Introduction Building a "VPC-EC2-RDS" stack is a common task, but making it production-ready requires more than just resource creation. In this post, I will share a modular Terraform setup that implements: Modular Design : Reusable code for VPC, EC2, and RDS. Bastion-less Access : Using AWS Systems Manager (SSM) instead of SSH. Secret Management : Managing RDS passwords via AWS Secrets Manager. Project Structure We follow the standard environment/module separation to ensure scalability. terraform/ ├── envs/ │ └── dev/ # Environment-specific configuration │ ├── main.tf # Root module calling local modules │ └── terraform.tfvars └── modules/ ├── vpc/ # Networking & Security Groups ├── ec2/ # IAM Roles & SSM-ready Instances └── rds/ # Private Database Instances Enter fullscreen mode Exit fullscreen mode Key Features Networking (modules/vpc) We define a VPC with both public and private subnets.…