A comprehensive Node.js application with automated CI/CD pipelines deployed to AWS infrastructure using Terraform.
This project demonstrates enterprise-grade DevOps practices with:
- Dual Environment Setup: Development (EC2) and Production (ECS Fargate)
- 4 Distinct CI/CD Pipelines: Automated and manual deployment workflows
- Infrastructure as Code: Complete AWS infrastructure managed with Terraform
- Comprehensive Testing: Unit tests, integration tests, and code quality checks
- Container Orchestration: Docker containerization with Amazon ECR
- Application Architecture
- CI/CD Pipelines
- Testing Strategy
- Terraform Infrastructure
- Deployment Process
- Getting Started
- Monitoring & Observability
- Security Considerations
- Performance Considerations
- Compute: Amazon EC2 instance
- Networking: AWS Default VPC with public subnet
- Container Registry: Amazon ECR
- Deployment: Direct application deployment via AWS Systems Manager
[Development Environment Architecture]
- Compute: Amazon ECS Fargate (single task, cost-optimized)
- Networking: Custom VPC with public/private subnets across multiple AZs
- Load Balancing: Application Load Balancer in public subnets
- Container Placement: ECS tasks in private subnets (no direct internet access)
- Container Registry: Amazon ECR
- VPC Endpoints: ECR, Docker, S3, CloudWatch (cost optimization)
- High Availability: ECS Service maintains desired task count with ALB health checks
[Production Environment Architecture]
Trigger: Push to dev branch
Workflow:
- Code Quality: Run linting checks (ESLint)
- Testing: Execute unit and integration tests
- Build: Create Docker image
- Push: Upload to Amazon ECR
- Deploy: Deploy to EC2 instance via AWS Systems Manager
Purpose: Rapid development iteration with automated deployment to development environment.
Trigger: Push to main branch
Workflow:
- Code Quality: Run linting checks (ESLint)
- Testing: Execute unit and integration tests
- Build: Create production Docker image
- Push: Upload to Amazon ECR with
:latesttag - Deploy: Trigger ECS service update with zero-downtime deployment
Purpose: Automated production deployment with quality gates.
Trigger: Manual (workflow_dispatch)
Parameters:
action: Choice betweenplanorapply
Workflow:
- Setup: Configure AWS credentials and Terraform
- Plan: Always show planned infrastructure changes
- Apply: Conditionally apply changes (only if
applyselected)
Purpose: Safe infrastructure management with human approval for production changes.
Trigger: Pull request to main branch
Workflow:
- Linting: Code quality validation
- Unit Tests: Fast feedback on code changes
- Integration Tests: End-to-end functionality validation
- Build Validation: Ensure Docker image builds successfully
Purpose: Quality gate to prevent broken code from reaching production.
- Framework: Jest
- Coverage: Individual functions and modules
- Location:
tests/unit.test.js - Focus: HTML generation logic, core functionality
- Framework: Jest with HTTP testing
- Coverage: API endpoints and request/response flow
- Location:
tests/integration.test.js - Focus: Express server functionality, route handling
- Tool: ESLint
- Configuration:
eslint.config.js - Enforcement: Integrated into all CI/CD pipelines
- Standards: JavaScript best practices and consistency
Development Pipeline:
- Runs all tests before deployment
- Blocks deployment on test failures
- Fast feedback for development iterations
Production Pipeline:
- Comprehensive test suite execution
- Quality gate before production deployment
- Zero-downtime deployment only after successful tests
PR Validation:
- Full test suite on every pull request
- Prevents merging of broken code
- Automated quality assurance
Resources:
- VPC with custom CIDR
- Public and private subnets across multiple AZs
- Internet Gateway and NAT Gateway
- VPC Endpoints (ECR, S3, CloudWatch)
- Security Groups
Purpose: Provides secure, scalable network foundation for prod environment.
EC2 Submodule (compute/ec2/):
- EC2 instance for development environment
- Security groups for SSH and HTTP access
- User data script for application setup
- Systems Manager integration
ECS Submodule (compute/ecs/):
- ECS Cluster for container orchestration
- ECS Service with Fargate launch type
- Application Load Balancer
- Health monitoring and automatic task replacement
- CloudWatch integration
- Smaller instance sizes
- Single AZ deployment
- Development-specific variable values
- Cost-optimized configuration
- Production-grade instance sizes
- Multi-AZ deployment for high availability
- Production security configurations
- Performance-optimized settings
- Backend: S3 with DynamoDB locking
- Isolation: Separate state files per environment
- Security: Encrypted state storage
- Developer pushes code to
devbranch - GitHub Actions automatically triggers development pipeline
- Quality Checks run (linting, tests)
- Docker Image built and pushed to ECR
- EC2 Deployment via AWS Systems Manager
- Application available at development URL
- Developer creates pull request from
devtomain - PR Validation pipeline runs automatically
- Code Review and approval process
- Merge to
mainbranch triggers production pipeline - Quality Gates execute (comprehensive testing)
- Production Deployment to ECS Fargate
- Zero-Downtime rolling update
- Application available at production URL
- Infrastructure Engineer modifies Terraform code
- Manual Trigger of infrastructure pipeline with
planaction - Review planned changes
- Manual Trigger with
applyaction to implement changes - Infrastructure updated with zero service disruption
- AWS Account with appropriate permissions
- GitHub repository with secrets configured
- Docker installed locally
- Node.js 18+ for local development
Add these secrets to your GitHub repo:
AWS_ACCESS_KEY_ID: Your AWS access key
AWS_SECRET_ACCESS_KEY: Your AWS secret key
# Clone repository
git clone https://github.com/yourusername/node-hello.git
cd node-hello
# Install dependencies
npm install
# Run tests
npm test
# Run linting
npm run lint
# Start development server
npm start# Initialize Terraform
cd infra/prod
terraform init
# Plan infrastructure changes
terraform plan
# Apply infrastructure
terraform apply- Container Logs: Centralized logging for ECS tasks
- Application Metrics: Custom metrics from the application
- Infrastructure Metrics: ECS resource utilization
- Alarms: Automated alerting for critical issues
- Application: Built-in health check endpoint
- Load Balancer: Target group health checks
- ECS: Container health monitoring and automatic replacement
- Structured Logging: JSON format for better parsing
- Log Levels: Appropriate logging levels (info, warn, error)
- Retention: Configurable log retention policies
- Searchability: CloudWatch Insights for log analysis
- Private subnets for ECS tasks
- Security groups with minimal required access
- VPC endpoints to avoid internet routing
- NAT Gateway for secure outbound access
- Minimal base images
- Regular image updates
- ECR image scanning
- Non-root container execution
- IAM roles with least privilege
- Service-linked roles for ECS
- Temporary credentials in CI/CD
- Encrypted data in transit and at rest
- Application Load Balancer for traffic distribution across AZs
- ECS service with automatic task replacement
- CloudWatch monitoring for operational visibility
- VPC endpoints to reduce NAT Gateway costs
- Single task deployment for demonstration purposes
- Right-sized instances for development (free tier t2.micro for ec2 instances)
- VPC endpoints instead of NAT Gateway for ECR access
# Check ECS service status
aws ecs describe-services --cluster production --services node-hello-service
# View container logs
aws logs get-log-events --log-group-name /ecs/node-hello
# Check load balancer targets
aws elbv2 describe-target-health --target-group-arn <target-group-arn>