Skip to content
DevOps Projects

Terraform AWS EKS Provisioning

Costhigh
Deployability iac ready
Status cloud lab
Validation terraform fmt -check
Terraform EKS Kubernetes aws terraform
Use the guide first.

The full learning guide is on this page. Open the repository files only when a step asks you to inspect code, fork the project, or download raw assets.

Read safety guide Project files on GitHub

Project Guide

Section titled โ€œProject Guideโ€
๐˜ˆ๐˜ถ๐˜ต๐˜ฐ๐˜ฎ๐˜ข๐˜ต๐˜ฆ ๐˜—๐˜ณ๐˜ฐ๐˜ท๐˜ช๐˜ด๐˜ช๐˜ฐ๐˜ฏ๐˜ช๐˜ฏ๐˜จ ๐˜ฐ๐˜ง ๐˜’๐˜ถ๐˜ฃ๐˜ฆ๐˜ณ๐˜ฏ๐˜ฆ๐˜ต๐˜ฆ๐˜ด ๐˜Š๐˜ญ๐˜ถ๐˜ด๐˜ต๐˜ฆ๐˜ณ๐˜ด ๐˜ฐ๐˜ฏ ๐˜ˆ๐˜ž๐˜š ๐˜ธ๐˜ช๐˜ต๐˜ฉ ๐˜›๐˜ฆ๐˜ณ๐˜ณ๐˜ข๐˜ง๐˜ฐ๐˜ณ๐˜ฎ

๐Ÿ›ก๏ธ 2026 DevSecOps Enhancements (What You Will Learn)

Section titled โ€œ๐Ÿ›ก๏ธ 2026 DevSecOps Enhancements (What You Will Learn)โ€

This repository contains raw Terraform code for EKS provisioning. In a 2026 DevSecOps context, raw IaC execution is prohibited without the following guardrails:

  1. IaC Static Analysis: Before terraform apply is ever run, the code must be scanned by tools like tfsec, kics, or checkov within the CI pipeline to ensure the EKS cluster isnโ€™t provisioned with public API endpoints or unencrypted EBS volumes.
  2. OpenTofu Migration: Due to Terraformโ€™s licensing changes, 2026 DevSecOps standards heavily favor OpenTofu as the open-source, drop-in replacement for Terraform to maintain vendor neutrality and community-driven governance.

Architectural Design

Section titled โ€œArchitectural Designโ€

Architectural Design

For a text-based architecture diagram, deploy/destroy workflow, security notes, run validation, tagging guidance, and cost controls, see docs/portfolio-runbook.md.

Deploy Notes

Section titled โ€œDeploy Notesโ€

The public EKS API allow list is controlled by cluster_endpoint_public_access_cidrs. The default is the documentation CIDR 203.0.113.0/24; replace it with your current operator/admin IP before planning:

Terminal window
cp terraform.tfvars.example terraform.tfvars
terraform plan -var-file=terraform.tfvars

The Kubernetes sample no longer stores database passwords directly in deployment.yaml. Create a real secret from the template before applying the workload:

Terminal window
cp db-secret.template.yaml db-secret.yaml
# edit db-secret.yaml locally, then:
kubectl apply -f db-secret.yaml
kubectl apply -f deployment.yaml -f service.yaml

The deployment includes HTTP/TCP probes, resource requests/limits, and basic pod/container security contexts. For production, split MySQL into its own StatefulSet or use a managed database; the sidecar-style MySQL container remains here only to keep the tutorial self-contained.

Thanks for watching

Section titled โ€œThanks for watchingโ€
Harshhaa Vardhan Reddy
                           -- Devops Engineer