Have you ever wondered how to build truly secure and scalable cloud infrastructure on AWS? That's exactly what the new TerraTier project shows us. This means you no longer have to worry about common vulnerabilities in traditional 3-tier designs, and you can now benefit from a model that considers security and cost-efficiency from day one. The developer behind TerraTier didn't want just another 'deploy a VM and call it infrastructure' tutorial. Instead, they aimed to tackle real-world challenges faced by platform teams. Think about questions like: How many subnet tiers do you truly need? Where do you securely store secrets? How do you allow engineers to SSH in without handing out permanent keys? And what's the cheapest way to stay highly available without breaking the bank on NAT Gateway bills? The result is TerraTier, a simple goal-tracking app built with Go and Node.js, but the real star is the infrastructure underneath it. Instead of the common approach that combines web and application layers into a single 'private' tier—potentially exposing your data if the web tier is compromised—TerraTier offers a fully isolated, four-tier network architecture. These four tiers include: a Public tier for internet access and services like NAT Gateways, a private Frontend tier, another private Backend tier that only talks to the Frontend, and finally, a private Database tier (PostgreSQL) that only talks to the Backend. Each tier is duplicated across two Availability Zones for resilience. This design enforces a strict rule: nothing can reach the database except the backend tier, and nothing can reach the backend tier except the frontend tier and the internal load balancer. All of this is provisioned entirely through Terraform, making it an excellent blueprint for anyone looking to build robust, production-ready AWS infrastructure. If you're interested in seeing the code, everything is available on GitHub for the Terratier project.