Most portfolios show a single instance. Real production requires layers. I built this project to demonstrate a resilient, secure, and automated AWS ecosystem.
Core Tech Stack
IaC: Terraform (Strictly Modular)
Compute: Multi-AZ EC2 Auto Scaling
Security: WAFv2 + GuardDuty + Security Hub
CI/CD: GitHub Actions (OIDC) + Blue/Green CodeDeploy
SRE: CloudWatch + Lambda SLO Gates
Key Features
Zero Static Keys: Using OIDC Federation via GitHub Actions. No IAM keys stored in secrets.
Automated Rollbacks: Blue/Green deployments via CodeDeploy. If health checks fail, it triggers an instant rollback.
SLO-Driven Pipelines: A Lambda checker monitors the Error Budget. If it's breached, deployments are automatically blocked.
Compliance as Code: Continuous monitoring via AWS Config to catch non-compliant resources in real-time.
Repository Structure
Bash
├── modules/
│ ├── networking/ # VPC, NAT GW, Flow Logs
│ ├── security/ # OIDC, WAF, GuardDuty
│ ├── compute/ # ASG, Launch Templates
│ └── cicd/ # CodePipeline, CodeDeploy
└── docs/adr/ # Architecture Decision Records (ADRs)
How are you handling deployment gates in your current stack? Let's talk in the comments!
Top comments (1)
Thanks for reading! I built this because I see too many 'flat' Terraform projects that wouldn't survive a security audit or a high-traffic event.
I'm curious: what’s your 'must-have' AWS service for a production-ready baseline? Let’s talk below!