The project shows how to deploy a full stack application on Amazon Web Services using CI/CD tools. Frontend is an SPA application written in React, backend is a typical Node.js server written in NestJS. A popular open-source relational database PostgreSQL was also used in the project. Continuous integration and deployment processes are covered by CircleCI service.
There are many tools we can use to create a CI/CD pipeline. I'm using CircleCI, but tools like GitHub Actions, Jenkins, etc. are also suitable for implementing CI/CD pipelines.
Every continuous integration pipeline consists of:
- Running tests.
- Building packages.
There are 2 additional steps that are happening only on certain branch (e.g. production):
- Build a docker image and upload it to ECR.
- Update the task definition on ECS to deploy the new version of the application from ECR's image.
The project uses a so-called 3-tier architecture. A network stack is built contains VPC with public, private, and database subnets.
- The public subnets host an Application Load Balancer that routes traffic to the private subnet hosting the applications. Security groups are configured to allow all traffic from the internet on ports 80 and 443.
- The private subnets host application tier. The Node.js application runs in a docker container running in ECS Cluster. Security groups are configured to allow traffic from ALB security group only on port 80.
- The database subnets host RDS database for PostgreSQL. Security groups are configured to allow traffic from application security groups on port 5432 (PostgreSQL default port).
The database lives within private subnets which means it does not have a public IP address. To allow connections to the database from developer machines, there is a so-called Bastion Host in the public subnet. If you want to create an SSH tunnel that will forward your connection to the database through Bastion Host use tunnelDatabaseConnection.sh script.