our application</span> kubectl create namespace retail-store </code></pre> </div> <h3> 4.2 Create MySQL Secret </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create secret for MySQL password</span> kubectl create secret generic mysql-secret <span class="se">\</span> <span class="nt">--from-literal</span><span class="o">=</span>mysql-root-password<span class="o">=</span>YOUR_SECURE_PASSWORD <span class="se">\</span> <span class="nt">--from-literal</span><span class="o">=</span>mysql-password<span class="o">=</span>YOUR_SECURE_PASSWORD <span class="se">\</span> <span class="nt">-n</span> retail-store </code></pre> </div> <h3> 4.3 Deploy MySQL </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Deploy MySQL</span> kubectl apply <span class="nt">-f</span> k8s/catalog-mysql.yaml <span class="nt">-n</span> retail-store kubectl apply <span class="nt">-f</span> k8s/catalog-mysql-service.yaml <span class="nt">-n</span> retail-store </code></pre> </div> <p><strong>Verify MySQL is running:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl get pods <span class="nt">-n</span> retail-store </code></pre> </div> <p>Wait until the MySQL pod shows <code>Running</code> status.</p> <p><strong>Initialize the database:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Run database initialization job</span> kubectl apply <span class="nt">-f</span> k8s/mysql-setup-job.yaml <span class="nt">-n</span> retail-store </code></pre> </div> <h2> Step 5: Setting Up Monitoring with Datadog </h2> <h3> 5.1 Get Your Datadog API Key </h3> <ol> <li>Sign up at <a href="https://www.datadoghq.com/" rel="noopener noreferrer">datadoghq.com</a> (free trial available)</li> <li>Go to: Organization Settings → API Keys</li> <li>Copy your API key</li> </ol> <h3> 5.2 Create Datadog Secret </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create secret with your Datadog API key</span> kubectl create secret generic datadog-secret <span class="se">\</span> <span class="nt">--from-literal</span><span class="o">=</span>api-key<span class="o">=</span>YOUR_DATADOG_API_KEY <span class="se">\</span> <span class="nt">-n</span> default </code></pre> </div> <h3> 5.3 Deploy Datadog Agent </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Deploy the Datadog agent</span> kubectl apply <span class="nt">-f</span> k8s/datadog-agent.yaml </code></pre> </div> <p><strong>Verify Datadog is collecting data:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl get pods <span class="nt">-l</span> <span class="nv">app</span><span class="o">=</span>datadog-agent </code></pre> </div> <p>Within 5 minutes, you should see data in your Datadog dashboard!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsr8kseul38rg6aka21o1.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsr8kseul38rg6aka21o1.png" alt=" " width="800" height="361"></a></p> <p><em>Real-time monitoring of Kubernetes pod restarts and alerts in Datadog</em></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3qzos9zivsy5urmysg4d.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3qzos9zivsy5urmysg4d.png" alt=" " width="800" height="359"></a></p> <p><em>Detailed view of all pods with resource usage and status</em></p> <h2> Step 6: Setting Up SonarQube for Code Quality </h2> <h3> 6.1 Deploy SonarQube </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Deploy SonarQube</span> kubectl apply <span class="nt">-f</span> terraform/sonarqube-production.yaml </code></pre> </div> <h3> 6.2 Expose SonarQube </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Change service type to LoadBalancer</span> kubectl patch svc sonarqube <span class="nt">-n</span> default <span class="nt">-p</span> <span class="s1">'{"spec": {"type": "LoadBalancer"}}'</span> <span class="c"># Get the external IP</span> kubectl get svc sonarqube <span class="nt">-n</span> default <span class="nt">-w</span> </code></pre> </div> <h3> 6.3 Access SonarQube </h3> <p>Wait for the EXTERNAL-IP to be assigned, then:</p> <ol> <li>Open browser to: <code>http://EXTERNAL-IP:9000</code> </li> <li>Default login: <code>admin</code> / <code>admin</code> </li> <li>Change password when prompted</li> </ol> <h3> 6.4 Create SonarQube Projects </h3> <p>In the SonarQube UI, create 5 projects:</p> <ol> <li><code>retail-store-cart</code></li> <li><code>retail-store-catalog</code></li> <li><code>retail-store-checkout</code></li> <li><code>retail-store-orders</code></li> <li><code>retail-store-ui</code></li> </ol> <p>For each project:</p> <ul> <li>Click "Create Project" → "Manually"</li> <li>Enter project key and name</li> <li>Click "Set Up"</li> <li>Choose "With GitHub Actions"</li> <li>Copy the token generated</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fuehfcs1l5pap6oac9w8y.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fuehfcs1l5pap6oac9w8y.png" alt=" " width="800" height="411"></a></p> <p><em>SonarQube code quality metrics showing all microservices passing quality gates</em></p> <h3> 6.5 Configure GitHub Secrets </h3> <p>Go to your GitHub repository → Settings → Secrets and variables → Actions</p> <p>Add these secrets:</p> <ul> <li> <code>SONAR_TOKEN</code>: Your SonarQube token</li> <li> <code>SONAR_HOST_URL</code>: <code>http://YOUR_SONARQUBE_IP:9000</code> </li> <li> <code>GCP_PROJECT_ID</code>: Your GCP project ID</li> <li> <code>GCP_REGION</code>: <code>us-central1</code> </li> <li> <code>ARTIFACT_REGISTRY</code>: <code>us-central1-docker.pkg.dev</code> </li> <li> <code>GCP_SA_KEY</code>: Service account JSON key (from Terraform output)</li> <li> <code>DATADOG_API_KEY</code>: Your Datadog API key</li> </ul> <h1> Part 2: Deploying Microservices &amp; CI/CD </h1> <h2> Step 7: Deploying Microservices with ArgoCD </h2> <h3> 7.1 Configure ArgoCD Applications </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Apply ArgoCD project definition</span> kubectl apply <span class="nt">-f</span> argocd/projects/retail-store-project.yaml <span class="c"># Apply all ArgoCD application definitions</span> kubectl apply <span class="nt">-f</span> argocd/applications/retail-store-cart.yaml kubectl apply <span class="nt">-f</span> argocd/applications/retail-store-catalog.yaml kubectl apply <span class="nt">-f</span> argocd/applications/retail-store-checkout.yaml kubectl apply <span class="nt">-f</span> argocd/applications/retail-store-orders.yaml kubectl apply <span class="nt">-f</span> argocd/applications/retail-store-ui.yaml </code></pre> </div> <h3> 7.2 Sync Applications </h3> <p>In the ArgoCD UI:</p> <ol> <li>Click on each application</li> <li>Click "Sync" → "Synchronize"</li> </ol> <p>Or use CLI:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Install ArgoCD CLI</span> brew <span class="nb">install </span>argocd <span class="c"># macOS</span> <span class="c"># or download from: https://argo-cd.readthedocs.io/en/stable/cli_installation/</span> <span class="c"># Login</span> argocd login localhost:8080 <span class="c"># Sync all applications</span> argocd app <span class="nb">sync </span>retail-store-cart argocd app <span class="nb">sync </span>retail-store-catalog argocd app <span class="nb">sync </span>retail-store-checkout argocd app <span class="nb">sync </span>retail-store-orders argocd app <span class="nb">sync </span>retail-store-ui </code></pre> </div> <h3> 7.3 Monitor Deployment </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Watch pods being created</span> kubectl get pods <span class="nt">-n</span> retail-store <span class="nt">-w</span> </code></pre> </div> <p>You should see all services starting up:</p> <ul> <li><code>cart-xxxxx</code></li> <li><code>catalog-xxxxx</code></li> <li><code>checkout-xxxxx</code></li> <li><code>orders-xxxxx</code></li> <li><code>ui-xxxxx</code></li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc0k3wk8eseaqzuqzbiqu.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc0k3wk8eseaqzuqzbiqu.png" alt=" " width="800" height="365"></a></p> <p><em>Visualized Kubernetes resource relationships for the deployed application</em></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fww03qabhyt2gxhbpbi48.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fww03qabhyt2gxhbpbi48.png" alt=" " width="800" height="416"></a></p> <p><em>All running pods across namespaces including ArgoCD, cert-manager, and microservices</em></p> <h2> Step 8: Accessing Your Application </h2> <h3> 8.1 Create Ingress </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Apply ingress configuration</span> kubectl apply <span class="nt">-f</span> terraform/retail-store-ingress.yaml <span class="nt">-n</span> retail-store </code></pre> </div> <h3> 8.2 Get the Ingress IP </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Get the external IP</span> kubectl get ingress <span class="nt">-n</span> retail-store </code></pre> </div> <h3> 8.3 Configure DNS (Optional) </h3> <p>If you have a domain:</p> <ol> <li>Create an A record pointing to the Ingress IP</li> <li>Wait for DNS propagation (5-30 minutes)</li> </ol> <p>Example DNS configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>store.example.com -&gt; &lt;INGRESS_IP&gt; </code></pre> </div> <h3> 8.4 Access the Application </h3> <p>Open your browser to:</p> <ul> <li> <strong>With domain</strong>: <code>https://store.example.com</code> </li> <li> <strong>Without domain</strong>: <code>http://&lt;INGRESS_IP&gt;</code> </li> </ul> <p><strong>Your e-commerce platform is live!</strong></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdbyxe2mx93gb0lqb15al.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdbyxe2mx93gb0lqb15al.png" alt=" " width="800" height="408"></a></p> <p><em>Live e-commerce application accessible via the configured domain</em></p> <h2> Understanding the CI/CD Pipeline </h2> <p>Let's dive deep into how the automated CI/CD pipeline works!</p> <h3> Pipeline Overview </h3> <p>Every time you push code to the <code>main</code> branch, GitHub Actions automatically:</p> <ol> <li> <strong>Detects Changes</strong> - Identifies which microservices were modified</li> <li> <strong>Runs SonarQube Analysis</strong> - Checks code quality and security</li> <li> <strong>Builds Docker Images</strong> - Creates container images</li> <li> <strong>Scans for Vulnerabilities</strong> - Uses Trivy to find security issues</li> <li> <strong>Pushes to Registry</strong> - Uploads images to GCP Artifact Registry</li> <li> <strong>Updates Helm Values</strong> - Modifies deployment configurations</li> <li> <strong>ArgoCD Deploys</strong> - Automatically deploys to Kubernetes</li> </ol> <h3> Pipeline Workflow Diagram </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>┌─────────────┐ │ Git Push │ └──────┬──────┘ │ ▼ ┌─────────────────┐ │ Detect Changes │ (Which services changed?) └──────┬──────────┘ │ ▼ ┌─────────────────┐ │ SonarQube Scan │ (Code quality check) └──────┬──────────┘ │ ▼ ┌─────────────────┐ │ Build Image │ (Docker build) └──────┬──────────┘ │ ▼ ┌─────────────────┐ │ Security Scan │ (Trivy) └──────┬──────────┘ │ ▼ ┌─────────────────┐ │ Push to Registry│ (Artifact Registry) └──────┬──────────┘ │ ▼ ┌─────────────────┐ │ Update Helm Vals│ (Git commit) └──────┬──────────┘ │ ▼ ┌─────────────────┐ │ ArgoCD Deploys │ (Automatic) └─────────────────┘ </code></pre> </div> <h3> Stage 1: Detect Changes </h3> <p>The pipeline only builds services that have changed:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">detect-changes</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">outputs</span><span class="pi">:</span> <span class="na">cart</span><span class="pi">:</span> <span class="s">${{ steps.filter.outputs.cart }}</span> <span class="na">catalog</span><span class="pi">:</span> <span class="s">${{ steps.filter.outputs.catalog }}</span> <span class="na">checkout</span><span class="pi">:</span> <span class="s">${{ steps.filter.outputs.checkout }}</span> <span class="na">orders</span><span class="pi">:</span> <span class="s">${{ steps.filter.outputs.orders }}</span> <span class="na">ui</span><span class="pi">:</span> <span class="s">${{ steps.filter.outputs.ui }}</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">dorny/paths-filter@v2</span> <span class="na">id</span><span class="pi">:</span> <span class="s">filter</span> <span class="na">with</span><span class="pi">:</span> <span class="na">filters</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">cart: 'src/cart/**'</span> <span class="s">catalog: 'src/catalog/**'</span> <span class="s">checkout: 'src/checkout/**'</span> <span class="s">orders: 'src/orders/**'</span> <span class="s">ui: 'src/ui/**'</span> </code></pre> </div> <p><strong>What this does</strong>: Only builds services that actually changed. Saves time and resources!</p> <h3> Stage 2: Code Quality Analysis </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">sonarqube</span><span class="pi">:</span> <span class="na">needs</span><span class="pi">:</span> <span class="s">detect-changes</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">strategy</span><span class="pi">:</span> <span class="na">matrix</span><span class="pi">:</span> <span class="na">service</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">cart</span><span class="pi">,</span> <span class="nv">catalog</span><span class="pi">,</span> <span class="nv">checkout</span><span class="pi">,</span> <span class="nv">orders</span><span class="pi">,</span> <span class="nv">ui</span><span class="pi">]</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout code</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run SonarQube Scan</span> <span class="c1"># Different scan methods for Java, Go, and Node.js</span> <span class="c1"># Checks for bugs, vulnerabilities, code smells</span> </code></pre> </div> <p><strong>What this does</strong>:</p> <ul> <li>Analyzes code for bugs and security issues</li> <li>Checks code coverage</li> <li>Enforces quality gates</li> <li>Fails the build if quality standards aren't met</li> </ul> <h3> Stage 3: Build and Deploy </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">build-deploy</span><span class="pi">:</span> <span class="na">needs</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">detect-changes</span><span class="pi">,</span> <span class="nv">sonarqube</span><span class="pi">]</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">strategy</span><span class="pi">:</span> <span class="na">matrix</span><span class="pi">:</span> <span class="na">service</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">cart</span><span class="pi">,</span> <span class="nv">catalog</span><span class="pi">,</span> <span class="nv">checkout</span><span class="pi">,</span> <span class="nv">orders</span><span class="pi">,</span> <span class="nv">ui</span><span class="pi">]</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build Docker Image</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">docker build -t $IMAGE_NAME:$TAG .</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Scan with Trivy</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">aquasecurity/trivy-action@master</span> <span class="na">with</span><span class="pi">:</span> <span class="na">image-ref</span><span class="pi">:</span> <span class="s">$IMAGE_NAME:$TAG</span> <span class="na">severity</span><span class="pi">:</span> <span class="s2">"</span><span class="s">CRITICAL,HIGH"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Push to Artifact Registry</span> <span class="na">run</span><span class="pi">:</span> <span class="s">docker push $IMAGE_NAME:$TAG</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Update Helm Values</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s"># Updates image tag in Helm chart</span> <span class="s"># ArgoCD detects this change and deploys</span> </code></pre> </div> <p><strong>What this does</strong>:</p> <ul> <li>Builds optimized Docker images</li> <li>Scans for security vulnerabilities</li> <li>Pushes to private registry</li> <li>Triggers GitOps deployment</li> </ul> <h3> How to Trigger the Pipeline </h3> <h4> Method 1: Push Code Changes </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Make changes to a service</span> <span class="nb">cd </span>src/cart <span class="c"># Edit some files...</span> <span class="c"># Commit and push</span> git add <span class="nb">.</span> git commit <span class="nt">-m</span> <span class="s2">"feat: add new cart feature"</span> git push origin main </code></pre> </div> <p>The pipeline automatically runs!</p> <h4> Method 2: Manual Trigger </h4> <p>In GitHub:</p> <ol> <li>Go to Actions tab</li> <li>Select "Build and Deploy"</li> <li>Click "Run workflow"</li> </ol> <h1> Part 3: Monitoring, Security &amp; Operations </h1> <h2> Monitoring and Observability </h2> <h3> Datadog Dashboard Setup </h3> <h4> 1. Kubernetes Overview Dashboard </h4> <p>In Datadog, go to Dashboards → New Dashboard</p> <p><strong>Key Metrics to Monitor:</strong></p> <ul> <li>Pod CPU Usage</li> <li>Pod Memory Usage</li> <li>Pod Restart Count</li> <li>Container Status</li> <li>Network Traffic</li> <li>Disk I/O</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fw92c2tipwmt04a3hvl47.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fw92c2tipwmt04a3hvl47.png" alt=" " width="800" height="361"></a></p> <p><em>Overview of pod health, resource usage, and container states in the GKE cluster</em></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnx1uccdx2d74iwybvvl5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnx1uccdx2d74iwybvvl5.png" alt=" " width="800" height="354"></a></p> <p><em>GCP Console showing resource usage, container restarts, and namespace metrics</em></p> <h4> 2. Application Performance Monitoring (APM) </h4> <p><strong>Enable APM in your services:</strong></p> <p>Each microservice is already configured with Datadog APM environment variables:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">env</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">DD_AGENT_HOST</span> <span class="na">valueFrom</span><span class="pi">:</span> <span class="na">fieldRef</span><span class="pi">:</span> <span class="na">fieldPath</span><span class="pi">:</span> <span class="s">status.hostIP</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">DD_SERVICE</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">cart-service"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">DD_ENV</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">production"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">DD_VERSION</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1.0.0"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">DD_TRACE_ENABLED</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span> </code></pre> </div> <p><strong>View traces in Datadog:</strong></p> <ol> <li>Go to APM → Traces</li> <li>See request flow across microservices</li> <li>Identify slow queries and bottlenecks</li> </ol> <h4> 3. Log Management </h4> <p><strong>View logs:</strong></p> <ol> <li>Go to Logs → Explorer</li> <li>Filter by service: <code>service:cart-service</code> </li> <li>Search for errors: <code>status:error</code> </li> </ol> <p><strong>Create log alerts:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Alert when: Error count &gt; 10 in 5 minutes Notify: Your email or Slack </code></pre> </div> <h2> Security Best Practices </h2> <h3> 1. Container Security </h3> <h4> Image Scanning with Trivy </h4> <p>Every image is scanned for vulnerabilities before deployment:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run Trivy vulnerability scanner</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">aquasecurity/trivy-action@master</span> <span class="na">with</span><span class="pi">:</span> <span class="na">image-ref</span><span class="pi">:</span> <span class="s">${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}</span> <span class="na">format</span><span class="pi">:</span> <span class="s2">"</span><span class="s">sarif"</span> <span class="na">severity</span><span class="pi">:</span> <span class="s2">"</span><span class="s">CRITICAL,HIGH"</span> <span class="na">exit-code</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1"</span> <span class="c1"># Fail build if vulnerabilities found</span> </code></pre> </div> <p><strong>Best Practices:</strong></p> <ul> <li>Use minimal base images (Alpine, Distroless)</li> <li>Regularly update dependencies</li> <li>Don't run containers as root</li> <li>Scan images in CI/CD pipeline</li> </ul> <h4> Dockerfile Security </h4> <p><strong>Bad Example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> ubuntu:latest</span> <span class="k">RUN </span>apt-get update <span class="o">&amp;&amp;</span> apt-get <span class="nb">install</span> <span class="nt">-y</span> python3 <span class="k">COPY</span><span class="s"> . /app</span> <span class="k">CMD</span><span class="s"> ["python3", "app.py"]</span> </code></pre> </div> <p><strong>Good Example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> python:3.11-alpine</span> <span class="k">RUN </span>addgroup <span class="nt">-g</span> 1000 appuser <span class="o">&amp;&amp;</span> <span class="se">\ </span> adduser <span class="nt">-D</span> <span class="nt">-u</span> 1000 <span class="nt">-G</span> appuser appuser <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> --chown=appuser:appuser requirements.txt .</span> <span class="k">RUN </span>pip <span class="nb">install</span> <span class="nt">--no-cache-dir</span> <span class="nt">-r</span> requirements.txt <span class="k">COPY</span><span class="s"> --chown=appuser:appuser . .</span> <span class="k">USER</span><span class="s"> appuser</span> <span class="k">CMD</span><span class="s"> ["python", "app.py"]</span> </code></pre> </div> <h3> 2. Secrets Management </h3> <h4> Never Commit Secrets! </h4> <p><strong>Bad:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">env</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">DB_PASSWORD</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">mypassword123"</span> <span class="c1"># Never do this!</span> </code></pre> </div> <p><strong>Good:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">env</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">DB_PASSWORD</span> <span class="na">valueFrom</span><span class="pi">:</span> <span class="na">secretKeyRef</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">mysql-secret</span> <span class="na">key</span><span class="pi">:</span> <span class="s">password</span> </code></pre> </div> <h4> Creating Secrets </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># From literal values</span> kubectl create secret generic mysql-secret <span class="se">\</span> <span class="nt">--from-literal</span><span class="o">=</span><span class="nv">password</span><span class="o">=</span>YOUR_PASSWORD <span class="se">\</span> <span class="nt">-n</span> retail-store <span class="c"># From files</span> kubectl create secret generic tls-secret <span class="se">\</span> <span class="nt">--from-file</span><span class="o">=</span>tls.crt<span class="o">=</span>cert.pem <span class="se">\</span> <span class="nt">--from-file</span><span class="o">=</span>tls.key<span class="o">=</span>key.pem <span class="se">\</span> <span class="nt">-n</span> retail-store </code></pre> </div> <h3> 3. Network Security </h3> <h4> Network Policies </h4> <p>Restrict traffic between pods:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">networking.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">NetworkPolicy</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">cart-network-policy</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">retail-store</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">podSelector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">cart</span> <span class="na">policyTypes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">Ingress</span> <span class="pi">-</span> <span class="s">Egress</span> <span class="na">ingress</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">from</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">podSelector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">ui</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">TCP</span> <span class="na">port</span><span class="pi">:</span> <span class="m">8080</span> <span class="na">egress</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">to</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">podSelector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">mysql</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">TCP</span> <span class="na">port</span><span class="pi">:</span> <span class="m">3306</span> </code></pre> </div> <h2> Troubleshooting Guide </h2> <h3> Common Issues and Solutions </h3> <h4> Issue 1: Pods Not Starting </h4> <p><strong>Symptom:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl get pods <span class="nt">-n</span> retail-store NAME READY STATUS RESTARTS AGE cart-xxxxx 0/1 ImagePullBackOff 0 2m </code></pre> </div> <p><strong>Diagnosis:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl describe pod cart-xxxxx <span class="nt">-n</span> retail-store kubectl logs cart-xxxxx <span class="nt">-n</span> retail-store </code></pre> </div> <p><strong>Common Causes:</strong></p> <ol> <li> <strong>Image doesn't exist</strong> - Check Artifact Registry</li> <li> <strong>Authentication issues</strong> - Verify image pull secrets</li> <li> <strong>Wrong image tag</strong> - Check Helm values</li> </ol> <h4> Issue 2: Service Not Accessible </h4> <p><strong>Symptom:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl http://INGRESS_IP <span class="c"># Connection refused or 404</span> </code></pre> </div> <p><strong>Diagnosis:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Check ingress</span> kubectl get ingress <span class="nt">-n</span> retail-store <span class="c"># Check service</span> kubectl get svc <span class="nt">-n</span> retail-store <span class="c"># Check endpoints</span> kubectl get endpoints <span class="nt">-n</span> retail-store </code></pre> </div> <p><strong>Solutions:</strong></p> <ol> <li>Verify ingress configuration</li> <li>Check service selector matches pod labels</li> <li>Ensure pods are ready</li> </ol> <h4> Issue 3: Database Connection Errors </h4> <p><strong>Symptom:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Error: Unable to connect to MySQL </code></pre> </div> <p><strong>Diagnosis:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Check MySQL pod</span> kubectl get pods <span class="nt">-n</span> retail-store | <span class="nb">grep </span>mysql <span class="c"># Check MySQL logs</span> kubectl logs mysql-xxxxx <span class="nt">-n</span> retail-store <span class="c"># Test connection</span> kubectl run <span class="nt">-it</span> <span class="nt">--rm</span> debug <span class="nt">--image</span><span class="o">=</span>mysql:8.0 <span class="nt">--restart</span><span class="o">=</span>Never <span class="nt">-n</span> retail-store <span class="nt">--</span> <span class="se">\</span> mysql <span class="nt">-h</span> mysql <span class="nt">-u</span> root <span class="nt">-p</span> </code></pre> </div> <h3> Debugging Commands Cheat Sheet </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># View all resources</span> kubectl get all <span class="nt">-n</span> retail-store <span class="c"># Describe a resource</span> kubectl describe pod POD_NAME <span class="nt">-n</span> retail-store <span class="c"># View logs</span> kubectl logs POD_NAME <span class="nt">-n</span> retail-store kubectl logs POD_NAME <span class="nt">-n</span> retail-store <span class="nt">--previous</span> <span class="c"># Follow logs in real-time</span> kubectl logs <span class="nt">-f</span> POD_NAME <span class="nt">-n</span> retail-store <span class="c"># Execute commands in a pod</span> kubectl <span class="nb">exec</span> <span class="nt">-it</span> POD_NAME <span class="nt">-n</span> retail-store <span class="nt">--</span> /bin/bash <span class="c"># Port forward to a service</span> kubectl port-forward svc/cart 8080:80 <span class="nt">-n</span> retail-store <span class="c"># View events</span> kubectl get events <span class="nt">-n</span> retail-store <span class="nt">--sort-by</span><span class="o">=</span><span class="s1">'.lastTimestamp'</span> <span class="c"># Check resource usage</span> kubectl top nodes kubectl top pods <span class="nt">-n</span> retail-store </code></pre> </div> <h2> Cost Optimization </h2> <h3> 1. Right-Size Your Resources </h3> <h4> Monitor Resource Usage </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Check actual resource usage</span> kubectl top pods <span class="nt">-n</span> retail-store <span class="c"># Compare with requested resources</span> kubectl describe deployment cart <span class="nt">-n</span> retail-store | <span class="nb">grep</span> <span class="nt">-A</span> 5 Requests </code></pre> </div> <p><strong>Adjust based on actual usage:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">resources</span><span class="pi">:</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s2">"</span><span class="s">100m"</span> <span class="c1"># Start small</span> <span class="na">memory</span><span class="pi">:</span> <span class="s2">"</span><span class="s">256Mi"</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s2">"</span><span class="s">500m"</span> <span class="c1"># Set reasonable limits</span> <span class="na">memory</span><span class="pi">:</span> <span class="s2">"</span><span class="s">512Mi"</span> </code></pre> </div> <h3> 2. Use Preemptible/Spot Instances </h3> <p><strong>Create a preemptible node pool:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>gcloud container node-pools create preemptible-pool <span class="se">\</span> <span class="nt">--cluster</span><span class="o">=</span>ecommerce-gke-cluster <span class="se">\</span> <span class="nt">--preemptible</span> <span class="se">\</span> <span class="nt">--num-nodes</span><span class="o">=</span>2 <span class="se">\</span> <span class="nt">--machine-type</span><span class="o">=</span>e2-medium <span class="se">\</span> <span class="nt">--region</span><span class="o">=</span>us-central1 </code></pre> </div> <h3> 3. Implement Autoscaling </h3> <h4> Horizontal Pod Autoscaler (HPA) </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create HPA</span> kubectl autoscale deployment cart <span class="se">\</span> <span class="nt">--cpu-percent</span><span class="o">=</span>70 <span class="se">\</span> <span class="nt">--min</span><span class="o">=</span>2 <span class="se">\</span> <span class="nt">--max</span><span class="o">=</span>10 <span class="se">\</span> <span class="nt">-n</span> retail-store </code></pre> </div> <h4> Cluster Autoscaler </h4> <p>Already enabled in Terraform configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">autoscaling</span> <span class="p">{</span> <span class="nx">min_node_count</span> <span class="p">=</span> <span class="mi">1</span> <span class="nx">max_node_count</span> <span class="p">=</span> <span class="mi">10</span> <span class="p">}</span> </code></pre> </div> <h3> 4. Estimated Monthly Costs </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Component</th> <th>Estimated Cost</th> <th>Optimization Tips</th> </tr> </thead> <tbody> <tr> <td>GKE Cluster</td> <td>$150-300</td> <td>Use Preemptible nodes for dev/test</td> </tr> <tr> <td>Compute Instances</td> <td>$200-500</td> <td>Right-size node pools, enable autoscaling</td> </tr> <tr> <td>Artifact Registry</td> <td>$10-30</td> <td>Implement image retention policies</td> </tr> <tr> <td>Load Balancers</td> <td>$20-40</td> <td>Consolidate ingresses where possible</td> </tr> <tr> <td>Cloud Storage</td> <td>$5-15</td> <td>Lifecycle policies for old backups</td> </tr> <tr> <td>Datadog</td> <td>$0-100+</td> <td>Depends on plan/usage</td> </tr> <tr> <td><strong>Total</strong></td> <td><strong>$385-985+</strong></td> <td></td> </tr> </tbody> </table></div> <h2> Learning Resources </h2> <h3> Official Documentation </h3> <ul> <li><a href="https://kubernetes.io/docs/" rel="noopener noreferrer">Kubernetes Documentation</a></li> <li><a href="https://cloud.google.com/kubernetes-engine/docs" rel="noopener noreferrer">Google Kubernetes Engine</a></li> <li><a href="https://argo-cd.readthedocs.io/" rel="noopener noreferrer">ArgoCD Documentation</a></li> <li><a href="https://registry.terraform.io/providers/hashicorp/google/latest/docs" rel="noopener noreferrer">Terraform GCP Provider</a></li> <li><a href="https://docs.datadoghq.com/integrations/kubernetes/" rel="noopener noreferrer">Datadog Kubernetes Integration</a></li> </ul> <h3> Recommended Books </h3> <ul> <li>"Kubernetes in Action" by Marko Lukša</li> <li>"The DevOps Handbook" by Gene Kim</li> <li>"Site Reliability Engineering" by Google</li> <li>"Terraform: Up &amp; Running" by Yevgeniy Brikman</li> </ul> <h3> Online Courses </h3> <ul> <li><a href="https://www.cncf.io/certification/training/" rel="noopener noreferrer">Kubernetes Fundamentals (CNCF)</a></li> <li><a href="https://www.cloudskillsboost.google/" rel="noopener noreferrer">Google Cloud Skills Boost</a></li> <li><a href="https://argo-cd.readthedocs.io/en/stable/getting_started/" rel="noopener noreferrer">ArgoCD Tutorial</a></li> </ul> <h2> Conclusion </h2> <p>Congratulations! 🎊 You've just learned how to build and deploy a production-grade microservices platform on Google Cloud Platform!</p> <h3> What We've Accomplished </h3> <p><strong>Infrastructure</strong>: Set up a complete GKE cluster with Terraform<br> <strong>Microservices</strong>: Deployed 5 microservices in multiple languages<br> <strong>GitOps</strong>: Implemented automated deployments with ArgoCD<br> <strong>CI/CD</strong>: Built a complete pipeline with GitHub Actions<br> <strong>Monitoring</strong>: Added full observability with Datadog<br> <strong>Security</strong>: Implemented security best practices<br> <strong>Quality</strong>: Integrated code quality checks with SonarQube</p> <h3> Next Steps </h3> <p>Now that you have a solid foundation, consider:</p> <ol> <li><strong>Add More Features</strong></li> </ol> <ul> <li>Implement caching with Redis</li> <li>Add message queuing with Pub/Sub</li> <li>Integrate with Cloud CDN</li> </ul> <ol> <li><strong>Enhance Security</strong></li> </ol> <ul> <li>Implement service mesh (Istio)</li> <li>Add OAuth2/OIDC authentication</li> <li>Enable Cloud Armor WAF</li> </ul> <ol> <li><strong>Improve Observability</strong></li> </ol> <ul> <li>Add custom business metrics</li> <li>Implement distributed tracing</li> <li>Create SLO/SLI dashboards</li> </ul> <ol> <li> <strong>Scale Further</strong> <ul> <li>Multi-region deployment</li> <li>Global load balancing</li> <li>Database sharding</li> </ul> </li> </ol> <h3> Final Thoughts </h3> <p>Building production systems is a journey, not a destination. This project gives you a solid foundation, but there's always more to learn and improve. Keep experimenting, keep learning, and most importantly, keep building!</p> <p>If you found this guide helpful, please:</p> <ul> <li>⭐ Star the repository</li> <li>🔄 Share with your network</li> <li>💬 Leave a comment with your experience</li> <li>🐛 Report issues or suggest improvements</li> </ul> <h3> Connect With Me </h3> <ul> <li>GitHub: [<a href="https://github.com/deepanshub9" rel="noopener noreferrer">https://github.com/deepanshub9</a>]</li> <li>LinkedIn: [<a href="https://www.linkedin.com/in/deepanshub/" rel="noopener noreferrer">https://www.linkedin.com/in/deepanshub/</a>]</li> <li>Twitter: [<a href="https://x.com/realthetechguy" rel="noopener noreferrer">https://x.com/realthetechguy</a>]</li> <li>Blog: [<a href="https://dev.to/deepanshub09">https://dev.to/deepanshub09</a>]</li> </ul> <p>Happy coding! 🚀</p> <h2> License </h2> <p>This project is licensed under the Apache License 2.0 - see the <a href="https://dev.toLICENSE">LICENSE</a> file for details.</p> <h2> Acknowledgments </h2> <ul> <li>Original AWS Retail Store Sample App team</li> <li>Google Cloud Platform documentation</li> <li>Kubernetes community</li> <li>ArgoCD project</li> <li>All open-source contributors</li> </ul> <p><strong>Did you deploy this successfully? I'd love to hear about your experience! Drop a comment below! 👇</strong></p> <h1> kubernetes #gcp #devops #microservices #gitops #cloudnative #terraform #argocd #cicd #production </h1> kubernetes gcp devops microservices Deepanshu Sat, 04 Oct 2025 21:01:35 +0000 https://dev.to/deepanshub09/building-a-complete-aws-vpc-with-load-balancer-a-step-by-step-journey-2oj8 https://dev.to/deepanshub09/building-a-complete-aws-vpc-with-load-balancer-a-step-by-step-journey-2oj8 <p><em>A comprehensive guide to creating a production-ready AWS infrastructure including all the roadblocks I hit and how to solve them</em></p> <h4> Introduction </h4> <p>Hey there, fellow cloud explorer! Have you ever tried setting up an AWS infrastructure and found yourself scratching your head, wondering, “Why isn’t this working?!” I’ve been there too! In this down-to-earth guide, I’ll walk you through building a full AWS Virtual Private Cloud (VPC) with an Application Load Balancer (ALB), EC2 instances, and more while sharing every stumble I made along the way and how I fixed them.</p> <p>This isn’t your typical polished tutorial. It’s the real deal complete with those “uh-oh” moments and their practical solutions. By the end, you’ll have a production ready setup and the know how to troubleshoot like a pro. Let’s dive in!</p> <h4> What We’re Building </h4> <p>Imagine we’re setting up “Dublin Delights,” a small online store selling Irish goodies. Our final architecture will include:</p> <ul> <li>A VPC with public and private subnets</li> <li>An Internet Gateway for public access</li> <li>A NAT Gateway for private subnet internet access</li> <li>An Application Load Balancer to distribute traffic</li> <li>3 EC2 instances (1 public, 2 private)</li> <li>Tight security groups and routing</li> <li>Working web servers behind the load balancer</li> </ul> <p>Ready? Let’s get started!</p> <h4> Phase 1: Setting Up the VPC Foundation </h4> <h5> Creating the VPC </h5> <p>First, let’s build the foundation our Virtual Private Cloud:</p> <ol> <li>Head to the AWS Console &gt; Search “VPC” &gt; Click “VPC” &gt; “Create VPC”.</li> <li>Choose “VPC and more” (this sets up everything in one go).</li> <li>Configuration: <ul> <li>Name: <code>dublin-delights-vpc</code> </li> <li>IPv4 CIDR: <code>10.0.0.0/16</code> (gives us 65,536 IP addresses)</li> <li>Number of Availability Zones (AZs): 2 (e.g., US-east-1a, US-east-1b)</li> <li>Public subnets: 1 (e.g., <code>10.0.1.0/24</code>)</li> <li>Private subnets: 2 (e.g., <code>10.0.2.0/24</code>, <code>10.0.3.0/24</code>)</li> <li>NAT gateways: 1 (in the public subnet)</li> <li>VPC endpoints: None</li> </ul> </li> <li>Hit “Create VPC” and wait a minute for it to spin up.</li> </ol> <p><strong>What This Creates:</strong></p> <ul> <li>A VPC with the <code>10.0.0.0/16</code> CIDR block</li> <li>1 public subnet (<code>10.0.1.0/24</code>)</li> <li>2 private subnets (<code>10.0.2.0/24</code>, <code>10.0.3.0/24</code>)</li> <li>An Internet Gateway</li> <li>A NAT Gateway in the public subnet</li> <li>Route tables (we’ll tweak these later)</li> </ul> <h5> The First Problem: DNS Resolution Woes </h5> <p>After creating the VPC, I launched instances but hit a snag DNS wasn’t working! Updates failed with “temporary failure resolving” errors. Here’s the fix:</p> <ol> <li>VPC Console &gt; “Your VPCs” &gt; Select <code>dublin-delights-vpc</code>.</li> <li>“Actions” &gt; “Edit VPC settings”.</li> <li>Enable “DNS hostnames” and “DNS resolution” (both checkboxes).</li> <li>Save changes.</li> </ol> <p><strong>Why This Matters:</strong> Without DNS hostnames, instances can’t resolve domain names (e.g., <code>sudo-apt-get update</code> fails). This little toggle saved my day!</p> <h4> Phase 2: Launching EC2 Instances </h4> <h5> Creating the Instances </h5> <p>Let’s launch our three servers:</p> <ul> <li> <p><strong>Public Instance (public-web-1):</strong></p> <ol> <li>EC2 Console &gt; “Launch Instance”.</li> <li>Configuration: <ul> <li>Name: <code>public-web-1</code> </li> <li>AMI: Ubuntu Server 22.04 LTS</li> <li>Instance type: <code>t2.micro</code> (Free Tier eligible)</li> <li>Key pair: Select or create <code>devops-key</code> (download <code>.pem</code> file)</li> <li>VPC: <code>dublin-delights-vpc</code> </li> <li>Subnet: <code>public-subnet-1</code> </li> <li>Auto-assign Public IP: Enable</li> <li>Security group: Create new “public-sg”</li> </ul> </li> <li>Launch and wait for “Running”.</li> </ol> </li> <li> <p><strong>Private Instances (private-web-2, private-web-3):</strong></p> <ul> <li>Repeat the process, but:</li> <li>Name: <code>private-web-2</code> and <code>private-web-3</code> </li> <li>Subnet: <code>private-subnet-1</code> and <code>private-subnet-2</code> </li> <li>Auto-assign Public IP: Disable</li> <li>Security group: Create new “private-sg”</li> <li>Launch both.</li> </ul> </li> </ul> <h5> The Second Problem: Connection Timeouts </h5> <p>I couldn’t SSH to my instances got “ssh: connect to host 52.23.157.242 port 22: Connection timed out.” Ouch! The culprit? Security groups.</p> <ul> <li> <strong>Solution - Fix Security Groups:</strong> <ul> <li><strong>public-sg:</strong></li> <li>Inbound: SSH (22) from “My IP”, HTTP (80) from <code>0.0.0.0/0</code> </li> <li>Outbound: All traffic to <code>0.0.0.0/0</code> </li> <li><strong>private-sg:</strong></li> <li>Inbound: SSH (22) from <code>public-sg</code>, HTTP (80) from ALB security group (later)</li> <li>Outbound: All traffic to <code>0.0.0.0/0</code> </li> <li>Apply and test SSH: <code>ssh -i devops-key.pem ubuntu@public-ip</code>.</li> </ul> </li> </ul> <h5> The Third Problem: Session Manager Not Working </h5> <p>Tried AWS Session Manager got “SSM Agent is not online.” The route table was the issue my “public” subnet wasn’t really public!</p> <ul> <li> <strong>Solution - Fix Route Tables:</strong> <ol> <li>VPC Console &gt; “Route Tables” &gt; Find the one for <code>public-subnet-1</code>.</li> <li>“Routes” tab &gt; “Edit routes” &gt; Add: Destination <code>0.0.0.0/0</code>, Target “Internet Gateway” (<code>dublin-igw</code>).</li> <li>Save.</li> </ol> </li> <li> <strong>Result:</strong> SSH, Session Manager, and internet access worked!</li> </ul> <h4> Phase 3: Setting Up the Application Load Balancer </h4> <h5> Creating the ALB </h5> <ol> <li>EC2 Console &gt; “Load Balancers” &gt; “Create Load Balancer” &gt; “Application Load Balancer”.</li> <li>Configuration: <ul> <li>Name: <code>dublin-alb</code> </li> <li>Scheme: Internet-facing</li> <li>IP address type: IPv4</li> <li>VPC: <code>dublin-delights-vpc</code> </li> <li>Availability Zones: Select both AZs with <code>public-subnet-1</code> </li> <li>Security group: Create new “alb-sg”</li> </ul> </li> <li>Create and wait 5 minutes.</li> </ol> <h5> Creating the Target Group </h5> <ol> <li>EC2 Console &gt; “Target Groups” &gt; “Create target group”.</li> <li>Configuration: <ul> <li>Target type: Instances</li> <li>Name: <code>web-targets</code> </li> <li>Protocol: HTTP</li> <li>Port: 80</li> <li>VPC: <code>dublin-delights-vpc</code> </li> <li>Health check path: <code>/</code> </li> </ul> </li> <li>Register targets: Add all 3 instances.</li> <li>Create.</li> </ol> <h5> The Fourth Problem: 504 Gateway Timeout </h5> <p>Accessing the ALB gave “504 Gateway Time-out,” with targets “Unhealthy” (Target.Timeout).</p> <ul> <li> <p><strong>Root Cause #1: No Web Servers</strong></p> <ul> <li> <strong>Solution:</strong> Install Apache on each instance: </li> </ul> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update <span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> apache2 <span class="nb">sudo </span>systemctl start apache2 <span class="nb">sudo </span>systemctl <span class="nb">enable </span>apache2 <span class="nb">echo</span> <span class="s2">"&lt;h1&gt;Web Server - </span><span class="si">$(</span><span class="nb">hostname</span><span class="si">)</span><span class="s2">&lt;/h1&gt;"</span> | <span class="nb">sudo tee</span> /var/www/html/index.html curl http://localhost </code></pre> </li> <li> <p><strong>Root Cause #2: ALB Security Group Outbound Rules Missing</strong></p> <ul> <li>Even with web servers, 504 persisted. The ALB’s security group had no outbound rules!</li> <li><strong>Critical Fix:</strong></li> <li>EC2 Console &gt; “Security Groups” &gt; <code>alb-sg</code>.</li> <li>“Outbound rules” &gt; “Edit outbound rules” &gt; Add: Type “All traffic”, Destination <code>0.0.0.0/0</code>.</li> <li>Save.</li> </ul> </li> <li><p><strong>Why This Matters:</strong> ALB needs outbound rules to send health checks and traffic.</p></li> </ul> <h4> Phase 4: Fine-Tuning and Testing </h4> <h5> Proper Security Group Configuration </h5> <ul> <li> <strong>alb-sg:</strong> <ul> <li>Inbound: HTTP (80) from <code>0.0.0.0/0</code> </li> <li>Outbound: All traffic to <code>0.0.0.0/0</code> </li> </ul> </li> <li> <strong>public-sg:</strong> <ul> <li>Inbound: SSH (22) from “My IP”, HTTP (80) from <code>alb-sg</code> </li> <li>Outbound: All traffic to <code>0.0.0.0/0</code> </li> </ul> </li> <li> <strong>private-sg:</strong> <ul> <li>Inbound: SSH (22) from <code>public-sg</code>, HTTP (80) from <code>alb-sg</code> </li> <li>Outbound: All traffic to <code>0.0.0.0/0</code> </li> </ul> </li> </ul> <h5> Testing the Complete Setup </h5> <ul> <li> <strong>Test 1: Individual Instance Access</strong> <ul> <li>From public instance: <code>curl http://10.0.2.135</code> and <code>curl http://10.0.3.150</code>.</li> </ul> </li> <li> <strong>Test 2: Load Balancer</strong> <ul> <li><code>curl http://dublin-alb-689675767.eu-west-1.elb.amazonaws.com</code></li> <li>Loop: <code>for i in {1..5}; do curl http://dublin-alb-689675767.eu-west-1.elb.amazonaws.com; done</code> (shows rotation).</li> </ul> </li> <li> <strong>Test 3: NAT Gateway Functionality</strong> <ul> <li>From private instances: <code>curl ifconfig.me</code> (shows NAT IP), <code>sudo apt update</code> (works).</li> </ul> </li> </ul> <h4> Phase 5: Common Issues and Solutions </h4> <ul> <li> <strong>Issue 1: “Instance is not in public subnet”</strong> <ul> <li>Fix: Add <code>0.0.0.0/0</code> → Internet Gateway in route table.</li> </ul> </li> <li> <strong>Issue 2: “Referenced group id for existing IPv4 CIDR rule”</strong> <ul> <li>Fix: Add new rules instead of editing existing ones.</li> </ul> </li> <li> <strong>Issue 3: Private instances can’t reach internet</strong> <ul> <li>Fix: Route <code>0.0.0.0/0</code> → NAT Gateway in private route table.</li> </ul> </li> <li> <strong>Issue 4: Health checks failing with “Target.Timeout”</strong> <ul> <li>Fix: Install web server, fix security groups, ensure <code>/var/www/html/index.html</code>.</li> </ul> </li> </ul> <h4> Final Architecture Overview </h4> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> 🌐 INTERNET | ┌────▼────┐ │ IGW │ dublin-igw └────┬────┘ | ┌──────────▼──────────┐ │ Application LB │ dublin-alb │ (alb-sg) │ └──┬────────┬────────┬┘ | | | ┌────────────▼─┐ ┌───▼───┐ ┌─▼────────────┐ │ AZ: us-east-1a│ │us-east│ │ AZ: us-east-1c│ │ │ │ -1b │ │ │ │ ┌───────────┐ │ │┌─────┐│ │ ┌───────────┐ │ │ │Public Sub │ │ ││Priv ││ │ │Private Sub│ │ │ │10.0.1.0/24│ │ ││Sub 1││ │ │10.0.3.0/24│ │ │ │ │ │ ││10.0.││ │ │ │ │ │ │┌─────────┐│ │ ││2.0/ ││ │ │┌─────────┐│ │ │ ││public- ││ │ ││24 ││ │ ││private- ││ │ │ ││web-1 ││ │ ││ ││ │ ││web-3 ││ │ │ ││(public- ││ │ ││┌───┐││ │ ││(private-││ │ │ ││sg) ││ │ │││web│││ │ ││sg) ││ │ │ │└─────────┘│ │ │││-2 │││ │ │└─────────┘│ │ │ │ │ │ ││└───┘││ │ │ │ │ │ │┌─────────┐│ │ │└─────┘│ │ │ │ │ │ ││NAT GW ││ │ └───────┘ │ │ │ │ │ │└─────────┘│ │ │ │ │ │ │ └───────────┘ │ │ └───────────┘ │ └───────────────┘ └───────────────┘ | | └─────────┬─────────────────┘ | ┌────▼────┐ │ IGW │ (for NAT traffic) └────┬────┘ | 🌐 INTERNET </code></pre> </div> <ul> <li> <strong>Network Flow</strong>: Inbound: Internet → IGW → ALB → Instances. Outbound: Public via IGW, Private via NAT.</li> <li> <strong>Security</strong>: Public SSH from specific IP, private via public, ALB open on 80.</li> </ul> <h4> Key Lessons Learned </h4> <ol> <li> <strong>Security Groups Are Stateful</strong>: Inbound allows return traffic, but outbound rules are needed for initiated connections.</li> <li> <strong>“Public” Subnet Needs Routing</strong>: Name doesn’t matter route tables make it public.</li> <li> <strong>ALB Needs Outbound Rules</strong>: Missing rules cause 504 errors.</li> <li> <strong>NAT Gateway Placement</strong>: Must be in a public subnet.</li> <li> <strong>Health Checks Are Critical</strong>: Unhealthy targets stop traffic.</li> </ol> <h4> Cost Optimization Tips </h4> <ul> <li> <strong>Costs</strong>: 3 t2.micro (~$25/month), NAT Gateway (~$32/month), ALB (~$16/month), data variable. Total ~$73/month.</li> <li> <strong>Savings</strong>: Use NAT Instance (~$0), Network Load Balancer, terminate unused instances, or Reserved Instances (30-60% off).</li> </ul> <h4> Production Readiness Checklist </h4> <ul> <li> <strong>Security</strong>: Restrict SSH, enable VPC Flow Logs, CloudTrail, IAM roles, encryption.</li> <li> <strong>Monitoring</strong>: CloudWatch alarms, ALB logs, target health, SNS notifications.</li> <li> <strong>High Availability</strong>: Multi-AZ, Auto Scaling, health checks, disaster recovery.</li> <li> <strong>Performance</strong>: Right-size instances, ALB stickiness, CloudFront CDN.</li> </ul> <h4> Troubleshooting Commands Reference </h4> <ul> <li> <strong>Connectivity Issues</strong>: <ul> <li><code>telnet &lt;ip&gt; &lt;port&gt;</code></li> <li><code>aws ec2 describe-security-groups --group-ids sg-xxxxxxxxx</code></li> <li><code>nslookup google.com</code></li> <li><code>ip route show</code></li> </ul> </li> <li> <strong>Web Server Issues</strong>: <ul> <li><code>sudo systemctl status apache2</code></li> <li><code>sudo netstat -tlnp | grep :80</code></li> <li><code>curl http://localhost</code></li> <li><code>sudo tail -f /var/log/apache2/error.log</code></li> </ul> </li> <li> <strong>ALB Issues</strong>: <ul> <li><code>curl -I http://your-alb-dns-name.elb.amazonaws.com</code></li> <li><code>aws elbv2 describe-target-health --target-group-arn &lt;arn&gt;</code></li> </ul> </li> </ul> <h4> Conclusion </h4> <p>Building AWS infrastructure is like assembling a puzzle every piece (VPC, subnets, security groups, ALB) must fit. My mistakes taught me to start with basics, test incrementally, and read error messages closely. Each “why isn’t this working?” turned into a “now I get it!” moment.</p> <p><strong>What’s Next?</strong><br> Explore Auto Scaling Groups, RDS, CloudFront, Route 53, ACM, or Infrastructure as Code (CloudFormation/Terraform). Share your AWS adventures in the comments let’s learn together!</p> devops aws cloud Deepanshu Tue, 23 Sep 2025 11:18:12 +0000 https://dev.to/deepanshub09/the-osi-model-explained-your-complete-guide-to-network-communication-512a https://dev.to/deepanshub09/the-osi-model-explained-your-complete-guide-to-network-communication-512a <p><em>Ever wondered how your message travels from your phone to your friend's computer across the globe? Let's dive into the fascinating world of network communication through the OSI model!</em></p> <h2> What is the OSI Model? </h2> <p>Imagine you're sending a letter to a friend in another country. You write the message, put it in an envelope, add the address, take it to the post office, and it magically reaches your friend. The OSI (Open Systems Interconnection) model works similarly - it's like a postal system for digital communication.</p> <p>The OSI model is a <strong>conceptual framework</strong> that standardizes how different network devices communicate. Think of it as a universal language that ensures your iPhone can talk to a Windows laptop, which can then communicate with a Linux server.</p> <h2> Why Do We Need the OSI Model? </h2> <p>Before the OSI model, different manufacturers created networking equipment that couldn't talk to each other. It was like having people speaking different languages with no translator. The OSI model solved this by creating <strong>seven standardized layers</strong> that work together seamlessly.</p> <h2> The 7 Layers of the OSI Model </h2> <p>Let's explore each layer from bottom to top, using real-world analogies that make sense:</p> <h3> Layer 1: Physical Layer - The Highway </h3> <p><strong>What it does:</strong> Handles the actual physical connection between devices.</p> <p>Think of this as the <strong>roads and highways</strong> where data travels. Just like cars need roads to move from one place to another, data needs physical pathways.</p> <p><strong>Examples:</strong></p> <ul> <li>Ethernet cables (the copper wires)</li> <li>Fiber optic cables (light signals)</li> <li>Wi-Fi radio waves</li> <li>Bluetooth signals</li> </ul> <p><strong>Real-world scenario:</strong> When you plug an Ethernet cable into your laptop, the Physical Layer ensures the electrical signals can flow through the copper wires.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Physical Layer Components: ├── Cables (Ethernet, Fiber) ├── Hubs ├── Repeaters └── Network Interface Cards (NICs) </code></pre> </div> <h3> Layer 2: Data Link Layer - The Traffic Rules </h3> <p><strong>What it does:</strong> Manages how data moves between directly connected devices and handles error detection.</p> <p>This layer is like <strong>traffic rules and road signs</strong>. It ensures data doesn't crash into each other and reaches the right destination on the local network.</p> <p><strong>Key concepts:</strong></p> <ul> <li> <strong>MAC Addresses:</strong> Like license plates for network devices</li> <li> <strong>Frames:</strong> Data packets with addressing information</li> <li> <strong>Error Detection:</strong> Checking if data arrived correctly</li> </ul> <p><strong>Real-world scenario:</strong> When your laptop sends data to your router, the Data Link Layer adds your laptop's MAC address as the sender and your router's MAC address as the receiver.</p> <p><strong>Example MAC Address:</strong> <code>00:1B:44:11:3A:B7</code></p> <h3> Layer 3: Network Layer - The GPS Navigation </h3> <p><strong>What it does:</strong> Determines the best path for data to travel across multiple networks.</p> <p>Think of this as your <strong>GPS navigation system</strong>. It figures out the best route from your house to your destination, even if it involves multiple highways and cities.</p> <p><strong>Key player:</strong> <strong>IP Addresses</strong> (like postal addresses for the internet)</p> <p><strong>Real-world scenario:</strong> When you visit <code>google.com</code>, the Network Layer uses IP addresses to route your request through multiple routers across the internet to reach Google's servers.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Your Computer (192.168.1.100) ↓ Router 1 (ISP Gateway) ↓ Router 2 (Regional Hub) ↓ Router 3 (Google's Network) ↓ Google Server (172.217.164.110) </code></pre> </div> <h3> Layer 4: Transport Layer - The Delivery Service </h3> <p><strong>What it does:</strong> Ensures reliable data delivery and manages data flow.</p> <p>This is like <strong>FedEx or UPS</strong> - it makes sure your package (data) arrives complete, in the right order, and handles any delivery issues.</p> <p><strong>Two main protocols:</strong></p> <ul> <li> <strong>TCP (Transmission Control Protocol):</strong> Reliable delivery (like registered mail)</li> <li> <strong>UDP (User Datagram Protocol):</strong> Fast delivery (like regular mail)</li> </ul> <p><strong>Real-world scenario:</strong> When you download a file, TCP ensures all pieces arrive correctly. If a piece is missing, it asks for it to be sent again.</p> <p><strong>TCP vs UDP Example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>TCP: "Did you get packet 1? Good. Did you get packet 2? Resending packet 3..." UDP: "Here's packet 1, 2, 3, 4... Hope you got them all!" </code></pre> </div> <h3> Layer 5: Session Layer - The Phone Call Manager </h3> <p><strong>What it does:</strong> Manages connections between applications.</p> <p>Think of this as a <strong>phone call manager</strong> that establishes, maintains, and terminates conversations between applications.</p> <p><strong>Key functions:</strong></p> <ul> <li>Starting conversations (sessions)</li> <li>Keeping track of who's talking</li> <li>Ending conversations properly</li> </ul> <p><strong>Real-world scenario:</strong> When you log into your online banking, the Session Layer establishes a secure session, keeps it active while you browse, and properly closes it when you log out.</p> <h3> Layer 6: Presentation Layer - The Translator </h3> <p><strong>What it does:</strong> Handles data formatting, encryption, and compression.</p> <p>This layer is like a <strong>universal translator</strong> that ensures data is in the right format for the receiving application.</p> <p><strong>Key functions:</strong></p> <ul> <li> <strong>Encryption/Decryption:</strong> Scrambling data for security</li> <li> <strong>Compression:</strong> Making files smaller for faster transfer</li> <li> <strong>Format conversion:</strong> Converting between different data formats</li> </ul> <p><strong>Real-world scenario:</strong> When you visit an HTTPS website, the Presentation Layer encrypts your data before sending it and decrypts incoming data.</p> <p><strong>Example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Original: "Hello World" Encrypted: "8b7df143d91c716ecfa5fc1730022f6b" Compressed: "H3ll0 W0rld" (simplified example) </code></pre> </div> <h3> Layer 7: Application Layer - The User Interface </h3> <p><strong>What it does:</strong> Provides network services directly to end-users.</p> <p>This is the layer <strong>you actually see and interact with</strong> - your web browser, email client, or messaging app.</p> <p><strong>Examples:</strong></p> <ul> <li>Web browsers (HTTP/HTTPS)</li> <li>Email clients (SMTP, POP3, IMAP)</li> <li>File transfer (FTP)</li> <li>Remote access (SSH)</li> </ul> <p><strong>Real-world scenario:</strong> When you type <code>www.example.com</code> in your browser, you're interacting with the Application Layer.</p> <h2> How All Layers Work Together </h2> <p>Let's trace what happens when you send a message on WhatsApp:</p> <h3> Sending Data (Top to Bottom): </h3> <ol> <li> <strong>Application Layer:</strong> You type "Hello!" in WhatsApp</li> <li> <strong>Presentation Layer:</strong> Encrypts and compresses your message</li> <li> <strong>Session Layer:</strong> Establishes connection with WhatsApp servers</li> <li> <strong>Transport Layer:</strong> Breaks message into packets, adds sequence numbers</li> <li> <strong>Network Layer:</strong> Adds IP addresses (your phone → WhatsApp server)</li> <li> <strong>Data Link Layer:</strong> Adds MAC addresses for local network routing</li> <li> <strong>Physical Layer:</strong> Converts to electrical/radio signals and transmits</li> </ol> <h3> Receiving Data (Bottom to Top): </h3> <ol> <li> <strong>Physical Layer:</strong> Receives electrical/radio signals</li> <li> <strong>Data Link Layer:</strong> Checks MAC addresses, verifies data integrity</li> <li> <strong>Network Layer:</strong> Checks IP addresses, routes to correct device</li> <li> <strong>Transport Layer:</strong> Reassembles packets in correct order</li> <li> <strong>Session Layer:</strong> Manages the connection session</li> <li> <strong>Presentation Layer:</strong> Decrypts and decompresses the message</li> <li> <strong>Application Layer:</strong> WhatsApp displays "Hello!" on your friend's phone</li> </ol> <h2> Memory Tricks to Remember the Layers </h2> <p>Here are some popular mnemonics (from Layer 1 to 7):</p> <p><strong>"Please Do Not Throw Sausage Pizza Away"</strong></p> <ul> <li> <strong>P</strong>hysical</li> <li> <strong>D</strong>ata Link</li> <li> <strong>N</strong>etwork</li> <li> <strong>T</strong>ransport</li> <li> <strong>S</strong>ession</li> <li> <strong>P</strong>resentation</li> <li> <strong>A</strong>pplication</li> </ul> <p><strong>"All People Seem To Need Data Processing"</strong> (Layer 7 to 1)</p> <h2> Real-World Examples </h2> <h3> Example 1: Watching Netflix </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Application Layer: Netflix app interface Presentation Layer: Video compression (H.264), HTTPS encryption Session Layer: Maintains streaming session Transport Layer: TCP ensures all video packets arrive Network Layer: Routes data from Netflix servers to your device Data Link Layer: Wi-Fi manages local network communication Physical Layer: Radio waves carry the data </code></pre> </div> <h3> Example 2: Sending an Email </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Application Layer: Gmail interface Presentation Layer: Email formatting, attachments encoding Session Layer: SMTP session with email server Transport Layer: TCP reliable delivery Network Layer: IP routing across internet Data Link Layer: Ethernet frame handling Physical Layer: Fiber optic cables </code></pre> </div> <h2> Common Protocols by Layer </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Layer</th> <th>Common Protocols</th> </tr> </thead> <tbody> <tr> <td>Application</td> <td>HTTP, HTTPS, FTP, SMTP, DNS</td> </tr> <tr> <td>Presentation</td> <td>SSL/TLS, JPEG, MPEG, ASCII</td> </tr> <tr> <td>Session</td> <td>NetBIOS, RPC, SQL</td> </tr> <tr> <td>Transport</td> <td>TCP, UDP</td> </tr> <tr> <td>Network</td> <td>IP, ICMP, OSPF, BGP</td> </tr> <tr> <td>Data Link</td> <td>Ethernet, Wi-Fi, PPP</td> </tr> <tr> <td>Physical</td> <td>Ethernet cables, Fiber optic</td> </tr> </tbody> </table></div> <h2> Troubleshooting with the OSI Model </h2> <p>When network issues occur, the OSI model helps you troubleshoot systematically:</p> <p><strong>Problem:</strong> Can't access a website</p> <p><strong>Layer-by-layer troubleshooting:</strong></p> <ol> <li> <strong>Physical:</strong> Is the cable plugged in? Is Wi-Fi connected?</li> <li> <strong>Data Link:</strong> Can you see other devices on the local network?</li> <li> <strong>Network:</strong> Can you ping the router? Can you ping external IPs?</li> <li> <strong>Transport:</strong> Are the right ports open?</li> <li> <strong>Session:</strong> Is the connection being established?</li> <li> <strong>Presentation:</strong> Are there encryption/certificate issues?</li> <li> <strong>Application:</strong> Is the web browser working correctly?</li> </ol> <h2> OSI vs TCP/IP Model </h2> <p>While we've focused on the OSI model, it's worth noting that the internet actually uses the <strong>TCP/IP model</strong>, which has 4 layers:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>OSI Model</th> <th>TCP/IP Model</th> </tr> </thead> <tbody> <tr> <td>Application, Presentation, Session</td> <td>Application</td> </tr> <tr> <td>Transport</td> <td>Transport</td> </tr> <tr> <td>Network</td> <td>Internet</td> </tr> <tr> <td>Data Link, Physical</td> <td>Network Access</td> </tr> </tbody> </table></div> <p>The OSI model is more detailed and better for understanding concepts, while TCP/IP is what's actually implemented.</p> <h2> Why This Matters for Developers </h2> <p>Understanding the OSI model helps you:</p> <ul> <li> <strong>Debug network issues</strong> more effectively</li> <li> <strong>Choose the right protocols</strong> for your applications</li> <li> <strong>Optimize performance</strong> by understanding where bottlenecks occur</li> <li> <strong>Design better architectures</strong> with proper separation of concerns</li> <li> <strong>Communicate effectively</strong> with network administrators</li> </ul> <h2> Conclusion </h2> <p>The OSI model might seem complex at first, but it's really just a logical way to organize how networks communicate. Each layer has a specific job, and they all work together like a well-orchestrated symphony.</p> <p>Remember:</p> <ul> <li> <strong>Physical Layer:</strong> The roads (cables, wireless)</li> <li> <strong>Data Link Layer:</strong> Traffic rules (local network management)</li> <li> <strong>Network Layer:</strong> GPS navigation (routing across networks)</li> <li> <strong>Transport Layer:</strong> Delivery service (reliable data transfer)</li> <li> <strong>Session Layer:</strong> Call manager (connection management)</li> <li> <strong>Presentation Layer:</strong> Translator (data formatting)</li> <li> <strong>Application Layer:</strong> User interface (what you interact with)</li> </ul> <p>Next time you send a message, browse the web, or stream a video, you'll know the incredible journey your data takes through these seven layers!</p> <p><em>Found this helpful? Give it a ❤️ and share your thoughts in the comments! What networking concept would you like me to explain next?</em></p> <h1> networking #osi #tcp #protocols #webdev #computerscience #tutorial </h1> webdev devops cloud networking Deepanshu Wed, 13 Aug 2025 13:33:00 +0000 https://dev.to/deepanshub09/quickstart-deep-dive-threetierappchallenge-a-modern-devops-todo-application-2lk2 https://dev.to/deepanshub09/quickstart-deep-dive-threetierappchallenge-a-modern-devops-todo-application-2lk2 <p>Welcome to the ultimate hands-on guide for deploying a production-ready three-tier web application! This comprehensive tutorial will walk you through the <strong>ThreeTierAppChallenge</strong> - a modern todo application built with React, Node.js, and MongoDB, complete with Docker containerization, Kubernetes manifests, and CI/CD pipelines. Whether you're looking to learn modern DevOps practices or deploy a scalable web application, this guide has everything you need to get started and master the deployment pipeline.</p> <p>The <strong>ThreeTierAppChallenge</strong> is a full-stack todo application featuring a React frontend, Node.js backend, and MongoDB database, designed for cloud-native deployment on AWS EKS. Clone the repo, run with Docker Compose in under 5 minutes, or dive deep into Kubernetes deployment with included manifests and Jenkins CI/CD pipelines. Perfect for learning modern DevOps practices including containerization, orchestration, and infrastructure as code.</p> <h2> Prerequisites </h2> <p>Before diving in, make sure you have these tools installed:</p> <ul> <li> <strong>Git</strong> (for version control)</li> <li> <strong>Node.js</strong> (v18+ recommended) and <strong>npm</strong> </li> <li> <strong>Docker</strong> and <strong>Docker Compose</strong> (for containerization)</li> <li> <strong>Optional but recommended:</strong> <ul> <li> <a href="https://kubernetes.io/docs/tasks/tools/" rel="noopener noreferrer">kubectl</a> (for Kubernetes management)</li> <li> <a href="https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html" rel="noopener noreferrer">AWS CLI</a> (for cloud deployment)</li> <li> <a href="https://www.terraform.io/downloads" rel="noopener noreferrer">Terraform</a> (for infrastructure provisioning)</li> </ul> </li> </ul> <h2> 🚀 Quick Local Setup </h2> <p>Let's get the application running on your local machine in just a few minutes!</p> <h3> Step 1: Clone the Repository </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git clone https://github.com/YOUR_USERNAME/TWSThreeTierAppChallenge.git <span class="nb">cd </span>TWSThreeTierAppChallenge </code></pre> </div> <h3> Step 2: Run with Docker Compose (Fastest Method) </h3> <p>The easiest way to get everything running is with Docker Compose:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker-compose up <span class="nt">--build</span> </code></pre> </div> <p><strong>Sample Output:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[+] Building 45.2s (23/23) FINISHED [+] Running 3/3 ✔ Container mongodb Started ✔ Container backend Started ✔ Container frontend Started </code></pre> </div> <p>After a few minutes, you'll have:</p> <ul> <li> <strong>Frontend</strong>: <a href="http://localhost:3000" rel="noopener noreferrer">http://localhost:3000</a> </li> <li> <strong>Backend API</strong>: <a href="http://localhost:3500" rel="noopener noreferrer">http://localhost:3500</a> </li> <li> <strong>MongoDB</strong>: localhost:27017</li> </ul> <h3> Step 3: Manual Setup (Development Mode) </h3> <p>For development, you might want to run services individually:</p> <p><strong>Backend Setup:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cd </span>Application-Code/backend npm <span class="nb">install </span>npm start </code></pre> </div> <p><strong>Frontend Setup (in a new terminal):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cd </span>Application-Code/frontend npm <span class="nb">install </span>npm start </code></pre> </div> <p><strong>Sample Output:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Compiled successfully! You can now view client in the browser. Local: http://localhost:3000 On Your Network: http://192.168.1.100:3000 webpack compiled with 0 errors </code></pre> </div> <h3> Step 4: Run Tests </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Backend tests</span> <span class="nb">cd </span>Application-Code/backend npm <span class="nb">test</span> <span class="c"># Frontend tests </span> <span class="nb">cd </span>Application-Code/frontend npm <span class="nb">test</span> </code></pre> </div> <h2> 📦 Annotated Dockerfile Analysis </h2> <p>Let's examine the frontend Dockerfile to understand the containerization strategy:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="w"> </span><span class="s">node:18-alpine</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">build # 1. Multi-stage build for optimization</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> package*.json ./ # 2. Copy package files first for layer caching</span> <span class="k">RUN </span>npm <span class="nb">install</span> <span class="c"># 3. Install dependencies</span> <span class="k">COPY</span><span class="s"> . . # 4. Copy application source code</span> <span class="k">RUN </span>npm run build <span class="c"># 5. Build the React production bundle</span> <span class="k">FROM</span><span class="s"> nginx:alpine # 6. Use lightweight Nginx for serving</span> <span class="k">COPY</span><span class="s"> --from=build /app/build /usr/share/nginx/html # 7. Copy built assets</span> <span class="k">EXPOSE</span><span class="s"> 80</span> <span class="k">CMD</span><span class="s"> ["nginx", "-g", "daemon off;"] # 8. Start Nginx in foreground</span> </code></pre> </div> <p><strong>Key Benefits:</strong></p> <ul> <li> <strong>Multi-stage build</strong> reduces final image size by ~70%</li> <li> <strong>Layer caching</strong> speeds up subsequent builds</li> <li> <strong>Nginx</strong> provides production-grade static file serving</li> <li> <strong>Alpine base</strong> minimizes security attack surface</li> </ul> <h2> 🏗️ Architecture Overview </h2> <p><strong>Diagram Description:</strong> <br> Create a diagram showing three tiers connected vertically:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>┌─────────────────┐ │ Frontend │ ← React.js (Port 3000) │ (React) │ └─────────┬───────┘ │ HTTP/REST API ┌─────────▼───────┐ │ Backend │ ← Node.js/Express (Port 3500) │ (Node.js) │ └─────────┬───────┘ │ MongoDB Connection ┌─────────▼───────┐ │ Database │ ← MongoDB (Port 27017) │ (MongoDB) │ └─────────────────┘ </code></pre> </div> <p><strong>Additional Infrastructure:</strong></p> <ul> <li> <strong>Docker Containers</strong> around each tier</li> <li> <strong>Kubernetes Pods</strong> for orchestration</li> <li> <strong>AWS EKS</strong> for managed Kubernetes</li> <li> <strong>Jenkins</strong> for CI/CD automation</li> </ul> <h2> 💡 Three Essential Code Snippets </h2> <h3> 1. Smart Database Connection with Fallback </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Application-Code/backend/db.js</span> <span class="nx">module</span><span class="p">.</span><span class="nx">exports</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Skip MongoDB connection if not using MongoDB</span> <span class="k">if </span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">USE_MONGODB</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">true</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Using file-based storage (MongoDB disabled)</span><span class="dl">"</span><span class="p">);</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">connectionParams</span> <span class="o">=</span> <span class="p">{</span> <span class="na">useNewUrlParser</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">useUnifiedTopology</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">useDBAuth</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">USE_DB_AUTH</span> <span class="o">||</span> <span class="kc">false</span><span class="p">;</span> <span class="k">if</span><span class="p">(</span><span class="nx">useDBAuth</span><span class="p">){</span> <span class="nx">connectionParams</span><span class="p">.</span><span class="nx">user</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">MONGO_USERNAME</span><span class="p">;</span> <span class="nx">connectionParams</span><span class="p">.</span><span class="nx">pass</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">MONGO_PASSWORD</span><span class="p">;</span> <span class="p">}</span> <span class="k">await</span> <span class="nx">mongoose</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">MONGO_CONN_STR</span><span class="p">,</span> <span class="nx">connectionParams</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Connected to MongoDB database.</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Could not connect to database. Falling back to file-based storage...</span><span class="dl">"</span><span class="p">);</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">USE_MONGODB</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">false</span><span class="dl">'</span><span class="p">;</span> <span class="p">}</span> <span class="p">};</span> </code></pre> </div> <p><strong>Line-by-line breakdown:</strong></p> <ul> <li> <strong>Lines 3-6</strong>: Check environment variable to enable/disable MongoDB</li> <li> <strong>Lines 8-16</strong>: Configure connection parameters with optional authentication</li> <li> <strong>Lines 18</strong>: Attempt MongoDB connection using environment variables</li> <li> <strong>Lines 21-23</strong>: Graceful fallback to file-based storage on connection failure</li> </ul> <p>This pattern ensures your application works in any environment!</p> <h3> 2. Frontend API Service with Error Handling </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Application-Code/frontend/src/services/taskServices.js</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">taskService</span> <span class="o">=</span> <span class="p">{</span> <span class="na">getTasks</span><span class="p">:</span> <span class="k">async </span><span class="p">(</span><span class="nx">filters</span> <span class="o">=</span> <span class="p">{})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">params</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">URLSearchParams</span><span class="p">();</span> <span class="nb">Object</span><span class="p">.</span><span class="nf">entries</span><span class="p">(</span><span class="nx">filters</span><span class="p">).</span><span class="nf">forEach</span><span class="p">(([</span><span class="nx">key</span><span class="p">,</span> <span class="nx">value</span><span class="p">])</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">value</span> <span class="o">!==</span> <span class="kc">undefined</span> <span class="o">&amp;&amp;</span> <span class="nx">value</span> <span class="o">!==</span> <span class="kc">null</span> <span class="o">&amp;&amp;</span> <span class="nx">value</span> <span class="o">!==</span> <span class="dl">''</span><span class="p">)</span> <span class="p">{</span> <span class="nx">params</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="nx">key</span><span class="p">,</span> <span class="nx">value</span><span class="p">);</span> <span class="p">}</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">apiUrl</span><span class="p">}</span><span class="s2">?</span><span class="p">${</span><span class="nx">params</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="k">return</span> <span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">;</span> <span class="p">},</span> <span class="na">addTask</span><span class="p">:</span> <span class="k">async </span><span class="p">(</span><span class="nx">taskData</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="nx">apiUrl</span><span class="p">,</span> <span class="nx">taskData</span><span class="p">);</span> <span class="k">return</span> <span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Add task error:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">error</span><span class="p">);</span> <span class="k">throw</span> <span class="nx">error</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="p">};</span> </code></pre> </div> <p><strong>What's happening:</strong></p> <ul> <li> <strong>Lines 3-9</strong>: Dynamic query parameter building for flexible filtering</li> <li> <strong>Lines 11-12</strong>: Clean GET request with constructed parameters </li> <li> <strong>Lines 15-22</strong>: POST request with comprehensive error handling</li> <li> <strong>Lines 19-20</strong>: Proper error logging and re-throwing for upstream handling</li> </ul> <h3> 3. Production-Ready Kubernetes Deployment </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># Kubernetes-Manifests-file/Backend/deployment.yaml</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">api</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">three-tier</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">2</span> <span class="c1"># High availability with 2 instances</span> <span class="na">strategy</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">RollingUpdate</span> <span class="na">rollingUpdate</span><span class="pi">:</span> <span class="na">maxSurge</span><span class="pi">:</span> <span class="m">1</span> <span class="c1"># Allow 1 extra pod during updates</span> <span class="na">maxUnavailable</span><span class="pi">:</span> <span class="s">25%</span> <span class="c1"># Maximum 25% downtime during updates</span> <span class="na">template</span><span class="pi">:</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">api</span> <span class="na">env</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">MONGO_CONN_STR</span> <span class="na">value</span><span class="pi">:</span> <span class="s">mongodb://mongodb-svc:27017/todo?directConnection=true</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">3500</span> <span class="na">livenessProbe</span><span class="pi">:</span> <span class="c1"># Health check configuration</span> <span class="na">httpGet</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/ok</span> <span class="na">port</span><span class="pi">:</span> <span class="m">3500</span> <span class="na">initialDelaySeconds</span><span class="pi">:</span> <span class="m">2</span> <span class="na">periodSeconds</span><span class="pi">:</span> <span class="m">5</span> </code></pre> </div> <p><strong>Deployment highlights:</strong></p> <ul> <li> <strong>Line 8</strong>: Two replicas ensure high availability</li> <li> <strong>Lines 10-13</strong>: Rolling updates with zero downtime</li> <li> <strong>Lines 18-19</strong>: Service discovery using Kubernetes DNS</li> <li> <strong>Lines 22-27</strong>: Health checks for automatic recovery</li> </ul> <h2> 🚨 Common Issues &amp; Solutions </h2> <h3> Issue 1: Backend Using File Storage Instead of MongoDB </h3> <p><strong>Symptoms:</strong> API works but data doesn't persist between container restarts</p> <p><strong>Solution:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Check backend logs</span> docker logs backend <span class="c"># Set environment variable</span> <span class="nb">echo</span> <span class="s2">"USE_MONGODB=true"</span> <span class="o">&gt;&gt;</span> Application-Code/backend/.env <span class="nb">echo</span> <span class="s2">"MONGO_CONN_STR=mongodb://mongodb:27017/todo"</span> <span class="o">&gt;&gt;</span> Application-Code/backend/.env <span class="c"># Restart containers</span> docker-compose restart backend </code></pre> </div> <h3> Issue 2: Frontend Can't Connect to Backend </h3> <p><strong>Symptoms:</strong> Frontend loads but no tasks appear, network errors in browser console</p> <p><strong>Solution:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Check if backend is running</span> curl http://localhost:3500/health <span class="c"># Verify environment variable</span> <span class="nb">echo</span> <span class="s2">"REACT_APP_BACKEND_URL=http://localhost:3500/api/tasks"</span> <span class="o">&gt;&gt;</span> Application-Code/frontend/.env <span class="c"># Rebuild frontend</span> docker-compose build frontend </code></pre> </div> <h3> Issue 3: Port Conflicts </h3> <p><strong>Symptoms:</strong> <code>docker-compose up</code> fails with "port already in use"</p> <p><strong>Solution:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Check what's using the ports</span> lsof <span class="nt">-i</span> :3000,3500,27017 <span class="c"># Kill conflicting processes or change ports in docker-compose.yml</span> <span class="c"># Example: Change frontend port to 3001</span> ports: - <span class="s2">"3001:3000"</span> </code></pre> </div> <h2> 🔄 CI/CD Pipeline Overview </h2> <p>The project includes comprehensive Jenkins pipelines for both frontend and backend:</p> <p><strong>Pipeline Features:</strong></p> <ul> <li> <strong>Code Quality</strong>: SonarQube analysis</li> <li> <strong>Security</strong>: OWASP dependency checks and Trivy scanning </li> <li> <strong>Containerization</strong>: Docker image building and ECR pushing</li> <li> <strong>GitOps</strong>: Automatic deployment manifest updates</li> </ul> <p><strong>To set up CI/CD:</strong></p> <ol> <li>Deploy Jenkins using the provided Terraform scripts</li> <li>Configure the provided Jenkinsfile pipelines</li> <li>Set up AWS ECR repositories for image storage</li> <li>Watch automated deployments to EKS!</li> </ol> <h2> ☸️ Kubernetes Deployment </h2> <p>Ready to go production? Deploy to Kubernetes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create namespace</span> kubectl create namespace three-tier <span class="c"># Deploy database</span> kubectl apply <span class="nt">-f</span> Kubernetes-Manifests-file/Database/ <span class="c"># Create MongoDB credentials</span> kubectl create secret generic mongo-sec <span class="se">\</span> <span class="nt">--from-literal</span><span class="o">=</span><span class="nv">username</span><span class="o">=</span>admin <span class="se">\</span> <span class="nt">--from-literal</span><span class="o">=</span><span class="nv">password</span><span class="o">=</span>password123 <span class="se">\</span> <span class="nt">-n</span> three-tier <span class="c"># Deploy backend and frontend</span> kubectl apply <span class="nt">-f</span> Kubernetes-Manifests-file/Backend/ kubectl apply <span class="nt">-f</span> Kubernetes-Manifests-file/Frontend/ <span class="c"># Set up ingress (requires AWS Load Balancer Controller)</span> kubectl apply <span class="nt">-f</span> Kubernetes-Manifests-file/ingress.yaml <span class="c"># Check deployment status</span> kubectl get all <span class="nt">-n</span> three-tier </code></pre> </div> <h2> 🚀 What's Next? </h2> <p>Congratulations! You've successfully deployed a modern three-tier application. Here are your next steps:</p> <h3> 🎯 <strong>Immediate Next Steps:</strong> </h3> <ul> <li> <strong>Explore the Code</strong>: Dive deeper into the Application-Code directory</li> <li> <strong>Try Kubernetes</strong>: Use the manifests in Kubernetes-Manifests-file</li> <li> <strong>Set Up CI/CD</strong>: Implement the Jenkins pipelines from Jenkins-Pipeline-Code</li> </ul> <h3> 📚 <strong>Learning Opportunities:</strong> </h3> <ul> <li> <strong>Infrastructure as Code</strong>: Study the Terraform scripts in Jenkins-Server-TF</li> <li> <strong>Security</strong>: Implement the security best practices shown in the code</li> <li> <strong>Monitoring</strong>: Add Prometheus and Grafana (hint: it's in the challenge levels!)</li> </ul> <h3> 🤝 <strong>Community &amp; Contributing:</strong> </h3> <ul> <li> <strong>Report Issues</strong>: Found a bug? Open an issue</li> <li> <strong>Contribute</strong>: Check the contribution guidelines</li> <li> <strong>Share Your Experience</strong>: Write about your deployment journey!</li> </ul> <h3> 🏆 <strong>Challenge Yourself:</strong> </h3> <ul> <li> <strong>Bronze</strong>: Get the basic deployment working ✅</li> <li> <strong>Silver</strong>: Add SSL/TLS and monitoring</li> <li> <strong>Gold</strong>: Implement GitOps with ArgoCD</li> <li> <strong>Platinum</strong>: Add your own innovative features!</li> </ul> <h2> 📋 Quick Reference Commands </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Development</span> npm start <span class="c"># Start local development</span> docker-compose up <span class="c"># Run full stack locally</span> kubectl get pods <span class="nt">-n</span> three-tier <span class="c"># Check Kubernetes status</span> <span class="c"># Troubleshooting </span> docker logs container_name <span class="c"># Check container logs</span> kubectl describe pod pod_name <span class="c"># Debug Kubernetes issues</span> curl localhost:3500/health <span class="c"># Test backend health</span> <span class="c"># Cleanup</span> docker-compose down <span class="c"># Stop local environment</span> kubectl delete namespace three-tier <span class="c"># Remove Kubernetes deployment</span> </code></pre> </div> <p><strong>Recommended dev.to tags</strong>: <code>tutorial</code>, <code>javascript</code>, <code>react</code>, <code>nodejs</code>, <code>docker</code>, <code>kubernetes</code>, <code>devops</code>, <code>aws</code>, <code>ci-cd</code>, <code>mongodb</code></p> <p>Ready to build something amazing? Clone the repo and start your DevOps journey today! 🚀</p> <p><em>Have questions or run into issues? Drop a comment below or reach out to the community. Happy coding!</em></p> webdev devops aws cicd Deepanshu Sat, 09 Aug 2025 11:14:33 +0000 https://dev.to/deepanshub09/spring-boot-banking-application-deployment-using-devsecops-on-aws-eks-27ff https://dev.to/deepanshub09/spring-boot-banking-application-deployment-using-devsecops-on-aws-eks-27ff <p>A comprehensive, secure banking web application built with Spring Boot, featuring modern web technologies and enterprise-grade security. This application provides essential banking operations with a user-friendly interface and robust backend architecture.</p> <ul> <li>This is a multi-tier bank an application written in Java (Springboot).</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftcb9444jdn64t0ai995o.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftcb9444jdn64t0ai995o.png" alt=" " width="800" height="401"></a><br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feaqwewo6mg22s9pkjewt.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feaqwewo6mg22s9pkjewt.png" alt=" " width="800" height="365"></a></p> <h2> Tech stack used in this project: </h2> <ul> <li>GitHub (Code)</li> <li>Docker (Containerization)</li> <li>Jenkins (CI)</li> <li>OWASP (Dependency check)</li> <li>SonarQube (Quality)</li> <li>Snyk (AI vulnerability)</li> <li>ArgoCD (CD)</li> <li>AWS EKS (Kubernetes)</li> <li>Helm (Monitoring using grafana and prometheus)</li> </ul> <h3> Steps to deploy: </h3> <h3> Pre-requisites: </h3> <ul> <li>root user access </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>su </code></pre> </div> <blockquote> <p>[!Note]<br> This project will be implemented on North Virginia region (us-east-1).</p> </blockquote> <ul> <li><b>Create 1 Master machine on AWS (t3.large) and 25 GB of storage.</b></li> </ul> <ul> <li><p><b>Open the below ports in security group</b><br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fltgt8fjeseza7gujnnww.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fltgt8fjeseza7gujnnww.png" alt="image" width="800" height="328"></a></p></li> <li><p><b id="EKS">Create EKS Cluster on AWS</b></p></li> <li><p>IAM user with <strong>access keys and secret access keys</strong></p></li> <li><p>AWSCLI should be configured<br> </p></li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> curl <span class="s2">"https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"</span> <span class="nt">-o</span> <span class="s2">"awscliv2.zip"</span> <span class="nb">sudo </span>apt <span class="nb">install </span>unzip unzip awscliv2.zip <span class="nb">sudo</span> ./aws/install aws configure </code></pre> </div> <ul> <li>Install <strong>kubectl</strong> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> curl <span class="nt">-o</span> kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.19.6/2021-01-05/bin/linux/amd64/kubectl <span class="nb">chmod</span> +x ./kubectl <span class="nb">sudo mv</span> ./kubectl /usr/local/bin kubectl version <span class="nt">--short</span> <span class="nt">--client</span> </code></pre> </div> <ul> <li>Install <strong>eksctl</strong> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> curl <span class="nt">--silent</span> <span class="nt">--location</span> <span class="s2">"https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_</span><span class="si">$(</span><span class="nb">uname</span> <span class="nt">-s</span><span class="si">)</span><span class="s2">_amd64.tar.gz"</span> | <span class="nb">tar </span>xz <span class="nt">-C</span> /tmp <span class="nb">sudo mv</span> /tmp/eksctl /usr/local/bin eksctl version </code></pre> </div> <ul> <li> <b>Create EKS Cluster</b> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> eksctl create cluster <span class="nt">--name</span><span class="o">=</span>bankapp <span class="se">\</span> <span class="nt">--region</span><span class="o">=</span>us-west-1 <span class="se">\</span> <span class="nt">--version</span><span class="o">=</span>1.30 <span class="se">\</span> <span class="nt">--without-nodegroup</span> </code></pre> </div> <ul> <li> <b>Associate IAM OIDC Provider</b> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> eksctl utils associate-iam-oidc-provider <span class="se">\</span> <span class="nt">--region</span> us-west-1 <span class="se">\</span> <span class="nt">--cluster</span> bankapp <span class="se">\</span> <span class="nt">--approve</span> </code></pre> </div> <ul> <li> <b>Create Nodegroup</b> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> eksctl create nodegroup <span class="nt">--cluster</span><span class="o">=</span>bankapp <span class="se">\</span> <span class="nt">--region</span><span class="o">=</span>us-east-1 <span class="se">\</span> <span class="nt">--name</span><span class="o">=</span>bankapp <span class="se">\</span> <span class="nt">--node-type</span><span class="o">=</span>t3.medium <span class="se">\</span> <span class="nt">--nodes</span><span class="o">=</span>2 <span class="se">\</span> <span class="nt">--nodes-min</span><span class="o">=</span>2 <span class="se">\</span> <span class="nt">--nodes-max</span><span class="o">=</span>2 <span class="se">\</span> <span class="nt">--node-volume-size</span><span class="o">=</span>25 <span class="se">\</span> <span class="nt">--ssh-access</span> <span class="se">\</span> <span class="nt">--ssh-public-key</span><span class="o">=</span>eks-nodegroup-key </code></pre> </div> <blockquote> <p>[!Note]<br> Make sure the ssh-public-key "eks-nodegroup-key is available in your aws account"</p> </blockquote> <ul> <li> <b>Install Jenkins</b> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update <span class="nt">-y</span> <span class="nb">sudo </span>apt <span class="nb">install </span>fontconfig openjdk-17-jre <span class="nt">-y</span> <span class="nb">sudo </span>wget <span class="nt">-O</span> /usr/share/keyrings/jenkins-keyring.asc <span class="se">\</span> https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key <span class="nb">echo</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc]"</span> <span class="se">\</span> https://pkg.jenkins.io/debian-stable binary/ | <span class="nb">sudo tee</span> <span class="se">\</span> /etc/apt/sources.list.d/jenkins.list <span class="o">&gt;</span> /dev/null <span class="nb">sudo </span>apt-get update <span class="nt">-y</span> <span class="nb">sudo </span>apt-get <span class="nb">install </span>jenkins <span class="nt">-y</span> </code></pre> </div> <ul> <li> <p>After installing Jenkins, change the default port of jenkins from 8080 to 8081. Because our bankapp application will be running on 8080.</p> <ul> <li>Open /usr/lib/systemd/system/jenkins.service file and change JENKINS_PORT environment variable <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm6v4tq4o2542k7dkylv6.png" alt="image" width="800" height="117"> </li> <li>Reload daemon </li> </ul> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nb">sudo </span>systemctl daemon-reload </code></pre> </div> <ul> <li>Restart Jenkins </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nb">sudo </span>systemctl restart jenkins </code></pre> </div> <ul> <li> <b id="docker">Install docker</b> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt <span class="nb">install </span>docker.io <span class="nt">-y</span> <span class="nb">sudo </span>usermod <span class="nt">-aG</span> docker ubuntu <span class="o">&amp;&amp;</span> newgrp docker </code></pre> </div> <ul> <li> <b id="Sonar">Install and configure SonarQube</b> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker pull sonarqube docker run <span class="nt">-d</span> <span class="nt">--name</span> sonarqube <span class="nt">-e</span> <span class="nv">SONAR_ES_BOOTSTRAP_CHECKS_DISABLE</span><span class="o">=</span><span class="nb">true</span> <span class="nt">-p</span> 9000:9000 sonarqube:latest </code></pre> </div> <ul> <li> <b id="OWASP">Install OWASP</b> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker pull owasp/dependency-check </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzmwtee5nnlgzbmukz15q.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzmwtee5nnlgzbmukz15q.png" alt=" " width="800" height="375"></a></p> <blockquote> <p>[!Note]<br> OWASP setup take around 10-20min first its download all the vulnerability from there database into you system. With API key your process becomes quit faster. "</p> </blockquote> <p>You can request you OWASP API key (FREE) <a href="https://nvd.nist.gov/developers/request-an-api-key" rel="noopener noreferrer">Link</a></p> <ul> <li> <p><b id="Argo">Install and Configure ArgoCD</b></p> <ul> <li> <b>Create argocd namespace</b> </li> </ul> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> kubectl create namespace argocd </code></pre> </div> <ul> <li> <b>Apply argocd manifest</b> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> kubectl apply <span class="nt">-n</span> argocd <span class="nt">-f</span> https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml </code></pre> </div> <ul> <li> <b>Make sure all pods are running in argocd namespace</b> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> watch kubectl get pods <span class="nt">-n</span> argocd </code></pre> </div> <ul> <li> <b>Install argocd CLI</b> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> curl <span class="nt">--silent</span> <span class="nt">--location</span> <span class="nt">-o</span> /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/download/v2.4.7/argocd-linux-amd64 </code></pre> </div> <ul> <li> <b>Provide executable permission</b> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nb">chmod</span> +x /usr/local/bin/argocd </code></pre> </div> <ul> <li> <b>Check argocd services</b> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> kubectl get svc <span class="nt">-n</span> argocd </code></pre> </div> <ul> <li> <b>Change argocd server's service from ClusterIP to NodePort</b> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> kubectl patch svc argocd-server <span class="nt">-n</span> argocd <span class="nt">-p</span> <span class="s1">'{"spec": {"type": "NodePort"}}'</span> </code></pre> </div> <ul> <li> <b>Confirm service is patched or not</b> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> kubectl get svc <span class="nt">-n</span> argocd </code></pre> </div> <ul> <li><p><b> Check the port where ArgoCD server is running and expose it on security groups of a k8s worker node</b></p></li> <li><p><b>Access it on browser, click on advance and proceed with</b><br> </p></li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> &lt;public-ip-worker&gt;:&lt;port&gt; </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyxrmw2pwonalhukwtld2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyxrmw2pwonalhukwtld2.png" alt=" " width="800" height="403"></a><br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0sbeoham9ti5rn123lt3.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0sbeoham9ti5rn123lt3.png" alt=" " width="800" height="373"></a></p> <ul> <li> <b>Fetch the initial password of argocd server</b> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl <span class="nt">-n</span> argocd get secret argocd-initial-admin-secret <span class="nt">-o</span> <span class="nv">jsonpath</span><span class="o">=</span><span class="s2">"{.data.password}"</span> | <span class="nb">base64</span> <span class="nt">-d</span><span class="p">;</span> <span class="nb">echo</span> </code></pre> </div> <ul> <li><b>Username: admin</b></li> <li><b> Now, go to User Info and update your argocd password</b></li> </ul> <ul> <li> <b>Go to Jenkins and click on Manage Jenkins --&gt; Plugins --&gt; Available plugins install the below plugins:</b> <ul> <li>OWASP</li> <li>SonarQube Scanner</li> <li>Synk</li> <li>Docker</li> <li>Pipeline: Stage View</li> </ul> </li> </ul> <ul> <li><p><b id="Owasp">Configure OWASP, move to Manage Jenkins --&gt; Plugins --&gt; Available pluginsb&gt;<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb0kf3bvgiq9d7yjfo47y.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb0kf3bvgiq9d7yjfo47y.png" alt="image" width="800" height="378"></a></b></p></li> <li><p><b id="Sonar">After OWASP plugin is installed, Now move to Manage jenkins --&gt; Tools and configure it.</b></p></li> <li><p><b id="Sonar">After Synk plugin is installed, Now move to Manage --&gt; Tools and configure it.</b></p></li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsn954kuyjqmzzy3699t0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsn954kuyjqmzzy3699t0.png" alt=" " width="800" height="367"></a></p> <ul> <li> <b>Login to SonarQube server and create the credentials for jenkins to integrate with SonarQube</b> <ul> <li>Navigate to Administration --&gt; Security --&gt; Users --&gt; Token and paste into inside your jenkins credentials </li> </ul> </li> </ul> <ul> <li> <b>Now, go to Manage Jenkins --&gt; credentials and add Sonarqube credentials:</b> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2k51sdq1xrr5cdt59hbe.png" alt="image" width="800" height="372"> </li> </ul> <ul> <li> <b>Go to Manage Jenkins --&gt; Tools and search for SonarQube Scanner installations:</b> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn2xzadkdxrvqtv7iup9i.png" alt="image" width="800" height="374"> </li> </ul> <ul> <li> <b>Go to Manage Jenkins --&gt; credentials and add Docker credentials to push updated the updated docker image to dockerhub.</b> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftbkbvt9dya809dwza251.png" alt="image" width="800" height="377"> </li> </ul> <ul> <li> <b>Go to Manage Jenkins --&gt; System and search for SonarQube installations:</b> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3r3or3jt686lkpg4eo45.png" alt="image" width="800" height="340"> </li> </ul> <ul> <li> <b>Login to SonarQube server, go to Administration --&gt; Webhook and click on create </b> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd8nvp633ca4a0t52x1f1.png" alt="image" width="800" height="370"> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1e0yka0mk9fff7lotv43.png" alt="image" width="497" height="544"> </li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faqvn1xdeovg4flip35h1.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faqvn1xdeovg4flip35h1.png" alt=" " width="800" height="378"></a></p> <ul> <li> <p><b> Go to Master Machine and add our own eks cluster to argocd for application deployment using cli</b></p> <ul> <li> <b>Login to argoCD from CLI</b> </li> </ul> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> argocd login 52.53.156.187:32738 <span class="nt">--username</span> admin </code></pre> </div> <blockquote> <p>[!Tip]<br> 52.53.156.187:32738 --&gt; This should be your argocd url</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm1jf7it8qochmuc8xmhq.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm1jf7it8qochmuc8xmhq.png" alt="image" width="800" height="116"></a></p> <ul> <li> <b>Check how many clusters are available in argocd </b> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> argocd cluster list </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkmoi6ocz71089rlekbk2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkmoi6ocz71089rlekbk2.png" alt="image" width="800" height="95"></a></p> <ul> <li> <b>Get your cluster name</b> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> kubectl config get-contexts </code></pre> </div> <ul> <li> <b>Add your cluster to argocd</b> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> argocd cluster add bankapp-cluster.us-east-1.eksctl.io <span class="nt">--name</span> bankapp-eks-cluster </code></pre> </div> <blockquote> <p>[!Tip] &gt; bankapp-cluster.us-east-1.eksctl.io --&gt; This should be your EKS Cluster Name.</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fblbe2ve07lknakv0udzl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fblbe2ve07lknakv0udzl.png" alt="image" width="800" height="91"></a></p> <ul> <li> <b> Once your cluster is added to argocd, go to argocd console Settings --&gt; Clusters and verify it</b> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpxv9ur00q366am5wyrjf.png" alt="image" width="800" height="132"> </li> </ul> <ul> <li> <b>Go to Settings --&gt; Repositories and click on Connect repo </b> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fabggbucu1bc4ef9d2vfj.png" alt="image" width="800" height="361"> </li> </ul> <blockquote> <p>[!Note]<br> Connection should be successful</p> </blockquote> <ul> <li>Create BankApp-CI job <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsu9qb1shgavyt0386ym3.png" alt="image" width="800" height="381"> </li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxyl4h5rk13amrr4p4oei.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxyl4h5rk13amrr4p4oei.png" alt=" " width="800" height="370"></a></p> <ul> <li>Create BankApp-CD job, same as CI job.</li> </ul> <ul> <li> <b>Provide permission to docker socket so that docker build and push command do not fail</b> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">chmod </span>777 /var/run/docker.sock </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyjb3sk6ari9n6wf4172o.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyjb3sk6ari9n6wf4172o.png" alt="image" width="640" height="36"></a></p> <ul> <li><b>Now, go to Applications and click on New App</b></li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyr7qwu2se3e3zo0txnze.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyr7qwu2se3e3zo0txnze.png" alt="image" width="800" height="441"></a></p> <blockquote> <p>[!Important]<br> Make sure to click on the Auto-Create Namespace option while creating argocd application</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpc9dwyy090pzenw15l2m.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpc9dwyy090pzenw15l2m.png" alt="image" width="800" height="180"></a></p> <ul> <li><p><b>Congratulations, your application is deployed on AWS EKS Cluster</b><br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyi9ozuwksqrlzoekpfur.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyi9ozuwksqrlzoekpfur.png" alt="image" width="800" height="367"></a></p></li> <li><p><b>Open port 30080 on worker node and Access it on browser</b><br> </p></li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>&lt;worker-public-ip&gt;:30080 </code></pre> </div> <h2> How to monitor EKS cluster, kubernetes components and workloads using prometheus and grafana via HELM (On Master machine) </h2> <ul> <li> <p id="Monitor">Install Helm Chart</p> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-fsSL</span> <span class="nt">-o</span> get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">chmod </span>700 get_helm.sh </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>./get_helm.sh </code></pre> </div> <ul> <li>Add Helm Stable Charts for Your Local Client </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>helm repo add stable https://charts.helm.sh/stable </code></pre> </div> <ul> <li>Add Prometheus Helm Repository </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>helm repo add prometheus-community https://prometheus-community.github.io/helm-charts </code></pre> </div> <ul> <li>Create Prometheus Namespace </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl create namespace prometheus </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl get ns </code></pre> </div> <ul> <li>Install Prometheus using Helm </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>helm <span class="nb">install </span>stable prometheus-community/kube-prometheus-stack <span class="nt">-n</span> prometheus </code></pre> </div> <ul> <li>Verify prometheus installation </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl get pods <span class="nt">-n</span> prometheus </code></pre> </div> <ul> <li>Check the services file (svc) of the Prometheus </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl get svc <span class="nt">-n</span> prometheus </code></pre> </div> <ul> <li>Expose Prometheus and Grafana to the external world through Node Port &gt; [!Important] &gt; change it from Cluster IP to NodePort after changing make sure you save the file and open the assigned nodeport to the service.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzhpt5qqw3g8f0d0y5sqn.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzhpt5qqw3g8f0d0y5sqn.png" alt=" " width="800" height="372"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl edit svc stable-kube-prometheus-sta-prometheus <span class="nt">-n</span> prometheus </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flcm9m6yheqor9c5sdm78.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flcm9m6yheqor9c5sdm78.png" alt="image" width="489" height="397"></a><br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvgogr4hwgere5xqxz64d.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvgogr4hwgere5xqxz64d.png" alt="image" width="555" height="21"></a></p> <ul> <li>Verify service </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl get svc <span class="nt">-n</span> prometheus </code></pre> </div> <ul> <li>Now,let’s change the SVC file of the Grafana and expose it to the outer world </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl edit svc stable-grafana <span class="nt">-n</span> prometheus </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsedm308jtnievd9tsm8t.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsedm308jtnievd9tsm8t.png" alt="image" width="478" height="361"></a></p> <ul> <li>Check grafana service </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl get svc <span class="nt">-n</span> prometheus </code></pre> </div> <ul> <li>Get a password for grafana </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl get secret <span class="nt">--namespace</span> prometheus stable-grafana <span class="nt">-o</span> <span class="nv">jsonpath</span><span class="o">=</span><span class="s2">"{.data.admin-password}"</span> | <span class="nb">base64</span> <span class="nt">--decode</span> <span class="p">;</span> <span class="nb">echo</span> </code></pre> </div> <blockquote> <p>[!Note]<br> Username: admin</p> </blockquote> <ul> <li>Now, view the Dashboard in Grafana</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhhp9yohgnjurbahsm1k9.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhhp9yohgnjurbahsm1k9.png" alt=" " width="800" height="372"></a><br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq2a75z7dssx93lgrn9nf.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq2a75z7dssx93lgrn9nf.png" alt=" " width="800" height="372"></a><br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbxgxszdhp24k3huc0ngb.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbxgxszdhp24k3huc0ngb.png" alt=" " width="800" height="373"></a></p> <h2> Clean Up </h2> <ul> <li> <b id="Clean">Delete eks cluster</b> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>eksctl delete cluster <span class="nt">--name</span><span class="o">=</span>bankapp <span class="nt">--region</span><span class="o">=</span>us-east-1 </code></pre> </div> <h2> 📚 Additional Resources </h2> <ul> <li><a href="https://spring.io/projects/spring-boot" rel="noopener noreferrer">Spring Boot Documentation</a></li> <li><a href="https://spring.io/projects/spring-security" rel="noopener noreferrer">Spring Security Reference</a></li> <li><a href="https://dev.mysql.com/doc/" rel="noopener noreferrer">MySQL Documentation</a></li> <li><a href="https://docs.docker.com/" rel="noopener noreferrer">Docker Documentation</a></li> <li><a href="https://maven.apache.org/users/index.html" rel="noopener noreferrer">Maven User Guide</a></li> </ul> <p>Happy Coding! 🏦💳</p> devops cloud terraform cicd Deepanshu Thu, 31 Jul 2025 19:25:07 +0000 https://dev.to/deepanshub09/terraform-modules-your-infrastructures-building-blocks-the-complete-guide-25c5 https://dev.to/deepanshub09/terraform-modules-your-infrastructures-building-blocks-the-complete-guide-25c5 <p><em>Imagine if every time you wanted to build a house, you had to start from scratch - making your own bricks, mixing cement, crafting doors. Sounds exhausting, right? That's exactly what writing Terraform without modules feels like. Let me show you how modules can change your infrastructure game forever.</em></p> <h2> 🤔 What Are Terraform Modules? </h2> <p>Think of Terraform modules as <strong>LEGO blocks for your infrastructure</strong>. Just like how you can build a castle, spaceship, or car using the same LEGO pieces, modules let you create reusable infrastructure components that you can use across different projects.</p> <p>In simple terms: <strong>A module is a collection of Terraform files that create a specific piece of infrastructure.</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>🏗️ Traditional Way (Without Modules): Every project = Build everything from scratch 🧱 With Modules: Every project = Assemble pre-built, tested components </code></pre> </div> <h2> 😫 The Pain Without Modules </h2> <p>Let me paint you a picture of life before modules:</p> <h3> Scenario 1: The Copy-Paste Nightmare </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Developer A: <span class="s2">"I need to create a VPC for the new project"</span> Developer B: <span class="s2">"Just copy the VPC code from the last project"</span> Developer A: <span class="s2">"Which version? The one from 3 months ago or the updated one?"</span> Developer B: <span class="s2">"Ummm... good question 🤷‍♂️"</span> </code></pre> </div> <h3> Scenario 2: The "Find and Replace" Horror </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># Project 1</span> <span class="nx">resource</span> <span class="s2">"aws_instance"</span> <span class="s2">"web_server_project_alpha"</span> <span class="p">{</span> <span class="c1"># 50 lines of configuration</span> <span class="p">}</span> <span class="c1"># Project 2 (copy-pasted and modified)</span> <span class="nx">resource</span> <span class="s2">"aws_instance"</span> <span class="s2">"web_server_project_beta"</span> <span class="p">{</span> <span class="c1"># Same 50 lines, but with different names</span> <span class="p">}</span> <span class="c1"># Project 3... Project 4... Project N...</span> <span class="c1"># 😱 Now you have to maintain the same logic in 20 different places!</span> </code></pre> </div> <h3> Scenario 3: The "Oops, I Broke Everything" Story </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>DevOps Engineer: <span class="s2">"I found a security bug in our EC2 configuration"</span> Team Lead: <span class="s2">"Great! How many projects do we need to update?"</span> DevOps Engineer: <span class="s2">"Only... 15 different repositories... 😰"</span> <span class="k">*</span>2 weeks later, still updating projects<span class="k">*</span> </code></pre> </div> <h2> 🎯 What Problems Do Modules Solve? </h2> <h3> 1. <strong>DRY Principle (Don't Repeat Yourself)</strong> </h3> <p>Instead of copying the same configuration everywhere, write it once and reuse it.</p> <h3> 2. <strong>Consistency Across Projects</strong> </h3> <p>Everyone uses the same, tested infrastructure patterns.</p> <h3> 3. <strong>Easier Maintenance</strong> </h3> <p>Fix a bug once, and it's fixed everywhere.</p> <h3> 4. <strong>Team Collaboration</strong> </h3> <p>Share infrastructure patterns across teams and organizations.</p> <h3> 5. <strong>Testing and Quality</strong> </h3> <p>Test your modules once, trust them everywhere.</p> <h2> 🏗️ Module Architecture </h2> <p>Here's how modules work in the real world:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>📁 Your Organization ├── 🏢 Projects │ ├── Project A (uses modules) │ ├── Project B (uses modules) │ └── Project C (uses modules) │ └── 📦 Module Library ├── 🌐 VPC Module ├── 🖥️ EC2 Module ├── 🗄️ RDS Module └── 🔒 Security Group Module Instead of each project building everything from scratch, they all use the same tested, standardized modules! </code></pre> </div> <h2> 🛠️ Creating Your First Module </h2> <p>Let's build a real module together! We'll create a "Web Server" module that you can reuse across projects.</p> <h3> Step 1: Module Structure </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>modules/ └── web-server/ ├── main.tf # Main resources ├── variables.tf # Input variables ├── outputs.tf # Output values └── README.md # Documentation </code></pre> </div> <h3> Step 2: Define the Module </h3> <p><strong>File: <code>modules/web-server/main.tf</code></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># Security group for web server</span> <span class="nx">resource</span> <span class="s2">"aws_security_group"</span> <span class="s2">"web_sg"</span> <span class="p">{</span> <span class="nx">name_prefix</span> <span class="p">=</span> <span class="s2">"${var.name_prefix}-web-sg"</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">vpc_id</span> <span class="nx">ingress</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"HTTP"</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="mi">80</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="mi">80</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span> <span class="p">}</span> <span class="nx">ingress</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"HTTPS"</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="mi">443</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="mi">443</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span> <span class="p">}</span> <span class="nx">ingress</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"SSH"</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="mi">22</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="mi">22</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="nx">var</span><span class="p">.</span><span class="nx">ssh_cidr</span><span class="p">]</span> <span class="p">}</span> <span class="nx">egress</span> <span class="p">{</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="mi">0</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="mi">0</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"-1"</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span> <span class="p">}</span> <span class="nx">tags</span> <span class="p">=</span> <span class="nx">merge</span><span class="p">(</span><span class="nx">var</span><span class="p">.</span><span class="nx">tags</span><span class="p">,</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"${var.name_prefix}-web-sg"</span> <span class="p">})</span> <span class="p">}</span> <span class="c1"># EC2 instance for web server</span> <span class="nx">resource</span> <span class="s2">"aws_instance"</span> <span class="s2">"web_server"</span> <span class="p">{</span> <span class="nx">count</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">instance_count</span> <span class="nx">ami</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">ami_id</span> <span class="nx">instance_type</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">instance_type</span> <span class="nx">key_name</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">key_name</span> <span class="nx">vpc_security_group_ids</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_security_group</span><span class="p">.</span><span class="nx">web_sg</span><span class="p">.</span><span class="nx">id</span><span class="p">]</span> <span class="nx">subnet_id</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">subnet_id</span> <span class="nx">user_data</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">user_data_script</span> <span class="nx">tags</span> <span class="p">=</span> <span class="nx">merge</span><span class="p">(</span><span class="nx">var</span><span class="p">.</span><span class="nx">tags</span><span class="p">,</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"${var.name_prefix}-web-${count.index + 1}"</span> <span class="p">})</span> <span class="p">}</span> <span class="c1"># Application Load Balancer (optional)</span> <span class="nx">resource</span> <span class="s2">"aws_lb"</span> <span class="s2">"web_lb"</span> <span class="p">{</span> <span class="nx">count</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">create_load_balancer</span> <span class="err">?</span> <span class="mi">1</span> <span class="err">:</span> <span class="mi">0</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"${var.name_prefix}-web-lb"</span> <span class="nx">internal</span> <span class="p">=</span> <span class="kc">false</span> <span class="nx">load_balancer_type</span> <span class="p">=</span> <span class="s2">"application"</span> <span class="nx">security_groups</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_security_group</span><span class="p">.</span><span class="nx">web_sg</span><span class="p">.</span><span class="nx">id</span><span class="p">]</span> <span class="nx">subnets</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">lb_subnets</span> <span class="nx">tags</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">tags</span> <span class="p">}</span> </code></pre> </div> <p><strong>File: <code>modules/web-server/variables.tf</code></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">variable</span> <span class="s2">"name_prefix"</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"Prefix for all resource names"</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">string</span> <span class="p">}</span> <span class="nx">variable</span> <span class="s2">"vpc_id"</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"VPC ID where resources will be created"</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">string</span> <span class="p">}</span> <span class="nx">variable</span> <span class="s2">"subnet_id"</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"Subnet ID for EC2 instances"</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">string</span> <span class="p">}</span> <span class="nx">variable</span> <span class="s2">"ami_id"</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"AMI ID for EC2 instances"</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">string</span> <span class="nx">default</span> <span class="p">=</span> <span class="s2">"ami-0c02fb55956c7d316"</span> <span class="c1"># Amazon Linux 2</span> <span class="p">}</span> <span class="nx">variable</span> <span class="s2">"instance_type"</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"EC2 instance type"</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">string</span> <span class="nx">default</span> <span class="p">=</span> <span class="s2">"t3.micro"</span> <span class="p">}</span> <span class="nx">variable</span> <span class="s2">"instance_count"</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"Number of EC2 instances to create"</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">number</span> <span class="nx">default</span> <span class="p">=</span> <span class="mi">1</span> <span class="p">}</span> <span class="nx">variable</span> <span class="s2">"key_name"</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"AWS Key Pair name for SSH access"</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">string</span> <span class="p">}</span> <span class="nx">variable</span> <span class="s2">"ssh_cidr"</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"CIDR block allowed for SSH access"</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">string</span> <span class="nx">default</span> <span class="p">=</span> <span class="s2">"10.0.0.0/8"</span> <span class="p">}</span> <span class="nx">variable</span> <span class="s2">"user_data_script"</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"User data script for EC2 initialization"</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">string</span> <span class="nx">default</span> <span class="p">=</span> <span class="o">&lt;&lt;-</span><span class="no">EOF</span><span class="sh"> #!/bin/bash yum update -y yum install -y httpd systemctl start httpd systemctl enable httpd echo "&lt;h1&gt;Hello from Terraform Module!&lt;/h1&gt;" &gt; /var/www/html/index.html </span><span class="no"> EOF </span><span class="p">}</span> <span class="nx">variable</span> <span class="s2">"create_load_balancer"</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"Whether to create an Application Load Balancer"</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">bool</span> <span class="nx">default</span> <span class="p">=</span> <span class="kc">false</span> <span class="p">}</span> <span class="nx">variable</span> <span class="s2">"lb_subnets"</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"Subnet IDs for Load Balancer (required if create_load_balancer is true)"</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">list</span><span class="p">(</span><span class="nx">string</span><span class="p">)</span> <span class="nx">default</span> <span class="p">=</span> <span class="p">[]</span> <span class="p">}</span> <span class="nx">variable</span> <span class="s2">"tags"</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"Tags to apply to all resources"</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">map</span><span class="p">(</span><span class="nx">string</span><span class="p">)</span> <span class="nx">default</span> <span class="p">=</span> <span class="p">{}</span> <span class="p">}</span> </code></pre> </div> <p><strong>File: <code>modules/web-server/outputs.tf</code></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">output</span> <span class="s2">"instance_ids"</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"IDs of the created EC2 instances"</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">aws_instance</span><span class="p">.</span><span class="nx">web_server</span><span class="p">[*].</span><span class="nx">id</span> <span class="p">}</span> <span class="nx">output</span> <span class="s2">"instance_public_ips"</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"Public IP addresses of the instances"</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">aws_instance</span><span class="p">.</span><span class="nx">web_server</span><span class="p">[*].</span><span class="nx">public_ip</span> <span class="p">}</span> <span class="nx">output</span> <span class="s2">"instance_private_ips"</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"Private IP addresses of the instances"</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">aws_instance</span><span class="p">.</span><span class="nx">web_server</span><span class="p">[*].</span><span class="nx">private_ip</span> <span class="p">}</span> <span class="nx">output</span> <span class="s2">"security_group_id"</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"ID of the created security group"</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">aws_security_group</span><span class="p">.</span><span class="nx">web_sg</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> <span class="nx">output</span> <span class="s2">"load_balancer_dns"</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"DNS name of the load balancer (if created)"</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">create_load_balancer</span> <span class="err">?</span> <span class="nx">aws_lb</span><span class="p">.</span><span class="nx">web_lb</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nx">dns_name</span> <span class="err">:</span> <span class="kc">null</span> <span class="p">}</span> <span class="nx">output</span> <span class="s2">"load_balancer_arn"</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"ARN of the load balancer (if created)"</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">create_load_balancer</span> <span class="err">?</span> <span class="nx">aws_lb</span><span class="p">.</span><span class="nx">web_lb</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nx">arn</span> <span class="err">:</span> <span class="kc">null</span> <span class="p">}</span> </code></pre> </div> <h2> 🚀 Using Your Module </h2> <p>Now that we've created our module, let's use it in different projects:</p> <h3> Project 1: Simple Web Server </h3> <p><strong>File: <code>projects/simple-web/main.tf</code></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># Call our web-server module</span> <span class="nx">module</span> <span class="s2">"simple_web"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"../../modules/web-server"</span> <span class="nx">name_prefix</span> <span class="p">=</span> <span class="s2">"simple-web"</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="s2">"vpc-12345678"</span> <span class="nx">subnet_id</span> <span class="p">=</span> <span class="s2">"subnet-12345678"</span> <span class="nx">key_name</span> <span class="p">=</span> <span class="s2">"my-key-pair"</span> <span class="nx">instance_type</span> <span class="p">=</span> <span class="s2">"t3.micro"</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Environment</span> <span class="p">=</span> <span class="s2">"development"</span> <span class="nx">Project</span> <span class="p">=</span> <span class="s2">"simple-web"</span> <span class="nx">Owner</span> <span class="p">=</span> <span class="s2">"dev-team"</span> <span class="p">}</span> <span class="p">}</span> <span class="c1"># Use module outputs</span> <span class="nx">output</span> <span class="s2">"web_server_ip"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">module</span><span class="p">.</span><span class="nx">simple_web</span><span class="p">.</span><span class="nx">instance_public_ips</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="p">}</span> </code></pre> </div> <h3> Project 2: High-Availability Web Application </h3> <p><strong>File: <code>projects/ha-web-app/main.tf</code></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># Call the same module with different configuration</span> <span class="nx">module</span> <span class="s2">"ha_web_app"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"../../modules/web-server"</span> <span class="nx">name_prefix</span> <span class="p">=</span> <span class="s2">"ha-web-app"</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="s2">"vpc-87654321"</span> <span class="nx">subnet_id</span> <span class="p">=</span> <span class="s2">"subnet-87654321"</span> <span class="nx">key_name</span> <span class="p">=</span> <span class="s2">"prod-key-pair"</span> <span class="nx">instance_type</span> <span class="p">=</span> <span class="s2">"t3.small"</span> <span class="nx">instance_count</span> <span class="p">=</span> <span class="mi">3</span> <span class="nx">create_load_balancer</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">lb_subnets</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"subnet-11111111"</span><span class="p">,</span> <span class="s2">"subnet-22222222"</span><span class="p">]</span> <span class="nx">user_data_script</span> <span class="p">=</span> <span class="o">&lt;&lt;-</span><span class="no">EOF</span><span class="sh"> #!/bin/bash yum update -y yum install -y httpd systemctl start httpd systemctl enable httpd echo "&lt;h1&gt;Production Web App - Server $(hostname)&lt;/h1&gt;" &gt; /var/www/html/index.html </span><span class="no"> EOF </span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Environment</span> <span class="p">=</span> <span class="s2">"production"</span> <span class="nx">Project</span> <span class="p">=</span> <span class="s2">"ha-web-app"</span> <span class="nx">Owner</span> <span class="p">=</span> <span class="s2">"ops-team"</span> <span class="nx">Backup</span> <span class="p">=</span> <span class="s2">"required"</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">output</span> <span class="s2">"load_balancer_url"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="s2">"http://${module.ha_web_app.load_balancer_dns}"</span> <span class="p">}</span> </code></pre> </div> <h2> 🎯 Real-World Module Examples </h2> <p>Here are some modules you'll commonly see in organizations:</p> <h3> 1. <strong>VPC Module</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">module</span> <span class="s2">"vpc"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"./modules/vpc"</span> <span class="nx">cidr_block</span> <span class="p">=</span> <span class="s2">"10.0.0.0/16"</span> <span class="nx">availability_zones</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"us-east-1a"</span><span class="p">,</span> <span class="s2">"us-east-1b"</span><span class="p">]</span> <span class="nx">public_subnet_cidrs</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"10.0.1.0/24"</span><span class="p">,</span> <span class="s2">"10.0.2.0/24"</span><span class="p">]</span> <span class="nx">private_subnet_cidrs</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"10.0.10.0/24"</span><span class="p">,</span> <span class="s2">"10.0.20.0/24"</span><span class="p">]</span> <span class="nx">enable_nat_gateway</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">enable_vpn_gateway</span> <span class="p">=</span> <span class="kc">false</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Environment</span> <span class="p">=</span> <span class="s2">"production"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> 2. <strong>RDS Database Module</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">module</span> <span class="s2">"database"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"./modules/rds"</span> <span class="nx">identifier</span> <span class="p">=</span> <span class="s2">"myapp-db"</span> <span class="nx">engine</span> <span class="p">=</span> <span class="s2">"postgres"</span> <span class="nx">engine_version</span> <span class="p">=</span> <span class="s2">"13.7"</span> <span class="nx">instance_class</span> <span class="p">=</span> <span class="s2">"db.t3.micro"</span> <span class="nx">allocated_storage</span> <span class="p">=</span> <span class="mi">20</span> <span class="nx">storage_encrypted</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">db_name</span> <span class="p">=</span> <span class="s2">"myapp"</span> <span class="nx">username</span> <span class="p">=</span> <span class="s2">"admin"</span> <span class="nx">password</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">db_password</span> <span class="nx">vpc_security_group_ids</span> <span class="p">=</span> <span class="p">[</span><span class="nx">module</span><span class="p">.</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">database_security_group_id</span><span class="p">]</span> <span class="nx">subnet_group_name</span> <span class="p">=</span> <span class="nx">module</span><span class="p">.</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">database_subnet_group_name</span> <span class="nx">backup_retention_period</span> <span class="p">=</span> <span class="mi">7</span> <span class="nx">backup_window</span> <span class="p">=</span> <span class="s2">"03:00-04:00"</span> <span class="nx">maintenance_window</span> <span class="p">=</span> <span class="s2">"sun:04:00-sun:05:00"</span> <span class="p">}</span> </code></pre> </div> <h3> 3. <strong>S3 Bucket Module</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">module</span> <span class="s2">"app_storage"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"./modules/s3-bucket"</span> <span class="nx">bucket_name</span> <span class="p">=</span> <span class="s2">"myapp-storage-${random_string.bucket_suffix.result}"</span> <span class="nx">enable_versioning</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">enable_encryption</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">lifecycle_rules</span> <span class="p">=</span> <span class="p">[</span> <span class="p">{</span> <span class="nx">id</span> <span class="p">=</span> <span class="s2">"transition_to_ia"</span> <span class="nx">status</span> <span class="p">=</span> <span class="s2">"Enabled"</span> <span class="nx">transition</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">days</span> <span class="p">=</span> <span class="mi">30</span> <span class="nx">storage_class</span> <span class="p">=</span> <span class="s2">"STANDARD_IA"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">]</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Environment</span> <span class="p">=</span> <span class="s2">"production"</span> <span class="nx">Purpose</span> <span class="p">=</span> <span class="s2">"application-storage"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> 🌟 Advanced Module Patterns </h2> <h3> 1. <strong>Conditional Resources</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># Create resources only when needed</span> <span class="nx">resource</span> <span class="s2">"aws_lb"</span> <span class="s2">"this"</span> <span class="p">{</span> <span class="nx">count</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">create_load_balancer</span> <span class="err">?</span> <span class="mi">1</span> <span class="err">:</span> <span class="mi">0</span> <span class="c1"># ... configuration</span> <span class="p">}</span> </code></pre> </div> <h3> 2. <strong>Dynamic Blocks</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># Create multiple similar blocks dynamically</span> <span class="nx">resource</span> <span class="s2">"aws_security_group"</span> <span class="s2">"this"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">name</span> <span class="nx">dynamic</span> <span class="s2">"ingress"</span> <span class="p">{</span> <span class="nx">for_each</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">ingress_rules</span> <span class="nx">content</span> <span class="p">{</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="nx">ingress</span><span class="p">.</span><span class="nx">value</span><span class="p">.</span><span class="nx">from_port</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="nx">ingress</span><span class="p">.</span><span class="nx">value</span><span class="p">.</span><span class="nx">to_port</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="nx">ingress</span><span class="p">.</span><span class="nx">value</span><span class="p">.</span><span class="nx">protocol</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="nx">ingress</span><span class="p">.</span><span class="nx">value</span><span class="p">.</span><span class="nx">cidr_blocks</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> 3. <strong>Module Composition</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># Use multiple modules together</span> <span class="nx">module</span> <span class="s2">"vpc"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"./modules/vpc"</span> <span class="c1"># ... configuration</span> <span class="p">}</span> <span class="nx">module</span> <span class="s2">"web_servers"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"./modules/web-server"</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="nx">module</span><span class="p">.</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">vpc_id</span> <span class="nx">subnet_id</span> <span class="p">=</span> <span class="nx">module</span><span class="p">.</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">public_subnet_ids</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="c1"># ... other configuration</span> <span class="p">}</span> <span class="nx">module</span> <span class="s2">"database"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"./modules/rds"</span> <span class="nx">vpc_security_group_ids</span> <span class="p">=</span> <span class="p">[</span><span class="nx">module</span><span class="p">.</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">database_security_group_id</span><span class="p">]</span> <span class="nx">subnet_group_name</span> <span class="p">=</span> <span class="nx">module</span><span class="p">.</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">database_subnet_group_name</span> <span class="c1"># ... other configuration</span> <span class="p">}</span> </code></pre> </div> <h2> 📦 Module Sources and Versioning </h2> <h3> 1. <strong>Local Modules</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">module</span> <span class="s2">"web_server"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"./modules/web-server"</span> <span class="p">}</span> </code></pre> </div> <h3> 2. <strong>Git Repository Modules</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">module</span> <span class="s2">"web_server"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"git::https://github.com/your-org/terraform-modules.git//web-server?ref=v1.2.0"</span> <span class="p">}</span> </code></pre> </div> <h3> 3. <strong>Terraform Registry Modules</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">module</span> <span class="s2">"vpc"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"terraform-aws-modules/vpc/aws"</span> <span class="nx">version</span> <span class="p">=</span> <span class="s2">"~&gt; 3.0"</span> <span class="p">}</span> </code></pre> </div> <h3> 4. <strong>Private Registry Modules</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">module</span> <span class="s2">"internal_module"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"company.registry.io/team/module-name/aws"</span> <span class="nx">version</span> <span class="p">=</span> <span class="s2">"1.0.0"</span> <span class="p">}</span> </code></pre> </div> <h2> 🔧 Best Practices for Module Development </h2> <h3> 1. <strong>Follow Naming Conventions</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>✅ Good: - terraform-aws-vpc - terraform-azure-storage - terraform-gcp-compute ❌ Bad: - my-module - stuff - vpc-thing </code></pre> </div> <h3> 2. <strong>Use Semantic Versioning</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>v1.0.0 - Initial release v1.1.0 - Added new feature v1.1.1 - Bug fix v2.0.0 - Breaking change </code></pre> </div> <h3> 3. <strong>Provide Good Documentation</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code><span class="gh"># Web Server Module</span> <span class="gu">## Usage</span> </code></pre> </div> <p><br> hcl<br> module "web_server" {<br> source = "./modules/web-server"</p> <p>name_prefix = "my-app"<br> vpc_id = "vpc-12345"<br> # ...<br> }<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> ## Requirements - Terraform &gt;= 1.0 - AWS Provider &gt;= 4.0 ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|----------| | name_prefix | Prefix for resource names | string | n/a | yes | </code></pre> </div> <h3> 4. <strong>Include Examples</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>modules/ └── web-server/ ├── main.tf ├── variables.tf ├── outputs.tf ├── README.md └── examples/ ├── simple/ │ └── main.tf └── advanced/ └── main.tf </code></pre> </div> <h2> 🚨 Common Pitfalls and How to Avoid Them </h2> <h3> 1. <strong>Overly Complex Modules</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># ❌ Bad: One module that does everything</span> <span class="nx">module</span> <span class="s2">"everything"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"./modules/entire-infrastructure"</span> <span class="c1"># 50+ variables</span> <span class="p">}</span> <span class="c1"># ✅ Good: Focused, single-purpose modules</span> <span class="nx">module</span> <span class="s2">"vpc"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"./modules/vpc"</span> <span class="p">}</span> <span class="nx">module</span> <span class="s2">"web_servers"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"./modules/web-server"</span> <span class="p">}</span> </code></pre> </div> <h3> 2. <strong>Hard-coded Values</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># ❌ Bad: Hard-coded values</span> <span class="nx">resource</span> <span class="s2">"aws_instance"</span> <span class="s2">"web"</span> <span class="p">{</span> <span class="nx">ami</span> <span class="p">=</span> <span class="s2">"ami-12345678"</span> <span class="c1"># This will break in other regions!</span> <span class="nx">instance_type</span> <span class="p">=</span> <span class="s2">"t2.micro"</span> <span class="c1"># No flexibility</span> <span class="p">}</span> <span class="c1"># ✅ Good: Use variables and data sources</span> <span class="nx">data</span> <span class="s2">"aws_ami"</span> <span class="s2">"amazon_linux"</span> <span class="p">{</span> <span class="nx">most_recent</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">owners</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"amazon"</span><span class="p">]</span> <span class="nx">filter</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"name"</span> <span class="nx">values</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"amzn2-ami-hvm-*-x86_64-gp2"</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">resource</span> <span class="s2">"aws_instance"</span> <span class="s2">"web"</span> <span class="p">{</span> <span class="nx">ami</span> <span class="p">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">aws_ami</span><span class="p">.</span><span class="nx">amazon_linux</span><span class="p">.</span><span class="nx">id</span> <span class="nx">instance_type</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">instance_type</span> <span class="p">}</span> </code></pre> </div> <h3> 3. <strong>Not Planning for Outputs</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># ✅ Always think about what consumers might need</span> <span class="nx">output</span> <span class="s2">"instance_ids"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">aws_instance</span><span class="p">.</span><span class="nx">web</span><span class="p">[*].</span><span class="nx">id</span> <span class="p">}</span> <span class="nx">output</span> <span class="s2">"security_group_id"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">aws_security_group</span><span class="p">.</span><span class="nx">web</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> <span class="nx">output</span> <span class="s2">"load_balancer_dns"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">aws_lb</span><span class="p">.</span><span class="nx">web</span><span class="p">.</span><span class="nx">dns_name</span> <span class="p">}</span> </code></pre> </div> <h2> 📊 Real-World Success Story </h2> <p>Here's how a 100-person engineering organization transformed their infrastructure:</p> <p><strong>Before Modules:</strong></p> <ul> <li>🔥 6 hours to set up a new environment</li> <li>😓 Configuration drift across 20+ projects</li> <li>🐛 Same bugs appearing in multiple places</li> <li>📧 "Can you share your VPC configuration?" messages daily</li> </ul> <p><strong>After Modules:</strong></p> <ul> <li>⚡ 30 minutes to set up a new environment</li> <li>🎯 100% consistent configurations</li> <li>🔒 Security fixes deployed everywhere instantly</li> <li>🤝 Self-service infrastructure for all teams</li> </ul> <p><strong>The Numbers:</strong></p> <ul> <li> <strong>Development Speed</strong>: 10x faster environment setup</li> <li> <strong>Bug Reduction</strong>: 85% fewer infrastructure-related bugs</li> <li> <strong>Team Productivity</strong>: 3 hours/week saved per developer</li> <li> <strong>Security Compliance</strong>: 100% consistent security posture</li> </ul> <h2> 🎯 Module Development Workflow </h2> <h3> 1. <strong>Plan Your Module</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>What problem does this solve? Who will use this module? What should be configurable? What are the outputs? </code></pre> </div> <h3> 2. <strong>Start Simple</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># Version 1.0: Basic functionality</span> <span class="nx">resource</span> <span class="s2">"aws_instance"</span> <span class="s2">"web"</span> <span class="p">{</span> <span class="nx">ami</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">ami_id</span> <span class="nx">instance_type</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">instance_type</span> <span class="p">}</span> </code></pre> </div> <h3> 3. <strong>Iterate and Improve</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># Version 1.1: Add security group</span> <span class="c1"># Version 1.2: Add load balancer option</span> <span class="c1"># Version 2.0: Support multiple instances</span> </code></pre> </div> <h3> 4. <strong>Test and Document</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>- Create example configurations - Test in multiple environments - Document all variables and outputs - Add troubleshooting guide </code></pre> </div> <h2> 💡 Module Testing Strategy </h2> <h3> 1. <strong>Unit Testing with Terratest</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">TestWebServerModule</span><span class="p">(</span><span class="n">t</span> <span class="o">*</span><span class="n">testing</span><span class="o">.</span><span class="n">T</span><span class="p">)</span> <span class="p">{</span> <span class="n">terraformOptions</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">terraform</span><span class="o">.</span><span class="n">Options</span><span class="p">{</span> <span class="n">TerraformDir</span><span class="o">:</span> <span class="s">"../examples/simple"</span><span class="p">,</span> <span class="p">}</span> <span class="k">defer</span> <span class="n">terraform</span><span class="o">.</span><span class="n">Destroy</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">terraformOptions</span><span class="p">)</span> <span class="n">terraform</span><span class="o">.</span><span class="n">InitAndApply</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">terraformOptions</span><span class="p">)</span> <span class="n">instanceId</span> <span class="o">:=</span> <span class="n">terraform</span><span class="o">.</span><span class="n">Output</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">terraformOptions</span><span class="p">,</span> <span class="s">"instance_id"</span><span class="p">)</span> <span class="n">assert</span><span class="o">.</span><span class="n">NotEmpty</span><span class="p">(</span><span class="n">t</span><span class="p">,</span> <span class="n">instanceId</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <h3> 2. <strong>Integration Testing</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Test module in different scenarios</span> <span class="nb">cd </span>examples/simple <span class="o">&amp;&amp;</span> terraform apply <span class="nb">cd </span>examples/with-load-balancer <span class="o">&amp;&amp;</span> terraform apply <span class="nb">cd </span>examples/multi-instance <span class="o">&amp;&amp;</span> terraform apply </code></pre> </div> <h3> 3. <strong>Security Scanning</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Use tools like tfsec, checkov, or terrascan</span> tfsec modules/web-server/ checkov <span class="nt">-d</span> modules/web-server/ </code></pre> </div> <h2> 🔮 Advanced Module Topics </h2> <h3> 1. <strong>Module Registry</strong> </h3> <ul> <li>Host modules in private registries</li> <li>Version management and automated testing</li> <li>Module discovery and documentation</li> </ul> <h3> 2. <strong>Module Composition Patterns</strong> </h3> <ul> <li>Parent modules that combine child modules</li> <li>Environment-specific module configurations</li> <li>Cross-module data sharing</li> </ul> <h3> 3. <strong>Module Governance</strong> </h3> <ul> <li>Approval processes for module changes</li> <li>Module lifecycle management</li> <li>Security and compliance scanning</li> </ul> <h2> 🎯 Implementation Checklist </h2> <ul> <li>[ ] Identify repetitive infrastructure patterns</li> <li>[ ] Design your first module with clear inputs/outputs</li> <li>[ ] Create module documentation and examples</li> <li>[ ] Set up module versioning strategy</li> <li>[ ] Implement testing for your modules</li> <li>[ ] Create a module registry (internal or external)</li> <li>[ ] Train your team on module usage</li> <li>[ ] Establish module governance processes</li> <li>[ ] Monitor module usage and gather feedback</li> </ul> <h2> 💡 Key Takeaways </h2> <ul> <li> <strong>Modules are LEGO blocks</strong> for your infrastructure</li> <li> <strong>Start simple</strong>, then add complexity as needed</li> <li> <strong>Documentation and examples</strong> are crucial for adoption</li> <li> <strong>Versioning</strong> prevents breaking changes from affecting consumers</li> <li> <strong>Testing</strong> ensures your modules work reliably</li> <li> <strong>Collaboration</strong> improves when everyone uses the same building blocks</li> </ul> <h2> 🤝 Wrapping Up </h2> <p>Terraform modules are like having a team of infrastructure experts who've already solved common problems and packaged their solutions for you to use. They transform Infrastructure as Code from a chore into a joy.</p> <p>The initial investment in creating good modules pays dividends forever. Your future self (and your teammates) will thank you for the consistency, reliability, and speed that modules bring to your infrastructure.</p> <p>Start small - pick one repetitive pattern in your infrastructure and modularize it. Then watch as your team's productivity and infrastructure quality improve dramatically.</p> <p>What infrastructure patterns are you planning to modularize first? Share your module ideas in the comments below!</p> <p><strong>Tags:</strong> #terraform #modules #devops #infrastructure #iac #aws #automation #best-practices</p> <p><em>Found this helpful? Give it a ❤️ and follow me for more Infrastructure as Code content!</em></p> <p><em>Building your first module? Drop your questions in the comments - I love helping fellow DevOps engineers!</em></p> devops webdev terraform aws Deepanshu Wed, 30 Jul 2025 15:59:00 +0000 https://dev.to/deepanshub09/terraform-remote-backend-why-your-team-needs-it-and-how-to-set-it-up-4iep https://dev.to/deepanshub09/terraform-remote-backend-why-your-team-needs-it-and-how-to-set-it-up-4iep <p>Ever had that moment when you and your teammate both run <code>terraform apply</code> at the same time and suddenly your infrastructure is in a weird state? Yeah, we've all been there. Let's talk about how Terraform remote backend can save your sanity (and your infrastructure).</p> <h2> What is Terraform Remote Backend? </h2> <p>Think of Terraform's state file as your infrastructure's memory - it remembers what resources exist, their current configuration, and how they're connected. By default, this "memory" is stored locally on your computer in a file called <code>terraform.tfstate</code>.</p> <p>But here's the problem: <strong>What happens when you work in a team?</strong></p> <p>Imagine you're building a house with your friends, but each person has their own blueprint and nobody shares what they've built. Chaos, right? That's exactly what happens with local state files.</p> <p><strong>Remote backend</strong> is like having a shared blueprint stored in the cloud that everyone can access and update safely.</p> <h2> The Horror Stories of Local State </h2> <p>Let me paint you a picture of what can go wrong:</p> <h3> Scenario 1: The "Oops, I Deleted Everything" Story </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Developer A: <span class="s2">"I just ran terraform destroy to clean up my test environment"</span> Developer B: <span class="s2">"Wait... wasn't that the production database?! "</span> </code></pre> </div> <h3> Scenario 2: The "Conflict of Interest" Story </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Developer A: Creates 5 EC2 instances Developer B: <span class="o">(</span>at the same <span class="nb">time</span><span class="o">)</span> Creates 3 RDS databases Terraform: <span class="s2">"Error: State file conflict. Good luck figuring this out! "</span> </code></pre> </div> <h3> Scenario 3: The "Lost in Space" Story </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Developer: <span class="s2">"My laptop crashed and I lost the state file"</span> Infrastructure: <span class="k">*</span>exists but is now unmanaged<span class="k">*</span> Team: <span class="s2">"So... do we rebuild everything or manually import 100 resources?"</span> </code></pre> </div> <h2> Remote Backend Architecture </h2> <p>Here's how remote backend solves these problems:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> 👩‍💻 Developer 1 👨‍💻 Developer 2 👩‍💻 Developer 3 │ │ │ └─────────────┬──────┴─────────┬─────────┘ │ │ ▼ ▼ ┌─────────────────────────────┐ │ ☁️ AWS S3 Bucket │ │ (Shared State Storage) │ └─────────────┬───────────────┘ │ ▼ ┌─────────────────────────────┐ │ 🔒 DynamoDB Table │ │ (State Locking) │ └─────────────────────────────┘ </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzljx41unckcop4f36mjl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzljx41unckcop4f36mjl.png" alt="LockID show when one user working on Infrastructure as code" width="800" height="366"></a></p> <h2> Real-World Benefits for Organizations </h2> <h3> 1. <strong>Team Collaboration Made Easy</strong> </h3> <p>Instead of emailing state files around (please tell me you're not doing this), everyone accesses the same centralized state.</p> <h3> 2. <strong>State Locking Prevents Disasters</strong> </h3> <p>When someone runs <code>terraform apply</code>, the state gets locked. If another team member tries to run Terraform simultaneously, they get a friendly "Hey, wait your turn!" message instead of corrupting the state.</p> <h3> 3. <strong>Backup and Versioning</strong> </h3> <p>S3 automatically versions your state files. Accidentally destroyed production? Roll back to the previous state version.</p> <h3> 4. <strong>Security and Compliance</strong> </h3> <p>State files often contain sensitive information. Remote backend with proper IAM policies ensures only authorized team members can access it.</p> <h3> 5. <strong>CI/CD Integration</strong> </h3> <p>Your deployment pipelines can access the state without needing to store it in your code repository.</p> <h2> Setting Up Remote Backend (Step by Step) </h2> <p>Let's build this together! I'll show you exactly how to set up a remote backend with AWS S3 and DynamoDB.</p> <h3> Step 1: Create the Backend Infrastructure </h3> <p>First, we need to create the S3 bucket and DynamoDB table that will store our state:</p> <p><strong>File: <code>backend-setup/resource.tf</code></strong></p> <h1> S3 bucket for storing state files </h1> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>resource "aws_s3_bucket" "terraform_state" { bucket = "your-company-terraform-state-bucket" tags = { Name = "Terraform State Bucket" Environment = "Production" Purpose = "Infrastructure State Management" } } </code></pre> </div> <h1> Enable versioning for state file backup </h1> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>resource "aws_s3_bucket_versioning" "terraform_state_versioning" { bucket = aws_s3_bucket.terraform_state.id versioning_configuration { status = "Enabled" } } </code></pre> </div> <h1> Encrypt the state files </h1> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>resource "aws_s3_bucket_server_side_encryption_configuration" "terraform_state_encryption" { bucket = aws_s3_bucket.terraform_state.id rule { apply_server_side_encryption_by_default { sse_algorithm = "AES256" } } } </code></pre> </div> <h1> DynamoDB table for state locking </h1> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>resource "aws_dynamodb_table" "terraform_state_lock" { name = "terraform-state-lock" billing_mode = "PAY_PER_REQUEST" hash_key = "LockID" attribute { name = "LockID" type = "S" } tags = { Name = "Terraform State Lock Table" } } </code></pre> </div> <p><strong>File: <code>backend-setup/provider.tf</code></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">provider</span> <span class="s2">"aws"</span> <span class="p">{</span> <span class="nx">region</span> <span class="p">=</span> <span class="s2">"us-east-1"</span> <span class="p">}</span> </code></pre> </div> <p><strong>File: <code>backend-setup/terraform.tf</code></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">terraform</span> <span class="p">{</span> <span class="nx">required_version</span> <span class="p">=</span> <span class="s2">"&gt;= 1.0"</span> <span class="nx">required_providers</span> <span class="p">{</span> <span class="nx">aws</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"hashicorp/aws"</span> <span class="nx">version</span> <span class="p">=</span> <span class="s2">"~&gt; 5.0"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Run this setup first:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cd </span>backend-setup/ terraform init terraform plan terraform apply </code></pre> </div> <h3> Step 2: Configure Your Project to Use Remote Backend </h3> <p>Now, for any Terraform project, add this backend configuration:</p> <p><strong>File: <code>your-project/terraform.tf</code></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">terraform</span> <span class="p">{</span> <span class="nx">required_version</span> <span class="p">=</span> <span class="s2">"&gt;= 1.0"</span> <span class="nx">required_providers</span> <span class="p">{</span> <span class="nx">aws</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"hashicorp/aws"</span> <span class="nx">version</span> <span class="p">=</span> <span class="s2">"~&gt; 5.0"</span> <span class="p">}</span> <span class="p">}</span> <span class="c1"># Here's the magic!</span> <span class="nx">backend</span> <span class="s2">"s3"</span> <span class="p">{</span> <span class="nx">bucket</span> <span class="p">=</span> <span class="s2">"your-company-terraform-state-bucket"</span> <span class="nx">key</span> <span class="p">=</span> <span class="s2">"projects/my-awesome-project/terraform.tfstate"</span> <span class="nx">region</span> <span class="p">=</span> <span class="s2">"us-east-1"</span> <span class="nx">dynamodb_table</span> <span class="p">=</span> <span class="s2">"terraform-state-lock"</span> <span class="nx">encrypt</span> <span class="p">=</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Step 3: Initialize and Migrate </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cd </span>your-project/ terraform init <span class="c"># If you have existing local state, Terraform will ask:</span> <span class="c"># "Do you want to copy existing state to the new backend?"</span> <span class="c"># Answer: yes</span> </code></pre> </div> <h2> Pro Tips for Production Use </h2> <h3> 1. <strong>Organize Your State Files</strong> </h3> <p>Use meaningful key paths:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># Good</span> <span class="nx">key</span> <span class="err">=</span> <span class="s2">"environments/production/vpc/terraform.tfstate"</span> <span class="nx">key</span> <span class="err">=</span> <span class="s2">"environments/staging/databases/terraform.tfstate"</span> <span class="c1"># Bad</span> <span class="nx">key</span> <span class="err">=</span> <span class="s2">"terraform.tfstate"</span> <span class="nx">key</span> <span class="err">=</span> <span class="s2">"stuff.tfstate"</span> </code></pre> </div> <h3> 2. <strong>Use Different Buckets for Different Environments</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># Production</span> <span class="nx">bucket</span> <span class="err">=</span> <span class="s2">"company-terraform-prod-state"</span> <span class="c1"># Staging</span> <span class="nx">bucket</span> <span class="err">=</span> <span class="s2">"company-terraform-staging-state"</span> </code></pre> </div> <h3> 3. <strong>Set Up Proper IAM Permissions</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"s3:ListBucket"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:GetObject"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:PutObject"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:DeleteObject"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"arn:aws:s3:::your-terraform-state-bucket"</span><span class="p">,</span><span class="w"> </span><span class="s2">"arn:aws:s3:::your-terraform-state-bucket/*"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"dynamodb:GetItem"</span><span class="p">,</span><span class="w"> </span><span class="s2">"dynamodb:PutItem"</span><span class="p">,</span><span class="w"> </span><span class="s2">"dynamodb:DeleteItem"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"arn:aws:dynamodb:*:*:table/terraform-state-lock"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> Common Gotchas and How to Avoid Them </h2> <h3> 1. <strong>The Bootstrap Problem</strong> </h3> <p>You can't use remote backend to create the remote backend! Create the S3 bucket and DynamoDB table first with local state, then migrate other projects.</p> <h3> 2. <strong>State File Naming Conflicts</strong> </h3> <p>Always use unique <code>key</code> values for different projects:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># This will cause conflicts if multiple projects use it</span> <span class="nx">key</span> <span class="err">=</span> <span class="s2">"terraform.tfstate"</span> <span class="c1"># This is unique and descriptive</span> <span class="nx">key</span> <span class="err">=</span> <span class="s2">"projects/web-app/production/terraform.tfstate"</span> </code></pre> </div> <h3> 3. <strong>Lock File Stuck</strong> </h3> <p>If Terraform crashes, the lock might remain. Force unlock with:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>terraform force-unlock LOCK_ID </code></pre> </div> <h2> Real-World Success Story </h2> <p>Here's how a 50-person engineering team I worked with transformed their infrastructure management:</p> <p><strong>Before Remote Backend:</strong></p> <ul> <li> 3 production outages due to state conflicts</li> <li> 2 hours average time to resolve state issues</li> <li> State files shared via Slack/email</li> <li> One developer accidentally destroyed staging DB</li> </ul> <p><strong>After Remote Backend:</strong></p> <ul> <li> Zero state-related outages in 6 months</li> <li> 5 minutes to onboard new team members</li> <li> Seamless collaboration across teams</li> <li> Audit trail of all infrastructure changes</li> </ul> <h2> Implementation Checklist </h2> <ul> <li>[ ] Create S3 bucket for state storage</li> <li>[ ] Set up DynamoDB table for locking</li> <li>[ ] Enable S3 versioning and encryption</li> <li>[ ] Configure IAM permissions</li> <li>[ ] Update terraform.tf with backend config</li> <li>[ ] Run <code>terraform init</code> to migrate</li> <li>[ ] Test with team members</li> <li>[ ] Document the setup for your team</li> <li>[ ] Set up monitoring and alerts</li> </ul> <h2> Next Steps </h2> <p>Once you have remote backend set up, consider these advanced topics:</p> <ol> <li> <strong>Terraform Workspaces</strong> for environment management</li> <li> <strong>Remote state data sources</strong> for cross-project dependencies</li> <li> <strong>Terraform Cloud/Enterprise</strong> for advanced features</li> <li> <strong>State file encryption</strong> with customer-managed keys</li> </ol> <h2> Key Takeaways </h2> <ul> <li>Remote backend is essential for any team using Terraform</li> <li>It prevents state conflicts and enables collaboration</li> <li>S3 + DynamoDB is a solid, cost-effective solution</li> <li>Set it up once, enjoy peace of mind forever</li> <li>Your future self (and teammates) will thank you</li> </ul> <h3> Learn more about terraform with practical knowledge check out <a href="https://github.com/deepanshub9/terraform_practice/tree/main/remote_backend" rel="noopener noreferrer">GitHub</a> </h3> <h3> Wrapping Up </h3> <p>Setting up remote backend might seem like extra work initially, but it's an investment that pays dividends. Think of it as infrastructure insurance - you hope you never need it, but you'll be incredibly grateful when you do.</p> <p>Have you implemented remote backend in your organization? What challenges did you face? Share your experiences in the comments below!</p> <p><strong>Tags:</strong> #terraform #aws #devops #infrastructure #backend #s3 #dynamodb #iac</p> <p><em>Found this helpful? Give it a ❤️ and follow me for more practical DevOps content!</em></p> <p><em>Got questions? Drop them in the comments - I read and respond to every one!</em></p> webdev devops terraform aws