Usage Patterns Library
A collection of opinionated, production-ready patterns for building an end-to-end tech stack on top of the Infrastructure as Code Library.
A new standard for architecture on AWS
The Usage Patterns Library is a collection of opinionated, production-ready patterns for building an end-to-end tech stack on top of the Infrastructure as Code Library. It includes patterns for just about everything you need—server cluster, load balancer, database, cache, network topology, monitoring, alerting, CI/CD, secrets management, VPN, and more—all already wired together, 100% backed by code, and tested in production with more than 50 customers.
You can either copy the patterns, customize them, and deploy everything yourself, or you can have Gruntwork do the initial setup and deployment for you, setting up a standardized Reference Architecture for you in just 1 day! Here's an example of the type of Architecture you can deploy from the Usage Patterns Library:
Usage Patterns Library Features
Infrastructure as Code
Written in Terraform, Go, Python, and Bash. You get 100% of the code.
The patterns have been proven with dozens of Gruntwork customers.
Copy & paste the pattern you need to start using it right away.
Designed for high availability, scalability, and durability
Network security, encryption, audit trail, server hardening, & more
Includes live walkthrough and documentation
The Usage Patterns Library includes production-ready examples of the following:
|AWS Account(s)||Choose from a single AWS account configuration, or a multi-account setup where each AWS account represents a distinct environment.|
|Network Topology||For each environment, create a VPC with multiple subnet tiers, route tables, NAT Gateways, Network ACLs, etc.|
|Server cluster||Choose from a Docker Cluster (backed by Amazon EC2 Container Service) or Auto Scaling Groups.|
|Load balancer||Choose from the Application Load Balancer (HTTP/HTTPS) or the Load Balancer Classic (TCP).|
|Database||Choose from MySQL, PostgreSQL, MariaDB, Oracle, SQL Server, or Aurora.|
|Cache||Choose from Redis or Memcached.|
|Static content||Deploy your images, CSS, and JS into an S3 bucket and and CloudFront as a CDN in front of it.|
|Bastion host||Choose from either a plain bastion host or an OpenVPN server as the sole entrypoint to your AWS network.|
|CI server||Choose from Jenkins, CircleCI, or TravisCI.|
|Sample frontend app||A sample frontend application that shows how to package the code using Docker or Packer, how to manage configuration across multiple environments, how to store application secrets, how to do service discovery to talk to a backend app, and how to run the entire stack in the dev environment.|
|Sample backend app||A sample backend application that shows how to package the code using Docker or Packer, how to manage configuration across multiple environments, how to store application secrets, how to talk to the database and cache, and how to apply schema migrations.|
|SQS, Kinesis||Optionally include queues in SQS and streams in Kinesis.|
|Lambda||Optionally deploy Lambda functions using Terraform and run and test your Lambda functions locally using Docker.|
|Environments||Choose the isolated environments you want to create: e.g., dev, qa, stage, prod.|
|Account setup||Choose to deploy all environments into a single AWS account (more convenient) or to deploy each environment into a separate AWS account (more secure).|
|Encryption||Choose if you want to enable end-to-end encryption for all data at rest and in transit. Mandatory for compliance use-cases (e.g., HIPAA, PCI, SOX, etc).|
|Automated build & deployment (CI / CD)||Run a build after every commit to test your code, package it using Docker or Packer, and, for commits to certain branches or tags, automatically deploy that Docker or Packer image to specific environments.|
|Monitoring||Configure CloudWatch with extra metrics not visible to the AWS hypervisor, including memory and disk space usage.|
|Alerting||Configure alerts on key CloudWatch metrics: e.g., high CPU usage on EC2 instances, too many 4xx or 5xx errors on load balancers, low disk space on RDS instances. Configure Route 53 health checks on public endpoints.|
|Log aggregation||Configure all servers to send logs to the CloudWatch Logs UI.|
|DNS||Configure your domain name(s) using Route 53.|
|SSL/TLS||Create SSL/TLS certificates for your domain names using AWS Certificate Manager.|
|Server hardening||Configure every server to run fail2ban and to automatically install critical security patches on a nightly basis.|
|SSH management||Install ssh-iam on every server, which allows admins to grant or revoke SSH access using IAM groups and for each developer to be able to use their own username and SSH key to connect to servers.|
|Secrets management||Use KMS to securely encrypt and decrypt application secrets, such as database passwords.|
|Account security||Enable CloudTrail to audit all API calls in your AWS account(s). Create best practices IAM groups and policies for user and permissions management.|
|High Availability||All aspects of the architecture are designed for high availability: e.g., all servers are deployed across multiple Availability Zones; load balancers perform health checks and automatically replace failed servers; the load balancers themselves run multiple servers and do automatic failover; the database and cache can also do automatic failover to standby servers in another Availability Zone; data is automatically backed up on a nightly basis.|
|Scalability||All aspects of the architecture support easy vertical and horizontal scalability: e.g., you can use auto scaling policies to resize the server cluster in response to load; the load balancers will automatically scale up and down in response to load; you can configure read replicas for your database and cache.|
|Infrastructure as code||You get 100% of the source code for everything in the Usage Patterns Library. It is written using a variety of tools, including Terraform, Packer, Docker, Go, Python, and Bash.|
|Documentation||Comprehensive written and video documentation of everything included in the Usage Patterns Library.|
How do I get access to the Usage Patterns Library?
To get access to all the code in the Infrastructure as Code Library, you must be a Gruntwork Subscriber. Check out the pricing page for details.
Could Gruntwork deploy these usage patterns for me?
If you don't want to assemble your infrastructure yourself, Gruntwork can do the Initial Setup and Deployment for you!