GSoft Consulting
Services
FinTechHealthTechE-commerceReal EstateHospitalityCreative Economy
WorkInsights
AboutLife at GSoftCareers
← All Insights
Cloud & DevOps

Zero to Production Infrastructure with Terraform and GitHub Actions

H

Hamza

DevOps Engineer

14 November 2024

10 min read
Zero to Production Infrastructure with Terraform and GitHub Actions
Cloud & DevOps

Infrastructure as Code is not a DevOps luxury — it's a product quality concern. Every manual infrastructure change is a change that isn't reviewed, isn't version-controlled, and isn't reproducible. After years of inheriting broken AWS environments, we standardised every new project on a Terraform template that provisions a full production stack in under an hour.

The Module Structure We Use

  • networking/: VPC, subnets (public/private), NAT Gateways, VPC endpoints, security groups. Parameterised by environment and CIDR blocks. Never changes after initial provisioning.
  • compute/: ECS cluster, service definitions, task definitions, auto-scaling policies. Parameterised by image URI, CPU/memory, and desired count.
  • data/: RDS instance, parameter groups, subnet groups, automated backups, optional read replica. Parameterised by instance class and storage.
  • observability/: CloudWatch log groups, metric alarms, SNS topics for alerts, optional X-Ray tracing. Minimal extra cost, maximum operational visibility.
  • cdn/: CloudFront distribution, S3 origin bucket, cache behaviours, ACM certificate. Deployed separately because certificate validation adds latency.

The GitHub Actions Pipeline

TYPESCRIPTcode
# .github/workflows/deploy.yml (simplified)
name: Deploy
on:
  push:
    branches: [main]

jobs:
  terraform-plan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: hashicorp/setup-terraform@v3
      - name: Terraform Plan
        run: |
          terraform init
          terraform plan -out=tfplan
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

  deploy:
    needs: terraform-plan
    environment: production   # Requires manual approval
    steps:
      - name: Terraform Apply
        run: terraform apply tfplan
      - name: Deploy ECS Service
        run: |
          aws ecs update-service \
            --cluster ${{ vars.ECS_CLUSTER }} \
            --service ${{ vars.ECS_SERVICE }} \
            --force-new-deployment

💡 Use workspaces for environment isolation

Terraform workspaces let you manage staging and production from the same codebase with different state files. We use workspace names that match environment variable names: terraform workspace select production.

45 min

Zero to full production stack

100%

Infrastructure version-controlled

0

Manual infra changes in production

15 min

Average disaster recovery time

Tags

TerraformGitHub ActionsAWSIaCCI/CDDevOps

You might also like

AWS Architecture Patterns for High-Growth SaaS Products
Cloud & DevOps

AWS Architecture Patterns for High-Growth SaaS Products

24 Jan 20269m read
Containers in Production: When to Use Kubernetes vs ECS Fargate
Cloud & DevOps

Containers in Production: When to Use Kubernetes vs ECS Fargate

30 Jul 20258m read

Work with us

Ready to build your product?

We help product teams across the UK, Netherlands, Australia, and North America ship faster without compromising quality. Let's talk about your project.

Talk to our team →