/demo-deploy-repo

Primary LanguageHCL

Demo Deploy Repository

This repository contains Terraform configurations for deploying applications to AWS ECS. It is part of a three-repository architecture for the demo project.

Repository Architecture

This project follows a separation of concerns with three distinct repositories:

1. demo-infra

  • Purpose: Infrastructure provisioning
  • Contains: ECS clusters, ECR repositories, VPCs, RDS, and other foundational AWS resources
  • Responsibility: Setting up the underlying infrastructure that applications will use

2. demo-todo-fastapi

  • Purpose: Application source code
  • Contains: FastAPI application code, Dockerfile, tests, and application-specific configurations
  • Responsibility: The actual web application that needs to be deployed

3. demo-deploy-repo (This Repository)

  • Purpose: Application deployment
  • Contains: Terraform configurations for deploying applications to ECS
  • Responsibility: Taking containerized applications and deploying them to the infrastructure

Repository Structure

demo-deploy-repo/
├── environments/
│   ├── dev/
│   │   ├── main.tf           # Main deployment configuration
│   │   ├── variables.tf      # Variable definitions
│   │   ├── outputs.tf        # Output definitions
│   │   ├── terraform.tfvars  # Environment-specific values
│   │   ├── backend.tf        # S3 backend configuration
│   │   └── versions.tf       # Provider version constraints
│   ├── staging/
│   │   └── (similar structure)
│   └── prod/
│       └── (similar structure)
├── modules/
│   └── vpc/                  # VPC discovery and network configuration
└── README.md

Prerequisites

Before using this repository, ensure you have:

  1. Infrastructure Ready: The demo-infra repository should be deployed first to create:

    • ECS Cluster
    • VPC and Subnets
    • ECR Repository
    • Other foundational resources

  2. Application Built: The demo-todo-fastapi application should be:

    • Containerized (Docker image built)
    • Pushed to ECR repository
    • Tagged appropriately

  3. AWS Credentials: Configured with appropriate permissions

  4. Terraform: Version >= 1.0 installed

VPC Module

This repository includes a VPC module that provides network discovery and configuration capabilities:

  • Auto-Discovery: Can automatically discover VPC and subnet information
  • Flexible Configuration: Supports both explicit configuration and auto-discovery
  • Consistent with Infrastructure: Uses the same VPC module as demo-infra for consistency
  • Network Intelligence: Provides detailed network information and validation

The VPC module will:

  1. Use provided VPC ID or discover the default VPC
  2. Use provided subnet IDs or auto-discover suitable subnets
  3. Provide network summary and configuration details
  4. Ensure proper subnet selection for ECS and ALB deployment

Usage

Deploy to Development Environment

  1. Navigate to the dev environment:

    cd environments/dev

  2. Configure your AWS profile:

    export AWS_PROFILE=your-aws-profile

  3. Initialize Terraform:

    terraform init

  4. Review the deployment plan:

    terraform plan

  5. Deploy the application:

    terraform apply

  6. Get the application URL:

    terraform output app_url

Configuration

The deployment is configured through terraform.tfvars. Key variables include:

  • docker_image: The ECR image URI to deploy
  • cluster_name: Name of the existing ECS cluster
  • vpc_id: VPC ID where the application will be deployed (optional - will auto-discover if empty)
  • subnet_ids: List of subnet IDs for deployment (optional - will auto-discover if empty)
  • cpu and memory: Resource allocation for the application
  • desired_count: Number of application instances to run

Example Configuration

# Application Configuration
docker_image   = "YOUR_ACCOUNT_ID.dkr.ecr.YOUR_REGION.amazonaws.com/YOUR_ECR_REPO:latest"
container_port = 8000

# Infrastructure Configuration
cluster_name = "demo-app-dev"
vpc_id       = ""  # Optional - will auto-discover default VPC if empty
subnet_ids   = []  # Optional - will auto-discover subnets if empty

# Performance Configuration
cpu           = 512
memory        = 1024
desired_count = 1

# Network Configuration (Internal Service)
assign_public_ip = false  # No public IPs for containers
internal_alb     = true   # Internal load balancer only

Deployment Workflow

Typical CI/CD Flow

  1. Code Changes: Developer pushes changes to demo-todo-fastapi
  2. Build: CI/CD builds new Docker image and pushes to ECR
  3. Deploy: CI/CD updates terraform.tfvars with new image tag and runs terraform apply
  4. Verify: Health checks confirm successful deployment

Manual Deployment

  1. Build and Push Image (from demo-todo-fastapi):

    docker build -t demo-app:latest .
docker tag demo-app:latest YOUR_ACCOUNT_ID.dkr.ecr.YOUR_REGION.amazonaws.com/YOUR_ECR_REPO:latest
docker push YOUR_ACCOUNT_ID.dkr.ecr.YOUR_REGION.amazonaws.com/YOUR_ECR_REPO:latest

  2. Update Configuration (in this repo):

    # Update docker_image in terraform.tfvars if needed
terraform apply

Outputs

After successful deployment, you'll get:

  • app_url: Public URL to access your application
  • service_name: ECS service name
  • service_arn: ECS service ARN
  • log_group_name: CloudWatch log group for monitoring

Monitoring and Troubleshooting

Check Application Health

curl $(terraform output -raw app_url)

View Application Logs

aws logs tail $(terraform output -raw log_group_name) --follow

Check ECS Service Status

aws ecs describe-services \
  --cluster $(terraform output -raw cluster_name) \
  --services $(terraform output -raw service_name)

Environment-Specific Configurations

Development

  • Lower resource allocation (512 CPU, 1024 MB)
  • Debug logging enabled
  • Single instance deployment
  • Shorter log retention

Staging

  • Production-like resource allocation
  • Info-level logging
  • Multiple instances for testing
  • Medium log retention

Production

  • High resource allocation
  • Error-level logging only
  • Multiple instances with auto-scaling
  • Long log retention
  • Enhanced monitoring and alerting

Security Considerations

  • All resources are deployed in private subnets
  • Security groups follow least privilege principle
  • Application Load Balancer provides public access
  • ECS tasks only accept traffic from ALB
  • CloudWatch logging enabled for audit trails

State Management

  • Backend: S3 with DynamoDB locking
  • State Path: deployments/{app_name}/{environment}/terraform.tfstate
  • Isolation: Each environment has separate state files
  • Locking: Prevents concurrent modifications

Contributing

  1. Create feature branch from main
  2. Make changes to appropriate environment
  3. Test in development environment first
  4. Create pull request with detailed description
  5. Deploy to staging for validation
  6. Deploy to production after approval

Support

For issues related to:

  • Infrastructure: Check demo-infra repository
  • Application Code: Check demo-todo-fastapi repository
  • Deployment: Create issue in this repository

Tags and Labeling

All resources are tagged with:

  • Project: demo-app
  • Environment: dev/staging/prod
  • ManagedBy: terraform
  • Repository: demo-deploy-repo
  • Application: fastapi
  • Service: web-api