Back to Portfolio

Deploying a Secure 3-Tier VPC for a Scalable AWS Infrastructure

Deployed SecureVPCStack, a secure, scalable 3-Tier VPC for FinTechSecure Corp using Terraform, featuring a bastion host, private EC2 instances with Apache, and automated provisioning, achieving secure access, modularity, and operational efficiency for their financial platform.

July 3, 2025
Scroll to explore

Secure 3-Tier VPC for a Scalable AWS Infrastructure

The AMJ Cloud Technologies DevOps team designed and deployed SecureVPCStack, a Terraform-based project to deliver a secure, scalable, and modular 3-Tier AWS VPC infrastructure for FinTechSecure Corp. This solution provisions public, private, and database subnets, a bastion host, private EC2 instances running Apache, and automated provisioning with Terraform provisioners, ensuring secure access and operational efficiency for their financial platform.

Situation

FinTechSecure Corp, a financial technology company, required a secure and scalable AWS infrastructure to support their financial services platform, which demanded strict compliance and data isolation. Manual VPC setups were error-prone, inconsistent, and risked security misconfigurations. I was tasked with creating SecureVPCStack, an automated, repeatable 3-Tier VPC (Web, App, Database) to provide secure access, modularity, and scalability with minimal manual intervention.

Task

My objective was to create a Terraform-based infrastructure in AWS us-east-1 with:

  • A 3-Tier VPC with public, private, and database subnets, including a NAT Gateway.
  • A bastion host in a public subnet for secure SSH access and private EC2 instances running Apache web servers.
  • An Elastic IP for the bastion host for consistent access.
  • Security groups for SSH (bastion) and SSH/HTTP (private instances).
  • Terraform provisioners for automation (key management, Apache installation, logging).
  • Modular files, explicit dependencies, and consistent tagging (Owner=FinTechSecure, Environment=prod, Project=SecureVPCStack) for maintainability.
  • Completion within three months.

Action

Team implemented the following using Terraform, personally coding and testing the configurations to ensure a secure and reliable solution:

Define VPC Variables

  • Example from c4-01-vpc-variables.tf: 
    variable "vpc_cidr_block" {
  description = "CIDR block for the VPC"
  type        = string
  default     = "10.0.0.0/16"
}
variable "public_subnet_cidr_blocks" {
  description = "CIDR blocks for public subnets"
  type        = list(string)
  default     = ["10.0.101.0/24", "10.0.102.0/24"]
}
variable "private_subnet_cidr_blocks" {
  description = "CIDR blocks for private subnets"
  type        = list(string)
  default     = ["10.0.1.0/24", "10.0.2.0/24"]
}
variable "database_subnet_cidr_blocks" {
  description = "CIDR blocks for database subnets"
  type        = list(string)
  default     = ["10.0.151.0/24", "10.0.152.0/24"]
}

Configure 3-Tier VPC

  • Example from c4-02-vpc-module.tf: 
    module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "6.0.1"
  name = "secure-vpc"
  cidr = var.vpc_cidr_block
  azs  = ["us-east-1a", "us-east-1b"]
  public_subnets   = var.public_subnet_cidr_blocks
  private_subnets  = var.private_subnet_cidr_blocks
  database_subnets = var.database_subnet_cidr_blocks
  enable_nat_gateway = true
  single_nat_gateway = true
  tags = {
    Owner       = "FinTechSecure"
    Environment = "prod"
    Project     = "SecureVPCStack"
  }
}

Deploy Private EC2 Instances

  • Example from c7-04-ec2instance-private.tf:

    module "ec2_private" {
  source  = "terraform-aws-modules/ec2-instance/aws"
  version = "6.0.2"
  name                   = "secure-private"
  instance_count         = 2
  ami                    = data.aws_ami.amazon_linux.id
  instance_type          = var.instance_type
  subnet_id              = element(module.vpc.private_subnets, 0)
  vpc_security_group_ids = [aws_security_group.private_sg.id]
  user_data              = file("app-install.sh")
  tags = {
    Owner       = "FinTechSecure"
    Environment = "prod"
    Project     = "SecureVPCStack"
  }
}

  • Example from app-install.sh:

    #!/bin/bash
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo "<h1>Hello from $(hostname -f)</h1>" > /var/www/html/index.html

Result

As part of AMJ Cloud Technologies’ DevOps team, we successfully delivered the SecureVPCStack infrastructure for FinTechSecure Corp:

  • Deployment Automation: I automated provisioning using Terraform, reducing setup time from days to hours.
  • Security Improvement: I configured secure access via a bastion host with an Elastic IP and restricted security groups, ensuring compliance for financial workloads.
  • Scalability: I designed a modular 3-Tier architecture, enabling future additions like RDS or load balancers.
  • Operational Efficiency: I implemented provisioners for automated key management and logging, minimizing manual tasks.

Technologies Used

  • AWS VPC
  • AWS EC2
  • AWS Security Groups
  • AWS Elastic IP
  • Terraform
  • Amazon Linux 2

Key Takeaways

The SecureVPCStack project highlights our expertise as a DevOps engineer at AMJ Cloud Technologies in designing and implementing a secure, scalable AWS infrastructure using Terraform. By coding modular configurations, configuring secure access, and automating provisioning, I delivered a reliable foundation for FinTechSecure Corp’s financial platform.

Architectural Diagram

The diagram illustrates the 3-Tier VPC with public, private, and database subnets, bastion host, private EC2 instances, NAT Gateway, Elastic IP, and security group connections.

Deploying a Secure 3-Tier VPC for a Scalable AWS Infrastructure secondary image

Project Details

Industry
Cloud Infrastructure

Technologies Used

AWS VPCAWS EC2AWS Security GroupsAWS Elastic IPTerraformAmazon Linux 2

Related Portfolio Projects

AWS Load Balancer Controller - NLB External DNS

AWS Load Balancer Controller - NLB External DNS

AMJ Cloud implemented AWS Network Load Balancer (NLB) with External DNS using AWS Load Balancer Controller on EKS for an e-commerce client, enabling secure and automated DNS management for a web application at app.clienteks.com.

Read More →
AWS ALB with Context Path-Based Routing Using Terraform

AWS ALB with Context Path-Based Routing Using Terraform

The AMJ Cloud Technologies DevOps team deployed a scalable AWS Application Load Balancer with context path-based routing in a custom VPC for TechPulse Solutions, routing /* to a fixed response, /shop* to ShopService EC2 instances, and /api* to ApiService EC2 instances, achieving automated, secure, and modular infrastructure.

Read More →
AWS ALB and Auto Scaling Group with Launch Templates for Scalable Web Application

AWS ALB and Auto Scaling Group with Launch Templates for Scalable Web Application

The AMJ Cloud Technologies DevOps team deployed a scalable AWS infrastructure for TechPulse Solutions using Terraform, featuring an ALB with path-based routing for PulseWeb, an Auto Scaling Group with launch templates, SNS notifications, and dynamic scaling policies for high availability.

Read More →

Ready to Transform Your Business?

Contact AMJ Cloud Technologies to optimize your software delivery and drive growth.