Virtual Private Cloud (VPC): A custom network setup with multiple subnets, including public, private, and database subnets, ensuring workload isolation and security.
- Internet Gateway (IGW): Allows access to public resources from the internet, attached to the VPC.
- NAT Gateway (NGW): Provides secure internet access for private subnets, associated with an Elastic IP.
- Route Tables:
- Public route table directs traffic to the internet via IGW.
- Private route table routes traffic via NGW.
- Network ACLs (NACLs): Manages inbound and outbound traffic across subnets to enhance security.
- Security Groups (SGs):
- Public security group allows HTTP, HTTPS, and application-specific traffic.
- Private security group restricts access, permitting only traffic from the load balancer.
Application Load Balancer (ALB): Manages HTTP/HTTPS traffic and distributes it to services based on routing rules.
-
Web Application Firewall (WAF) &
Amazon CloudFront:
-
WAF protects against common security threats, including SQL Injection (SQLi) and Cross-Site Scripting (XSS).
-
CloudFront serves cached content globally for improved performance and security.
- WAF
- CLOUDFRONT
- WAF
-
-
Amazon Route 53: Routes domain traffic to the appropriate endpoints.
Certificate Manager (ACM): Provides SSL/TLS certificates to ensure secure communication over HTTPS.
-
Elastic Container Service (ECS): A fully managed container orchestration service that simplifies the deployment, scaling, and management of containerized applications.
-
Serverless Compute Engine (Fargate): Eliminates the need for server provisioning, allowing automatic scaling and resource optimization.
- DEV
- PROD
- DEV
This CI/CD pipeline is built using AWS DevOps Services, ensuring efficient and automated deployment. It leverages:
AWS CodePipeline for continuous integration and deployment automation.
AWS CodeBuild for compiling, packaging, and containerizing applications.
AWS CodeDeploy for automated and zero-downtime deployments.
Amazon SNS for deployment approval notifications and alerts.
Amazon ECR for secure container image storage.
Docker for containerization and efficient deployment.
- Code Commit & Build
-
Developers push code to the GitHub repository.
-
AWS CodePipeline detects the changes and triggers the CodeBuild process.
-
The application is compiled, packaged, and containerized.
-
The built image is pushed to ECR for deployment.
- Development Deployment
-
The pipeline automatically deploys the new version to the development environment for testing whenever changes are pushed to the
devbranch.
- Merge & Trigger Production Pipeline
-
Once the changes in the
devbranch are tested and approved, they are merged into themainbranch. -
AWS CodePipeline for production is configured to only trigger when there is a new commit in the
mainbranch.
- Approval & Production Deployment
-
A manual approval step (e.g., via SNS) ensures only validated changes reach production.
-
Once approved, the deployment proceeds to the production environment.
-
Changes pushed to the
devbranch are automatically deployed to the development environment. -
This environment is used for testing and validating new features before they are merged into
main. -
Developers can access the latest build to verify functionality, debug issues, and ensure stability.
-
The production environment before the latest update.
-
This represents the last stable version running before new changes are deployed.
-
The production environment after the latest deployment.
-
The newly merged and approved changes are now live.
-
Monitoring & Logging: Collects and stores logs from ECS containers for application tracking.
-
Log Insights: Enables querying logs for error analysis and performance monitoring.
-
Alarms & Alerts: Triggers alerts based on application errors or resource overuse.
-
Logs
-
Alarms
-
