BMI Application AWS Infrastructure
A Terraform-provisioned AWS infrastructure for a Go-based BMI web application featuring custom VPC design, secure EC2 deployment, Nginx reverse proxying, and systemd-managed service lifecycle.
A practical Infrastructure as Code project provisioning a complete AWS environment for a BMI web application using Terraform. The project demonstrates how networking, compute, security, and service management can be defined declaratively to deliver a reproducible, version-controlled cloud deployment.
What it does
The infrastructure is organised into three logical layers: networking, compute, and application runtime.
The networking layer provisions a custom VPC with a public subnet, an Internet Gateway, and an associated route table that directs all outbound traffic through it. Security groups are defined with least-privilege rules: inbound SSH is restricted to a specific admin IP address, and only port 80 is exposed to the public internet, keeping the application port entirely off the network boundary.
The compute layer provisions an Ubuntu EC2 instance and uses a user-data bootstrap script to fully configure the server on first boot — no manual provisioning steps required after terraform apply. The script installs dependencies, configures Nginx as a reverse proxy, deploys the application binary, and registers it as a systemd service.
The application runtime layer uses Nginx to terminate public HTTP traffic on port 80 and forward requests internally to the BMI application running on port 8080. systemd manages the application process lifecycle, ensuring the service restarts automatically on failure and starts on reboot without intervention.
Tech Stack
- Infrastructure provisioning: Terraform
- Cloud provider: AWS (EC2, VPC, Subnets, Internet Gateway, Route Tables, Security Groups)
- Operating system: Ubuntu Server
- Reverse proxy: Nginx
- Service management: systemd
- Bootstrap automation: EC2 user-data
Impact
- Reproducible environments: the entire infrastructure is defined in code, eliminating manual configuration drift and enabling teardown and recreation at any time with a single command
- Secure by design: SSH access is IP-scoped at the infrastructure level, port 8080 is never exposed externally, and Nginx acts as the sole ingress point into the application
- Zero-touch provisioning: the user-data script automates the full server setup on first boot, from package installation to service registration, with no post-deploy manual steps
- Auditable infrastructure: all networking rules, compute configuration, and access controls are version-controlled alongside the application, making changes reviewable and traceable
- Separation of concerns: Nginx handles traffic routing independently of the application process, and systemd manages availability independently of both, giving each layer a single clear responsibility
Results
- Fully automated infrastructure provisioning from a single Terraform command
- Network-level access controls enforced before traffic reaches the application
- Self-healing application runtime via systemd process supervision
- Version-controlled, declarative AWS environment with no manual state
- A reusable foundation ready to be extended with HTTPS, load balancing, or auto scaling