Dataforest Terraform Infrastructure

Overview

This repository provisions a small AWS environment for a public EC2 host fronted by CloudFront and a private MariaDB RDS in dedicated subnets. It uses official terraform-aws-modules and stores Terraform state in an S3 backend.

• Cloud: AWS (default eu-central-1)
• State backend: S3 bucket terraformprodnicely, key state/terraform.tfstate
• Terraform: >= 1.5.0
• Providers: aws, local

High-level Architecture

• VPC with public, private, and database subnets, NAT gateway, DNS support/hostnames.
• Security groups:
  • allowssh: SSH 22/tcp from 0.0.0.0/0 to EC2.
  • allowhttp: HTTP 80/tcp from 0.0.0.0/0 to EC2.
  • allow_mysql_internal: MySQL 3306/tcp from 10.0.0.0/16 to RDS.
• EC2 instance in a public subnet with generated SSH key; user_data installs Docker prerequisites.
• CloudFront in front of EC2 (origin over HTTP:80), default CloudFront certificate.
• RDS MariaDB in database subnets with a custom parameter group (slow query logging).
• Remote provisioning (optional): copies local docker/ directory to EC2 and runs docker compose up -d.

Repository Layout

• provider.tf — required providers/versions, S3 backend, AWS provider.
• variables.tf — core variables (region, project, VPC/subnets, instance type, etc.).
• local-value.tf — locals for project, environment, and common_tags.
• vpc.tf — VPC module (public/private/database subnets, NAT).
• allowssh.tf, allowhttp.tf, rds-sec.tf — security groups.
• ec2.tf — EC2 module, Ubuntu AMI data source, user_data.
• sshkeys.tf — TLS key, AWS key pair, local private key file at ssh/${var.project}-ec2.
• rds.tf, rds-variables.tf — RDS module and DB parameter group.
• cloudfront.tf — CloudFront distribution referencing EC2.
• composecopy.tf — file/remote-exec to install Docker and run compose.
• outputs.tf, ec2-output.tf, rds-output.tf, cloudfront-output.tf — stack outputs.
• terraform.tfvars — default values for region, profile, and CIDRs/subnets.
• install.sh — EC2 bootstrap steps.

Inputs (Variables)

• region string, default eu-central-1
• aws_profile string, default default (note: provider uses literal default)
• environment string, default dev
• project string, default dataforest-task
• instance_type string, default t2.micro
• vpc_cidr string, default 10.0.0.0/16
• azs list(string), default ["eu-central-1a","eu-central-1b"]
• public_subnets list(string)
• private_subnets list(string)
• database_subnets list(string)
• engine_mariadb_version string, default 10.11
• family_mariadb string, default mariadb10.11
• instance_mariadb_type string, default db.t3.medium
• instance_mariadb_storage number, default 200
• mariadb_port number, default 3306

Outputs

• vpc_id, public_subnets, private_subnets, database_subnets

• ec2_public_instance_ids, ec2_public_ip

• rds_endpoint

• cloudfront_domain

• Important outputs

  • EC2 public IP: ec2_public_ip
  • CloudFront domain: cloudfront_domain
  • RDS endpoint: rds_endpoint