Inspiration

As a DevOps and cloud infrastructure engineer, I’ve often witnessed developer teams struggle with fragmented workflows, inconsistent environments, and too many handoffs between development and operations. I was inspired by the growing momentum around Platform Engineering and tools like Backstage, which aim to empower developers with self-service capabilities.

The idea of building a Golden Path using Backstage on AWS, backed by Terraform and EKS, felt like a compelling real-world solution to unify infrastructure provisioning and service deployment through an Internal Developer Platform (IDP).

What it does

This project enables a fully functional Internal Developer Platform that:

• Provides developers with a self-service portal using Backstage.
• Scaffolds applications and infrastructure using pre-built Terraform templates.
• Deploys workloads directly to Amazon EKS via CI/CD pipelines.
• Catalogs all deployed services with visibility into ownership, status, and environments.
• Integrates with observability, secret management, and domain-based routing on AWS.

How we built it

Tech Stack:

• AWS: EKS, IAM, Secrets Manager, Route53, CloudWatch
• Terraform: Modular IaC for EKS, VPC, IAM, ALB, RDS
• Backstage: Deployed on EKS using Helm, customized with Terraform scaffolder plugins
• CI/CD: GitHub Actions to deploy workloads to EKS using Helm/Kubectl

Key Steps:

1. Terraform Modules:
   • VPC, EKS, IAM roles, Backstage deployment, App templates.
2. EKS Setup:
   • Created a production-grade EKS cluster with node groups, autoscaling, and security groups.
3. Backstage Setup:
   • Hosted Backstage on EKS, integrated GitHub OAuth, Terraform scaffolder, and custom plugins.
4. Developer Experience:
   • Created software templates in Backstage that trigger infrastructure and app deployments via GitHub Actions.
5. Monitoring & Logging:
   • Integrated CloudWatch and Prometheus/Grafana into the EKS cluster for visibility.

Challenges we ran into

• Terraform Plugin Integration: Getting Backstage to run terraform plan/apply securely was tricky. We had to isolate execution with CI pipelines and use Terraform Cloud for remote state management.
• Role & Permission Mapping: Mapping Backstage users to appropriate AWS IAM roles needed careful security design.
• Backstage Customization: Setting up custom templates and dynamic scaffolder actions took deep plugin knowledge and trial/error.
• Kubernetes Learning Curve: Fine-tuning EKS permissions, networking, and scaling behaviors required extensive testing.

Accomplishments that we're proud of

• Created a true self-service experience for developers.
• Enabled infrastructure and app deployment with a single click from Backstage.
• Reduced onboarding and deployment time drastically for new services.
• Built a production-ready platform using modular, reusable Terraform components.

What we learned

• Platform Engineering is a culture shift, not just a technical implementation. You have to think about dev experience end-to-end.
• Backstage is powerful but not plug-and-play—you need to invest time in understanding its plugin ecosystem.
• Terraform is excellent for standardization, but combining it with GitOps workflows ensures better governance and auditing.
• Observability and feedback loops are key to making platforms reliable.

What's next for Platform Engineering with AWS

• Add multi-account AWS support using AWS Organizations and Cross-Account IAM.
• Implement GitOps with ArgoCD for declarative and auditable deployments.
• Extend Backstage with plugins for cost estimation, drift detection, and more.
• Explore OpenFeature and OpenPolicyAgent for runtime governance and feature flagging.
• Publish a boilerplate GitHub repo and starter-kit for open-source community use.

This project proves that with the right tools and mindset, building a modern, scalable, and developer-friendly platform on AWS is not only possible—but essential.

Built With

• amazon-web-services
• backstage
• gitops
• terraform