Project • Infrastructure as Code

Alveriano Platform Infra — Terraform on AWS.

Production IaC provisioning serverless infrastructure. Multi-environment, KMS encryption, IAM least privilege, pre-commit secret scanning.

View API project LinkedIn

Terraform 1.8+AWS LambdaAPI Gateway v2KMSSecrets ManagerCloudWatchS3 Remote State

Multi-environment

Single Terraform code, parameterized via environment variable. dev/staging/prod without duplication.

Secrets hygiene

Pre-commit hooks scan for leaked credentials. KMS encryption, Secrets Manager integration.

IAM least privilege

Lambda role scoped to single secret read + KMS decrypt. No broad permissions.

Infrastructure provisioned

Lambda

Node.js 20, 256MB, 10s timeout

API Gateway

HTTP API v2, per-route throttling

KMS + Secrets

Encryption key + secret container

CloudWatch

Logs, 14-day retention

/stripe/webhook

Burst: 50Rate: 25/sec

Higher limits for payment webhooks

/forms/submit

Burst: 20Rate: 10/sec

Standard form submission

/forms/submit-paid

Burst: 20Rate: 10/sec

Checkout form submission

/health

Burst: 10Rate: 5/sec

Health checks

Repository structure

alveriano-platform-infra/
├── README.md                    # Comprehensive docs
├── versions.tf                  # Terraform + provider versions
├── providers.tf                 # AWS provider (eu-west-2)
├── variables.tf                 # Input vars (environment, secrets)
├── outputs.tf                   # api_base_url, lambda_function_name
├── lambda.tf                    # Lambda, IAM, KMS, Secrets Manager
├── apigateway.tf                # HTTP API, routes, CORS, throttling
├── network.tf                   # VPC, subnets (2 AZs), IGW
├── .terraform.lock.hcl          # Locked provider versions
├── .githooks/pre-commit         # Secret pattern detection
└── secrets.auto.tfvars          # Local secrets (gitignored)