This project delivers a production-grade, modular Infrastructure as Code (IaC) solution for deploying a secure, scalable, and highly available multi-tier application on Google Cloud Platform using Terraform. It demonstrates best practices in cloud architecture, automation, and security—making it ideal for real-world enterprise workloads and a strong showcase for recruiters and technical reviewers.
The infrastructure is designed for reliability, scalability, and security:
- Custom VPC with segmented subnets for frontend, application, and database tiers
- Managed Instance Groups for each tier, using startup scripts for automation
- Global HTTP(S) Load Balancer for high availability and traffic distribution
- Fine-grained Firewall Rules and IAM bindings for robust security
- Cloud NAT for secure internet access from private subnets
Architecture Diagram:
gcp-multitier-app/
├── architecture/ # Architecture diagrams
│ └── architecture.jpg
├── screenshots/ # Step-by-step implementation screenshots
│ ├── 01_github_authentication.png
│ ├── 02_github_repo_cloning_tf_scripts.png
│ └── ...
├── modules/ # Terraform modules (compute, network, loadbalancer, security)
├── scripts/ # Startup scripts for each tier
├── main.tf # Root Terraform configuration
├── variables.tf # Input variables
├── outputs.tf # Output values
├── providers.tf # Provider configuration
├── backend.tf # Remote state backend
├── terraform.tfvars # Variable values for deployment
└── README.md # Project documentation
Each step of the project is documented with screenshots and concise explanations:
- Purpose: Secure authentication for CI/CD and cloud automation.
- Purpose: Version control and reproducibility.
- Purpose: Parameterization for flexible deployments.
- Purpose: Remote state management for team collaboration.
- Purpose: Provider and backend initialization.
- Purpose: API enablement for resource provisioning.
- Purpose: Automated compute provisioning with Managed Instance Groups.
- Purpose: Secure, least-privilege network access.
- Purpose: Network segmentation and security validation.
- Purpose: Visualizing and verifying instance connectivity.
- Purpose: High availability and traffic distribution.
- Purpose: Verifying secure, functional inter-tier connectivity.
- Clone the repository
git clone <repo-url> cd gcp-multitier-app
- Configure variables
- Edit
terraform.tfvarsfor your project and network settings.
- Edit
- Initialize Terraform
terraform init
- Plan the deployment
terraform plan
- Apply the configuration
terraform apply
- Access the Application
- The output will display the load balancer's external IP. Open it in your browser.
- Check VPCs and Subnets
gcloud compute networks list gcloud compute networks subnets list
- Check Compute Instances
gcloud compute instances list
- Check Firewall Rules
gcloud compute firewall-rules list
- Check IAM Permissions
gcloud projects get-iam-policy <YOUR_PROJECT_ID>
To destroy all resources:
terraform destroy- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License. See the LICENSE file for details.
If you encounter any issues or have questions:
- Check the Issues page
- Review the documentation
- Create a new issue with detailed information
Note: All screenshots and architecture diagrams are for documentation and demonstration purposes. For actual infrastructure deployment, use the provided Terraform modules and scripts.