The latest articles on DEV Community by manoop madhu (@manoop_madhu). https://dev.to/manoop_madhu https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3681976%2F6e7520f1-a657-4239-b76b-b8d0eb05c841.jpg https://dev.to/manoop_madhu en manoop madhu Mon, 05 Jan 2026 06:34:04 +0000 https://dev.to/manoop_madhu/building-a-production-ready-aws-alb-auto-scaling-architecture-using-terraform-3nji https://dev.to/manoop_madhu/building-a-production-ready-aws-alb-auto-scaling-architecture-using-terraform-3nji <p>As part of my hands-on learning in AWS an<br> Terraform, I built a production-style web architecture that follows real-world cloud and DevOps best practices.</p> <p>Instead of exposing EC2 instances directly to the internet, this project uses an Application Load Balancer (ALB) in public subnets and Auto Scaling Group (ASG)–managed EC2 instances running in private subnets, with outbound internet access provided via a NAT Gateway.</p> <p>The entire infrastructure is provisioned using Terraform (Infrastructure as Code).</p> <p>🔗 GitHub Repository:<br> <a href="https://github.com/manoop98/terraform-aws-alb-asg-nginx" rel="noopener noreferrer">https://github.com/manoop98/terraform-aws-alb-asg-nginx</a></p> <p>Architecture Overview<br> High-level flow<br> Internet<br> |<br> Application Load Balancer (Public)<br> |<br> Target Group (Port 8000)<br> |<br> Auto Scaling Group<br> |<br> EC2 Instances (Private Subnets)<br> |<br> Docker + Nginx<br> |<br> NAT Gateway (Outbound Internet)</p> <p>Key design principles</p> <p>✅ Only the ALB is public</p> <p>✅ EC2 instances live in private subnets</p> <p>✅ Auto Scaling Group ensures availability</p> <p>✅ NAT Gateway enables outbound access securely</p> <p>✅ Fully automated using Terraform</p> <p>This architecture closely mirrors what is commonly used in production AWS environments.</p> <p>Tech Stack</p> <p>AWS</p> <p>VPC</p> <p>EC2</p> <p>Application Load Balancer</p> <p>Auto Scaling Group</p> <p>Internet Gateway</p> <p>NAT Gateway</p> <p>Terraform – Infrastructure as Code</p> <p>Docker – Application runtime</p> <p>Nginx – Demo web server</p> <p>Project Structure<br> terraform-aws-alb-asg-nginx/<br> ├── alb.tf<br> ├── asg.tf<br> ├── network.tf<br> ├── provider.tf<br> ├── security_groups.tf<br> ├── vpc.tf<br> ├── userdata.sh<br> ├── outputs.tf<br> ├── .gitignore<br> └── README.md</p> <p>How It Works<br> 1️⃣ Networking Layer</p> <p>A custom VPC is created with:</p> <p>Two public subnets</p> <p>Two private subnets</p> <p>An Internet Gateway is attached to the VPC</p> <p>Public subnets route traffic to the Internet Gateway</p> <p>Private subnets route outbound traffic through a NAT Gateway</p> <p>2️⃣ Application Load Balancer</p> <p>The ALB is deployed in public subnets</p> <p>Listens on HTTP (port 80)</p> <p>Forwards traffic to a Target Group on port 8000</p> <p>3️⃣ Auto Scaling Group</p> <p>EC2 instances are launched using a Launch Template</p> <p>Instances are placed only in private subnets</p> <p>ASG automatically registers instances with the target group</p> <p>Health checks are handled by the ALB</p> <p>4️⃣ EC2 User Data &amp; Application</p> <p>Each EC2 instance runs a simple Dockerized Nginx server using user data:</p> <h1> !/bin/bash </h1> <p>yum update -y<br> yum install docker -y<br> systemctl start docker<br> systemctl enable docker</p> <p>docker run -d -p 8000:80 nginx</p> <p>This ensures:</p> <p>Instances are ready immediately after launch</p> <p>Target group health checks pass</p> <p>ALB traffic works without manual intervention</p> <p>Key Challenges &amp; Learnings</p> <p>This project was not just about writing Terraform — it involved real troubleshooting, which was the most valuable part.</p> <p>Some key learnings:</p> <p>AMI IDs are region-specific<br> → Solved by using a dynamic AMI data source</p> <p>ALB requires an Internet Gateway<br> → Public subnets must have a route to IGW</p> <p>Private EC2 instances need NAT Gateway<br> → Without NAT, Docker pulls and updates fail</p> <p>Not all Docker images serve content by default<br> → Switched to Nginx for predictable behavior</p> <p>Target group health checks are critical<br> → Correct ports and paths are essential</p> <p>These are the same challenges faced in real-world production environments.</p> <p>Final Result</p> <p>After terraform apply, the output provides an ALB DNS name.<br> Opening it in a browser displays the Nginx welcome page, served from EC2 instances running in private subnets.</p> <p>✔ Secure<br> ✔ Scalable<br> ✔ Highly available<br> ✔ Fully automated</p> <p>Why This Project Matters</p> <p>This project helped me gain hands-on experience with:</p> <p>AWS networking fundamentals</p> <p>Secure cloud architecture design</p> <p>Auto Scaling and Load Balancing</p> <p>Terraform best practices</p> <p>Debugging real infrastructure issues</p> <p>It reflects how modern DevOps teams build and manage cloud infrastructure.</p> <p>Source Code</p> <p>🔗 GitHub Repository:<br> <a href="https://github.com/manoop98/terraform-aws-alb-asg-nginx" rel="noopener noreferrer">https://github.com/manoop98/terraform-aws-alb-asg-nginx</a></p> <p>Conclusion</p> <p>Building this project significantly improved my understanding of AWS infrastructure and Terraform.<br> It reinforced the importance of security-first design, automation, and incremental validation.</p> <p>If you’re learning AWS or Terraform, I highly recommend building something similar — the lessons learned are invaluable.</p> <p>Thanks for reading! 🚀</p> <h1> terraform </h1> <h1> aws </h1> <h1> devops </h1> <h1> cloud </h1> <h1> infrastructureascode </h1> architecture aws devops terraform