File Structure
Overview of terraform-resource directory tree and role of each component
Overview
The project is organized as follows:
terraform-resource/
terraform-resource/
├── GUIDE.md ← User guide (English)
├── HUONG-DAN-DEPLOY.md ← User guide (Vietnamese)
├── milu2-stage-infrastructure-*.md ← Architecture reference docs
│
├── plan/ ← Design documents for each module
│ ├── README.md ← Architecture overview + module order
│ ├── 01-vpc/plan.md ← VPC module details
│ ├── 02-subnets/plan.md ← Subnets module details
│ ├── ... ← Each module has its own plan.md
│ ├── 17-ec2-instances/
│ │ ├── plan.md ← EC2 instances module details
│ │ └── iptables-role-map.md ← Per-role iptables rules
│ ├── shared/ ← Plans for shared modules
│ │ ├── s3/plan.md
│ │ ├── iam/plan.md
│ │ └── cloudfront/plan.md
│ └── test-deploy-singapore.md ← Sample deploy plan
│
└── terraform/
├── deploy.ps1 ← Automated deploy script (main entry)
├── preflight-check.ps1 ← Pre-deploy validation script
├── main.tf ← Calls all stage modules
├── variables.tf ← Stage variables
├── outputs.tf ← Stage outputs
├── providers.tf ← AWS provider + peer alias
├── terraform.tfvars ← Variable values for deployment
│
├── modules/ ← Stage modules (per-region)
│ ├── 01-vpc/
│ ├── 02-subnets/
│ ├── 03-internet-gateway/
│ ├── 04-route-tables-peering/
│ ├── 05-security-groups/
│ ├── 06-alb/
│ ├── 07-nlb/
│ ├── 08-target-groups-listeners/
│ ├── 09-autoscaling/ ← API ASG + Launch Template
│ ├── 11-ecr/
│ ├── 12-acm/
│ ├── 13-route53/
│ ├── 15-iam/ ← Data source only
│ ├── 16-cloudwatch/
│ └── 17-ec2-instances/ ← Fixed EC2 (web/mysql/mongo/redis/node_*)
│
└── shared/ ← Shared resources (global/account-level)
├── main.tf
├── terraform.tfvars
└── modules/
├── s3/ ← 4 S3 buckets
├── iam/ ← IAM role + instance profile
└── cloudfront/ ← 2 CloudFront + ACM us-east-1Key Files
Explanation of important files:
| File | Role |
|---|---|
| deploy.ps1 | Automated deploy script (7 steps): login → confirm → preflight → shared → stage → verify |
| preflight-check.ps1 | Pre-deploy check (10 items): credentials, S3, IAM, CloudFront, ECR, AMI, ACM, VPC Peering, CIDR scan, region |
| main.tf | Main file calling all stage modules |
| variables.tf | Input variable definitions for stage |
| terraform.tfvars | Variable values for current deployment |
| providers.tf | AWS provider + alias for cross-region peering |
| outputs.tf | Outputs after apply (DNS, ARN, ID) |
Module Naming Convention
Info
Modules are numbered (01-vpc, 02-subnets, …) for readability. Terraform resolves dependencies automatically, no need to run in order.
| Layer | Modules | Function |
|---|---|---|
| Network | 01-vpc, 02-subnets, 03-internet-gateway, 04-route-tables-peering | VPC /16, 2 public subnets, IGW, route table, VPC Peering |
| Security | 05-security-groups | 7 SGs by role (app, db, node-game/world/chat/commu) |
| Load Balancer | 06-alb, 07-nlb, 08-target-groups-listeners | ALB internal + public (HTTPS), NLB (MySQL/Mongo/Redis TCP) |
| Compute | 09-autoscaling, 17-ec2-instances | ASG for API (auto-scale), fixed EC2 for Web/DB/Node |
| Registry & Cert | 11-ecr, 12-acm | 7 ECR repos + wildcard cert *.milu.jp |
| DNS & IAM | 13-route53, 15-iam | Private hosted zones → ALB/NLB; IAM role (data source) |
| Observability | 16-cloudwatch | Alarms for ASG + ALB |
plan/ Folder
Contains detailed design documents for each module. Each module has its own plan.md file describing:
- Module purpose and overview
- Resources to be created
- Input variables and default values
- Outputs
- Dependencies on other modules
- Special notes and edge cases
Tip
See plan/README.md for architecture overview and module order.