Production-style deployment of backend microservices on AWS with automated CI/CD.
- CloudFront (/ → S3, /api/* → ALB)
- VPC with public and private subnets
- ALB in public subnets (multi-AZ)
- EC2 in private subnet
- NAT for outbound access only
- Order Service (FastAPI)
- Payment Service (FastAPI)
- systemd-managed processes
- GitHub Actions
- OIDC-based authentication
- Deployment via AWS SSM
CI/CD Flow
──────────────────
Developer
↓
GitHub (Private)
↓
GitHub Actions (OIDC)
↓
AWS Account
├─ EC2 (backend deploy)
└─ S3 (frontend deploy)
Frontend:
---------
- Code is pushed to release branch
- Workflow builds the dist folder
- Files in dist folder pushed to S3
Backend - Microservices
-----------------------
- GitHub Actions triggers deployment via AWS SSM
- Code is fetched on the instance during deployment
- Services restarted using systemd
- Services run as systemd-managed units
- Single VPC spanning multiple Availability Zones
- Application Load Balancer deployed in public subnets (ap-south-1b, ap-south-1c)
- Backend EC2 instances run in a private subnet (ap-south-1a)
- ALB is the only ingress point for API traffic
- EC2 instances have no direct internet access
- Outbound traffic from EC2 is routed through a NAT Gateway
- Internet Gateway attached to the VPC for public subnet access
- CloudWatch Agent
- systemd / journalctl logs
- Structured JSON format
- Request ID tracking
(Source code is private)
- order-microservice
- payment-service
- gateway-infra
- gateway-fe
- Docker-based deployment - In progress
- Terraform for infrastructure provisioning
