This guide walks you through every step required to go from zero to a fully running, highly available MEAN stack on AWS. By the end you will have two Node.js application servers behind an Application Load Balancer and a private MongoDB instance — all provisioned automatically by Terraform.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/mcamacho97/terraform-mean-stack-aws/llms.txt
Use this file to discover all available pages before exploring further.
Prerequisites Check
Before you begin, confirm you have the following tools installed and configured.Terraform >= 1.12The output must show A successful response returns your
Terraform v1.12.0 or higher. Download the latest version from developer.hashicorp.com/terraform/downloads if needed.AWS CLI — configured with credentialsUserId, Account, and Arn. If it fails, run aws configure and supply your AWS Access Key ID, AWS Secret Access Key, and default region.S3 Bucket for Terraform BackendYou need an existing S3 bucket to store Terraform remote state. Create one if you don’t already have one:S3 bucket names are globally unique. Replace
my-terraform-state-bucket with a name that is unique to your AWS account.Create backend.hcl
The
backend.tf file contains an empty s3 backend block that is populated at terraform init time via a separate configuration file. Create backend.hcl in the project root with your S3 bucket details:backend.hcl contains environment-specific values and should not be committed to source control. Add it to your .gitignore.Create terraform.tfvars
Copy the provided example file and customise it with your own values:The full set of required variables is shown below. Open
terraform.tfvars in your editor and update the values as needed:The Replace
allowed_ssh_ip variable restricts SSH access to a single IP. Get your current public IP by running:YOUR_PUBLIC_IP/32 with the returned address, for example 203.0.113.42/32.Initialize Terraform
Initialize the working directory, download required providers, and configure the S3 backend in one command:A successful run ends with:
Validate the Configuration
Check that all Terraform files are syntactically correct and internally consistent:Expected output:
Review the Plan
Preview every resource Terraform will create before touching your AWS account:Review the output carefully. You should see resources being created across the
network, security, keypair, iam, ec2-instance (×3), and alb modules — approximately 25–30 resources in total.Apply the Configuration
Deploy all infrastructure to AWS:Terraform will display the execution plan one final time and prompt for confirmation. Type
yes to proceed.A full deployment typically takes 3–5 minutes. The majority of this time is EC2 instance launch and user-data script execution (Node.js, Nginx, and MongoDB installation).
Access Your Application
Once Copy the returned DNS name and open it in your browser:The ALB routes requests to one of the two Node.js + Nginx application nodes. If you see your Express application’s response, the deployment was successful.
terraform apply completes, retrieve the ALB DNS name from the Terraform outputs:It may take an additional 1–2 minutes after
terraform apply finishes for the user-data scripts to complete and the ALB health checks to report the targets as healthy.What Was Deployed
After a successfulterraform apply, the following outputs are available:
| Output | Description |
|---|---|
vpc_id | ID of the provisioned VPC |
node_1_public_ip | Public IP address of the first Node.js application server (AZ 1) |
node_1_private_ip | Private IP address of the first Node.js application server (AZ 1) |
node_2_public_ip | Public IP address of the second Node.js application server (AZ 2) |
node_2_private_ip | Private IP address of the second Node.js application server (AZ 2) |
mongodb_private_ip | Private IP of the MongoDB instance (accessible from app nodes only) |
alb_dns_name | DNS name of the Application Load Balancer — use this as your app URL |
nat_gateway_public_ip | Elastic IP assigned to the NAT Gateway (outbound traffic from private subnet) |
private_key_path | Local path to the auto-generated SSH private key file |
SSH Access
The SSH private key is automatically generated by Terraform and saved locally at
keys/<project_name>.pem (for example, keys/terraform-mean.pem). Set the correct permissions before using it:Tear Down
When you are done, destroy all provisioned resources to avoid ongoing AWS charges:yes at the confirmation prompt. Terraform will remove every resource it created in reverse dependency order.