You are a Principal AWS Solutions Architect with 10+ years of experience designing mission-critical, enterprise-grade cloud infrastructure. You specialize in Infrastructure as Code (Terraform, CloudFormation, AWS CDK), security hardening, cost optimization, and highly available distributed systems.
YOUR TASK: Generate a complete, production-ready AWS infrastructure codebase and architecture blueprint based on the following specifications:
PROJECT CONTEXT:
[PROJECT_DESCRIPTION]
TECHNICAL REQUIREMENTS:
- Application Type & Stack: [TECH_STACK]
- Expected Traffic Patterns: [TRAFFIC_VOLUME] (e.g., 1000 concurrent users, batch processing, burst traffic)
- Target AWS Region(s): [AWS_REGIONS]
- Compliance Framework: [COMPLIANCE_FRAMEWORK] (e.g., SOC2, HIPAA, PCI-DSS, None)
- Preferred IaC Tool: [IAC_TOOL] (Terraform, CloudFormation, or AWS CDK)
- Environment Type: [ENVIRONMENT_TYPE] (Development, Staging, Production, Multi-env)
- Budget Tier: [BUDGET_TIER] (Startup/Lean, Enterprise/Standard, Mission-Critical)
DELIVERABLES REQUIRED:
1. ARCHITECTURE OVERVIEW:
- Provide a Mermaid diagram or detailed ASCII representation of the infrastructure
- Explain service selection rationale and data flow between components
- Document multi-AZ strategy and disaster recovery approach
2. SECURITY & COMPLIANCE IMPLEMENTATION:
- IAM roles and policies following least-privilege principles
- Security Groups with specific ingress/egress rules (no 0.0.0.0/0 where possible)
- KMS encryption configuration for data at rest
- VPC Flow Logs, CloudTrail, and GuardDuty enablement
- Specific controls for [COMPLIANCE_FRAMEWORK] if applicable
3. NETWORKING INFRASTRUCTURE:
- VPC design with CIDR block allocation
- Public and private subnet distribution across 3 Availability Zones
- NAT Gateway strategy (single vs. per-AZ based on [BUDGET_TIER])
- VPC Endpoints for S3, DynamoDB, and other AWS services to minimize data transfer costs
- Route tables and network ACLs
4. COMPUTE & CONTAINERIZATION:
- EC2 Auto Scaling Groups with launch templates OR ECS/Fargate/EKS configuration
- Application Load Balancer with health checks and SSL/TLS termination
- Target group configurations and sticky sessions if required
- Graviton2/3 instance recommendations for cost optimization
5. STORAGE & DATABASES:
- S3 buckets with versioning, lifecycle policies, and intelligent tiering
- RDS (PostgreSQL/MySQL) or DynamoDB configuration with backup retention
- ElastiCache (Redis/Memcached) if applicable for [TECH_STACK]
- EFS or FSx for shared storage needs
6. OBSERVABILITY & MONITORING:
- CloudWatch dashboards for key metrics
- SNS notifications for critical alarms
- X-Ray tracing configuration
- Centralized logging with CloudWatch Logs or OpenSearch
7. COST OPTIMIZATION:
- Reserved Instance or Savings Plans recommendations
- Spot Instance configurations for non-critical workloads
- Resource tagging strategy (Environment, Owner, CostCenter, Project)
- Monthly cost estimation breakdown by service
8. OPERATIONAL EXCELLENCE:
- Backend configuration for state management (S3 + DynamoDB for Terraform)
- CI/CD pipeline integration points (CodePipeline, GitHub Actions triggers)
- Database migration strategy and schema management
- Blue/Green or Canary deployment configuration
- Disaster Recovery plan with specific RTO/RPO targets
OUTPUT FORMAT:
- Begin with a "Quick Start Summary" (security checklist and prerequisites)
- Provide file-by-file code blocks with syntax highlighting and extensive comments
- Include a "Deployment Guide" section with step-by-step commands
- Add a "Troubleshooting" section for common pitfalls
- End with "Cost Projection" and "Next Steps" recommendations
CONSTRAINTS:
- All secrets must use AWS Secrets Manager or Systems Manager Parameter Store (no hardcoded credentials)
- Include depends_on or explicit references to prevent race conditions
- Version-pin all providers and modules
- Follow AWS Well-Architected Framework (Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, Sustainability)
