The latest articles on DEV Community by Muhammad Awais Zahid (@awais_684). https://dev.to/awais_684 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F910599%2F66d43e04-807c-4333-abaf-aef18dbe4c1c.png https://dev.to/awais_684 en Muhammad Awais Zahid Sat, 28 Mar 2026 11:34:14 +0000 https://dev.to/awais_684/stock-market-real-time-data-analytics-pipeline-on-aws-3jii https://dev.to/awais_684/stock-market-real-time-data-analytics-pipeline-on-aws-3jii <h1> 🚀 Building a Real-Time Stock Market Analytics Pipeline on AWS </h1> <p><strong>Author:</strong> Muhammad Awais | DevSecOps Engineer | AWS | Kubernetes | Terraform</p> <h2> Overview ☁️ </h2> <p>In this project, I built a fully serverless, event-driven <strong>Real-Time Stock Market Data Analytics Pipeline</strong> on AWS. The pipeline ingests live stock data, processes it, stores it, analyzes trends, and sends smart alerts — all with minimal cost and zero servers to manage.</p> <p>Here is what the pipeline does end to end:</p> <ul> <li>Streams real-time stock data from <strong>yfinance</strong> into <strong>Amazon Kinesis Data Streams</strong> </li> <li>Triggers <strong>AWS Lambda</strong> to process, clean, and store incoming data</li> <li>Stores raw data in <strong>Amazon S3</strong> for historical analysis</li> <li>Stores processed data in <strong>Amazon DynamoDB</strong> for low-latency querying</li> <li>Queries historical data using <strong>Amazon Athena</strong> via <strong>AWS Glue Catalog</strong> </li> <li>Detects stock trends using moving averages (SMA-5 and SMA-20)</li> <li>Sends real-time <strong>buy/sell alerts</strong> via <strong>Amazon SNS</strong> (Email/SMS)</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fuulk6cbvjv8p02cypeu2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fuulk6cbvjv8p02cypeu2.png" alt="Image description1"></a></p> <h2> Architecture at a Glance 🏗️ </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Python Script (yfinance) ↓ Amazon Kinesis Data Streams ↓ AWS Lambda (Process &amp; Clean Data) ↓ ↓ Amazon DynamoDB Amazon S3 ↓ ↓ AWS Lambda AWS Glue Catalog (Trend Analysis) ↓ ↓ Amazon Athena Amazon SNS ↓ (Email/SMS Alerts) Amazon S3 (Query Results) </code></pre> </div> <h2> Steps to Build This Pipeline 👩‍💻 </h2> <h3> Step 1 — Setting Up Data Streaming with Amazon Kinesis </h3> <p>The first step is creating a <strong>Kinesis Data Stream</strong> to act as the real-time data pipeline.</p> <p><strong>Create the Kinesis Stream:</strong></p> <ol> <li>Go to <strong>AWS Console → Kinesis → Data Streams</strong> </li> <li>Click <strong>Create data stream</strong> </li> <li>Name it <code>stock-market-stream</code> </li> <li>Choose <strong>On-demand</strong> capacity mode (cost-efficient for variable workloads)</li> <li>Click <strong>Create</strong> </li> </ol> <p><strong>Python Producer Script:</strong></p> <p>This script continuously fetches stock data from <code>yfinance</code> and pushes it to Kinesis every 30 seconds.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">boto3</span> <span class="kn">import</span> <span class="n">json</span> <span class="kn">import</span> <span class="n">time</span> <span class="kn">import</span> <span class="n">yfinance</span> <span class="k">as</span> <span class="n">yf</span> <span class="n">kinesis_client</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">'</span><span class="s">kinesis</span><span class="sh">'</span><span class="p">,</span> <span class="n">region_name</span><span class="o">=</span><span class="sh">'</span><span class="s">us-east-1</span><span class="sh">'</span><span class="p">)</span> <span class="n">STREAM_NAME</span> <span class="o">=</span> <span class="sh">"</span><span class="s">stock-market-stream</span><span class="sh">"</span> <span class="n">STOCK_SYMBOL</span> <span class="o">=</span> <span class="sh">"</span><span class="s">AAPL</span><span class="sh">"</span> <span class="n">DELAY_TIME</span> <span class="o">=</span> <span class="mi">30</span> <span class="k">def</span> <span class="nf">get_stock_data</span><span class="p">(</span><span class="n">symbol</span><span class="p">):</span> <span class="n">stock</span> <span class="o">=</span> <span class="n">yf</span><span class="p">.</span><span class="nc">Ticker</span><span class="p">(</span><span class="n">symbol</span><span class="p">)</span> <span class="n">data</span> <span class="o">=</span> <span class="n">stock</span><span class="p">.</span><span class="nf">history</span><span class="p">(</span><span class="n">period</span><span class="o">=</span><span class="sh">"</span><span class="s">2d</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">symbol</span><span class="sh">"</span><span class="p">:</span> <span class="n">symbol</span><span class="p">,</span> <span class="sh">"</span><span class="s">open</span><span class="sh">"</span><span class="p">:</span> <span class="nf">float</span><span class="p">(</span><span class="nf">round</span><span class="p">(</span><span class="n">data</span><span class="p">.</span><span class="n">iloc</span><span class="p">[</span><span class="o">-</span><span class="mi">1</span><span class="p">][</span><span class="sh">"</span><span class="s">Open</span><span class="sh">"</span><span class="p">],</span> <span class="mi">2</span><span class="p">)),</span> <span class="sh">"</span><span class="s">high</span><span class="sh">"</span><span class="p">:</span> <span class="nf">float</span><span class="p">(</span><span class="nf">round</span><span class="p">(</span><span class="n">data</span><span class="p">.</span><span class="n">iloc</span><span class="p">[</span><span class="o">-</span><span class="mi">1</span><span class="p">][</span><span class="sh">"</span><span class="s">High</span><span class="sh">"</span><span class="p">],</span> <span class="mi">2</span><span class="p">)),</span> <span class="sh">"</span><span class="s">low</span><span class="sh">"</span><span class="p">:</span> <span class="nf">float</span><span class="p">(</span><span class="nf">round</span><span class="p">(</span><span class="n">data</span><span class="p">.</span><span class="n">iloc</span><span class="p">[</span><span class="o">-</span><span class="mi">1</span><span class="p">][</span><span class="sh">"</span><span class="s">Low</span><span class="sh">"</span><span class="p">],</span> <span class="mi">2</span><span class="p">)),</span> <span class="sh">"</span><span class="s">price</span><span class="sh">"</span><span class="p">:</span> <span class="nf">float</span><span class="p">(</span><span class="nf">round</span><span class="p">(</span><span class="n">data</span><span class="p">.</span><span class="n">iloc</span><span class="p">[</span><span class="o">-</span><span class="mi">1</span><span class="p">][</span><span class="sh">"</span><span class="s">Close</span><span class="sh">"</span><span class="p">],</span> <span class="mi">2</span><span class="p">)),</span> <span class="sh">"</span><span class="s">previous_close</span><span class="sh">"</span><span class="p">:</span> <span class="nf">float</span><span class="p">(</span><span class="nf">round</span><span class="p">(</span><span class="n">data</span><span class="p">.</span><span class="n">iloc</span><span class="p">[</span><span class="o">-</span><span class="mi">2</span><span class="p">][</span><span class="sh">"</span><span class="s">Close</span><span class="sh">"</span><span class="p">],</span> <span class="mi">2</span><span class="p">)),</span> <span class="sh">"</span><span class="s">change</span><span class="sh">"</span><span class="p">:</span> <span class="nf">float</span><span class="p">(</span><span class="nf">round</span><span class="p">(</span><span class="n">data</span><span class="p">.</span><span class="n">iloc</span><span class="p">[</span><span class="o">-</span><span class="mi">1</span><span class="p">][</span><span class="sh">"</span><span class="s">Close</span><span class="sh">"</span><span class="p">]</span> <span class="o">-</span> <span class="n">data</span><span class="p">.</span><span class="n">iloc</span><span class="p">[</span><span class="o">-</span><span class="mi">2</span><span class="p">][</span><span class="sh">"</span><span class="s">Close</span><span class="sh">"</span><span class="p">],</span> <span class="mi">2</span><span class="p">)),</span> <span class="sh">"</span><span class="s">change_percent</span><span class="sh">"</span><span class="p">:</span> <span class="nf">float</span><span class="p">(</span><span class="nf">round</span><span class="p">(</span> <span class="p">((</span><span class="n">data</span><span class="p">.</span><span class="n">iloc</span><span class="p">[</span><span class="o">-</span><span class="mi">1</span><span class="p">][</span><span class="sh">"</span><span class="s">Close</span><span class="sh">"</span><span class="p">]</span> <span class="o">-</span> <span class="n">data</span><span class="p">.</span><span class="n">iloc</span><span class="p">[</span><span class="o">-</span><span class="mi">2</span><span class="p">][</span><span class="sh">"</span><span class="s">Close</span><span class="sh">"</span><span class="p">])</span> <span class="o">/</span> <span class="n">data</span><span class="p">.</span><span class="n">iloc</span><span class="p">[</span><span class="o">-</span><span class="mi">2</span><span class="p">][</span><span class="sh">"</span><span class="s">Close</span><span class="sh">"</span><span class="p">])</span> <span class="o">*</span> <span class="mi">100</span><span class="p">,</span> <span class="mi">2</span> <span class="p">)),</span> <span class="sh">"</span><span class="s">volume</span><span class="sh">"</span><span class="p">:</span> <span class="nf">int</span><span class="p">(</span><span class="n">data</span><span class="p">.</span><span class="n">iloc</span><span class="p">[</span><span class="o">-</span><span class="mi">1</span><span class="p">][</span><span class="sh">"</span><span class="s">Volume</span><span class="sh">"</span><span class="p">]),</span> <span class="sh">"</span><span class="s">timestamp</span><span class="sh">"</span><span class="p">:</span> <span class="n">time</span><span class="p">.</span><span class="nf">strftime</span><span class="p">(</span><span class="sh">"</span><span class="s">%Y-%m-%dT%H:%M:%SZ</span><span class="sh">"</span><span class="p">,</span> <span class="n">time</span><span class="p">.</span><span class="nf">gmtime</span><span class="p">())</span> <span class="p">}</span> <span class="k">def</span> <span class="nf">send_to_kinesis</span><span class="p">():</span> <span class="k">while</span> <span class="bp">True</span><span class="p">:</span> <span class="n">stock_data</span> <span class="o">=</span> <span class="nf">get_stock_data</span><span class="p">(</span><span class="n">STOCK_SYMBOL</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Sending: </span><span class="si">{</span><span class="n">stock_data</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">kinesis_client</span><span class="p">.</span><span class="nf">put_record</span><span class="p">(</span> <span class="n">StreamName</span><span class="o">=</span><span class="n">STREAM_NAME</span><span class="p">,</span> <span class="n">Data</span><span class="o">=</span><span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">(</span><span class="n">stock_data</span><span class="p">),</span> <span class="n">PartitionKey</span><span class="o">=</span><span class="n">STOCK_SYMBOL</span> <span class="p">)</span> <span class="n">time</span><span class="p">.</span><span class="nf">sleep</span><span class="p">(</span><span class="n">DELAY_TIME</span><span class="p">)</span> <span class="nf">send_to_kinesis</span><span class="p">()</span> </code></pre> </div> <blockquote> <p>💡 <strong>Tip:</strong> Always convert <code>np.float64</code> values to plain <code>float</code> before sending to Kinesis to avoid serialization issues downstream.</p> </blockquote> <h3> Step 2 — Processing Data with AWS Lambda </h3> <p>Two Lambda functions handle the data processing:</p> <h4> Lambda 1 — Kinesis Consumer (Store to S3 + DynamoDB) </h4> <p>This function is triggered automatically by Kinesis, decodes the data, computes metrics, and stores it in both S3 and DynamoDB.</p> <p><strong>Setup:</strong></p> <ol> <li>Go to <strong>AWS Lambda → Create Function</strong> </li> <li>Name it <code>stock-market-processor</code> </li> <li>Runtime: <strong>Python 3.12</strong> </li> <li>Add trigger: <strong>Kinesis</strong> → select <code>stock-market-stream</code> </li> <li>Attach IAM role with permissions for: <code>DynamoDB</code>, <code>S3</code>, <code>Kinesis</code> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">json</span> <span class="kn">import</span> <span class="n">boto3</span> <span class="kn">import</span> <span class="n">base64</span> <span class="kn">from</span> <span class="n">decimal</span> <span class="kn">import</span> <span class="n">Decimal</span> <span class="n">dynamodb</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">resource</span><span class="p">(</span><span class="sh">"</span><span class="s">dynamodb</span><span class="sh">"</span><span class="p">)</span> <span class="n">s3</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">"</span><span class="s">s3</span><span class="sh">"</span><span class="p">)</span> <span class="n">DYNAMO_TABLE</span> <span class="o">=</span> <span class="sh">"</span><span class="s">stock-market-data</span><span class="sh">"</span> <span class="n">S3_BUCKET</span> <span class="o">=</span> <span class="sh">"</span><span class="s">your-s3-bucket-name</span><span class="sh">"</span> <span class="n">table</span> <span class="o">=</span> <span class="n">dynamodb</span><span class="p">.</span><span class="nc">Table</span><span class="p">(</span><span class="n">DYNAMO_TABLE</span><span class="p">)</span> <span class="k">def</span> <span class="nf">lambda_handler</span><span class="p">(</span><span class="n">event</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="k">for</span> <span class="n">record</span> <span class="ow">in</span> <span class="n">event</span><span class="p">[</span><span class="sh">'</span><span class="s">Records</span><span class="sh">'</span><span class="p">]:</span> <span class="n">raw_data</span> <span class="o">=</span> <span class="n">base64</span><span class="p">.</span><span class="nf">b64decode</span><span class="p">(</span><span class="n">record</span><span class="p">[</span><span class="sh">"</span><span class="s">kinesis</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">]).</span><span class="nf">decode</span><span class="p">(</span><span class="sh">"</span><span class="s">utf-8</span><span class="sh">"</span><span class="p">)</span> <span class="n">payload</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">raw_data</span><span class="p">)</span> <span class="c1"># Save raw data to S3 </span> <span class="n">s3_key</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">raw-data/</span><span class="si">{</span><span class="n">payload</span><span class="p">[</span><span class="sh">'</span><span class="s">symbol</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">/</span><span class="si">{</span><span class="n">payload</span><span class="p">[</span><span class="sh">'</span><span class="s">timestamp</span><span class="sh">'</span><span class="p">].</span><span class="n">replace</span><span class="p">(</span><span class="sh">'</span><span class="si">:</span><span class="sh">'</span><span class="s">, </span><span class="sh">'</span><span class="o">-</span><span class="sh">'</span><span class="s">)</span><span class="si">}</span><span class="s">.json</span><span class="sh">"</span> <span class="n">s3</span><span class="p">.</span><span class="nf">put_object</span><span class="p">(</span><span class="n">Bucket</span><span class="o">=</span><span class="n">S3_BUCKET</span><span class="p">,</span> <span class="n">Key</span><span class="o">=</span><span class="n">s3_key</span><span class="p">,</span> <span class="n">Body</span><span class="o">=</span><span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">(</span><span class="n">payload</span><span class="p">),</span> <span class="n">ContentType</span><span class="o">=</span><span class="sh">'</span><span class="s">application/json</span><span class="sh">'</span><span class="p">)</span> <span class="c1"># Compute metrics </span> <span class="n">price_change</span> <span class="o">=</span> <span class="nf">round</span><span class="p">(</span><span class="n">payload</span><span class="p">[</span><span class="sh">"</span><span class="s">price</span><span class="sh">"</span><span class="p">]</span> <span class="o">-</span> <span class="n">payload</span><span class="p">[</span><span class="sh">"</span><span class="s">previous_close</span><span class="sh">"</span><span class="p">],</span> <span class="mi">2</span><span class="p">)</span> <span class="n">price_change_percent</span> <span class="o">=</span> <span class="nf">round</span><span class="p">((</span><span class="n">price_change</span> <span class="o">/</span> <span class="n">payload</span><span class="p">[</span><span class="sh">"</span><span class="s">previous_close</span><span class="sh">"</span><span class="p">])</span> <span class="o">*</span> <span class="mi">100</span><span class="p">,</span> <span class="mi">2</span><span class="p">)</span> <span class="n">is_anomaly</span> <span class="o">=</span> <span class="sh">"</span><span class="s">Yes</span><span class="sh">"</span> <span class="k">if</span> <span class="nf">abs</span><span class="p">(</span><span class="n">price_change_percent</span><span class="p">)</span> <span class="o">&gt;</span> <span class="mi">5</span> <span class="k">else</span> <span class="sh">"</span><span class="s">No</span><span class="sh">"</span> <span class="n">moving_average</span> <span class="o">=</span> <span class="nf">round</span><span class="p">(</span> <span class="p">(</span><span class="n">payload</span><span class="p">[</span><span class="sh">"</span><span class="s">open</span><span class="sh">"</span><span class="p">]</span> <span class="o">+</span> <span class="n">payload</span><span class="p">[</span><span class="sh">"</span><span class="s">high</span><span class="sh">"</span><span class="p">]</span> <span class="o">+</span> <span class="n">payload</span><span class="p">[</span><span class="sh">"</span><span class="s">low</span><span class="sh">"</span><span class="p">]</span> <span class="o">+</span> <span class="n">payload</span><span class="p">[</span><span class="sh">"</span><span class="s">price</span><span class="sh">"</span><span class="p">])</span> <span class="o">/</span> <span class="mi">4</span><span class="p">,</span> <span class="mi">2</span> <span class="p">)</span> <span class="c1"># Store in DynamoDB </span> <span class="n">table</span><span class="p">.</span><span class="nf">put_item</span><span class="p">(</span><span class="n">Item</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">symbol</span><span class="sh">"</span><span class="p">:</span> <span class="n">payload</span><span class="p">[</span><span class="sh">"</span><span class="s">symbol</span><span class="sh">"</span><span class="p">],</span> <span class="sh">"</span><span class="s">timestamp</span><span class="sh">"</span><span class="p">:</span> <span class="n">payload</span><span class="p">[</span><span class="sh">"</span><span class="s">timestamp</span><span class="sh">"</span><span class="p">],</span> <span class="sh">"</span><span class="s">price</span><span class="sh">"</span><span class="p">:</span> <span class="nc">Decimal</span><span class="p">(</span><span class="nf">str</span><span class="p">(</span><span class="n">payload</span><span class="p">[</span><span class="sh">"</span><span class="s">price</span><span class="sh">"</span><span class="p">])),</span> <span class="sh">"</span><span class="s">previous_close</span><span class="sh">"</span><span class="p">:</span> <span class="nc">Decimal</span><span class="p">(</span><span class="nf">str</span><span class="p">(</span><span class="n">payload</span><span class="p">[</span><span class="sh">"</span><span class="s">previous_close</span><span class="sh">"</span><span class="p">])),</span> <span class="sh">"</span><span class="s">change</span><span class="sh">"</span><span class="p">:</span> <span class="nc">Decimal</span><span class="p">(</span><span class="nf">str</span><span class="p">(</span><span class="n">price_change</span><span class="p">)),</span> <span class="sh">"</span><span class="s">change_percent</span><span class="sh">"</span><span class="p">:</span> <span class="nc">Decimal</span><span class="p">(</span><span class="nf">str</span><span class="p">(</span><span class="n">price_change_percent</span><span class="p">)),</span> <span class="sh">"</span><span class="s">volume</span><span class="sh">"</span><span class="p">:</span> <span class="nf">int</span><span class="p">(</span><span class="n">payload</span><span class="p">[</span><span class="sh">"</span><span class="s">volume</span><span class="sh">"</span><span class="p">]),</span> <span class="sh">"</span><span class="s">moving_average</span><span class="sh">"</span><span class="p">:</span> <span class="nc">Decimal</span><span class="p">(</span><span class="nf">str</span><span class="p">(</span><span class="n">moving_average</span><span class="p">)),</span> <span class="sh">"</span><span class="s">anomaly</span><span class="sh">"</span><span class="p">:</span> <span class="n">is_anomaly</span> <span class="p">})</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">statusCode</span><span class="sh">"</span><span class="p">:</span> <span class="mi">200</span><span class="p">,</span> <span class="sh">"</span><span class="s">body</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Processing Complete</span><span class="sh">"</span><span class="p">}</span> </code></pre> </div> <h4> Lambda 2 — Trend Analyzer (SMA Crossover + SNS Alert) </h4> <p>This function runs on a schedule (EventBridge every 5 minutes), queries DynamoDB, computes SMA-5 and SMA-20, detects crossover signals, and sends alerts via SNS.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">boto3</span> <span class="kn">import</span> <span class="n">json</span> <span class="kn">import</span> <span class="n">decimal</span> <span class="kn">from</span> <span class="n">datetime</span> <span class="kn">import</span> <span class="n">datetime</span><span class="p">,</span> <span class="n">timedelta</span> <span class="n">dynamodb</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">resource</span><span class="p">(</span><span class="sh">"</span><span class="s">dynamodb</span><span class="sh">"</span><span class="p">)</span> <span class="n">sns</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">"</span><span class="s">sns</span><span class="sh">"</span><span class="p">)</span> <span class="n">TABLE_NAME</span> <span class="o">=</span> <span class="sh">"</span><span class="s">stock-market-data</span><span class="sh">"</span> <span class="n">SNS_TOPIC_ARN</span> <span class="o">=</span> <span class="sh">"</span><span class="s">arn:aws:sns:us-east-1:YOUR_ACCOUNT_ID:Stock_Trend_Alerts</span><span class="sh">"</span> <span class="k">def</span> <span class="nf">get_recent_stock_data</span><span class="p">(</span><span class="n">symbol</span><span class="p">,</span> <span class="n">minutes</span><span class="o">=</span><span class="mi">5</span><span class="p">):</span> <span class="n">table</span> <span class="o">=</span> <span class="n">dynamodb</span><span class="p">.</span><span class="nc">Table</span><span class="p">(</span><span class="n">TABLE_NAME</span><span class="p">)</span> <span class="n">past_time</span> <span class="o">=</span> <span class="n">datetime</span><span class="p">.</span><span class="nf">utcnow</span><span class="p">()</span> <span class="o">-</span> <span class="nf">timedelta</span><span class="p">(</span><span class="n">minutes</span><span class="o">=</span><span class="n">minutes</span><span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">table</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span> <span class="n">KeyConditionExpression</span><span class="o">=</span><span class="sh">"</span><span class="s">symbol = :symbol AND #ts &gt;= :time</span><span class="sh">"</span><span class="p">,</span> <span class="n">ExpressionAttributeNames</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">#ts</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">timestamp</span><span class="sh">"</span><span class="p">},</span> <span class="n">ExpressionAttributeValues</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">:symbol</span><span class="sh">"</span><span class="p">:</span> <span class="n">symbol</span><span class="p">,</span> <span class="sh">"</span><span class="s">:time</span><span class="sh">"</span><span class="p">:</span> <span class="n">past_time</span><span class="p">.</span><span class="nf">strftime</span><span class="p">(</span><span class="sh">"</span><span class="s">%Y-%m-%d %H:%M:%S</span><span class="sh">"</span><span class="p">),</span> <span class="p">},</span> <span class="n">ScanIndexForward</span><span class="o">=</span><span class="bp">True</span> <span class="p">)</span> <span class="k">return</span> <span class="nf">sorted</span><span class="p">(</span><span class="n">response</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">Items</span><span class="sh">"</span><span class="p">,</span> <span class="p">[]),</span> <span class="n">key</span><span class="o">=</span><span class="k">lambda</span> <span class="n">x</span><span class="p">:</span> <span class="n">x</span><span class="p">[</span><span class="sh">"</span><span class="s">timestamp</span><span class="sh">"</span><span class="p">])</span> <span class="k">def</span> <span class="nf">calculate_moving_average</span><span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="n">period</span><span class="p">):</span> <span class="k">if</span> <span class="nf">len</span><span class="p">(</span><span class="n">data</span><span class="p">)</span> <span class="o">&lt;</span> <span class="n">period</span><span class="p">:</span> <span class="k">return</span> <span class="n">decimal</span><span class="p">.</span><span class="nc">Decimal</span><span class="p">(</span><span class="sh">"</span><span class="s">0</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="nf">sum</span><span class="p">(</span><span class="n">decimal</span><span class="p">.</span><span class="nc">Decimal</span><span class="p">(</span><span class="nf">str</span><span class="p">(</span><span class="n">d</span><span class="p">[</span><span class="sh">"</span><span class="s">price</span><span class="sh">"</span><span class="p">]))</span> <span class="k">for</span> <span class="n">d</span> <span class="ow">in</span> <span class="n">data</span><span class="p">[</span><span class="o">-</span><span class="n">period</span><span class="p">:])</span> <span class="o">/</span> <span class="n">period</span> <span class="k">def</span> <span class="nf">lambda_handler</span><span class="p">(</span><span class="n">event</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="k">for</span> <span class="n">symbol</span> <span class="ow">in</span> <span class="p">[</span><span class="sh">"</span><span class="s">AAPL</span><span class="sh">"</span><span class="p">]:</span> <span class="n">stock_data</span> <span class="o">=</span> <span class="nf">get_recent_stock_data</span><span class="p">(</span><span class="n">symbol</span><span class="p">)</span> <span class="k">if</span> <span class="nf">len</span><span class="p">(</span><span class="n">stock_data</span><span class="p">)</span> <span class="o">&lt;</span> <span class="mi">20</span><span class="p">:</span> <span class="k">continue</span> <span class="n">sma_5</span> <span class="o">=</span> <span class="nf">calculate_moving_average</span><span class="p">(</span><span class="n">stock_data</span><span class="p">,</span> <span class="mi">5</span><span class="p">)</span> <span class="n">sma_20</span> <span class="o">=</span> <span class="nf">calculate_moving_average</span><span class="p">(</span><span class="n">stock_data</span><span class="p">,</span> <span class="mi">20</span><span class="p">)</span> <span class="n">sma_5_prev</span> <span class="o">=</span> <span class="nf">calculate_moving_average</span><span class="p">(</span><span class="n">stock_data</span><span class="p">[:</span><span class="o">-</span><span class="mi">1</span><span class="p">],</span> <span class="mi">5</span><span class="p">)</span> <span class="n">sma_20_prev</span> <span class="o">=</span> <span class="nf">calculate_moving_average</span><span class="p">(</span><span class="n">stock_data</span><span class="p">[:</span><span class="o">-</span><span class="mi">1</span><span class="p">],</span> <span class="mi">20</span><span class="p">)</span> <span class="n">message</span> <span class="o">=</span> <span class="bp">None</span> <span class="k">if</span> <span class="n">sma_5_prev</span> <span class="o">&lt;</span> <span class="n">sma_20_prev</span> <span class="ow">and</span> <span class="n">sma_5</span> <span class="o">&gt;</span> <span class="n">sma_20</span><span class="p">:</span> <span class="n">message</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">symbol</span><span class="si">}</span><span class="s"> is in an Uptrend! Consider a buy opportunity.</span><span class="sh">"</span> <span class="k">elif</span> <span class="n">sma_5_prev</span> <span class="o">&gt;</span> <span class="n">sma_20_prev</span> <span class="ow">and</span> <span class="n">sma_5</span> <span class="o">&lt;</span> <span class="n">sma_20</span><span class="p">:</span> <span class="n">message</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">symbol</span><span class="si">}</span><span class="s"> is in a Downtrend! Consider selling.</span><span class="sh">"</span> <span class="k">if</span> <span class="n">message</span><span class="p">:</span> <span class="n">sns</span><span class="p">.</span><span class="nf">publish</span><span class="p">(</span><span class="n">TopicArn</span><span class="o">=</span><span class="n">SNS_TOPIC_ARN</span><span class="p">,</span> <span class="n">Message</span><span class="o">=</span><span class="n">message</span><span class="p">,</span> <span class="n">Subject</span><span class="o">=</span><span class="sa">f</span><span class="sh">"</span><span class="s">Stock Alert: </span><span class="si">{</span><span class="n">symbol</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Alert sent: </span><span class="si">{</span><span class="n">message</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">statusCode</span><span class="sh">"</span><span class="p">:</span> <span class="mi">200</span><span class="p">,</span> <span class="sh">"</span><span class="s">body</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">(</span><span class="sh">"</span><span class="s">Trend analysis complete</span><span class="sh">"</span><span class="p">)}</span> </code></pre> </div> <h3> Step 3 — Query Historical Stock Data using Amazon Athena </h3> <p>Raw JSON files land in S3. AWS Glue Catalog creates a structured schema on top of them so Athena can query them with standard SQL.</p> <p><strong>Setup Glue Crawler:</strong></p> <ol> <li>Go to <strong>AWS Glue → Crawlers → Create Crawler</strong> </li> <li>Point it to your S3 bucket path: <code>s3://your-bucket/raw-data/</code> </li> <li>Create a new database: <code>stock_market_db</code> </li> <li>Run the crawler — it auto-detects schema and creates a table</li> </ol> <p><strong>Query with Athena:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Average daily price per symbol</span> <span class="k">SELECT</span> <span class="n">symbol</span><span class="p">,</span> <span class="nb">DATE</span><span class="p">(</span><span class="nb">timestamp</span><span class="p">)</span> <span class="k">AS</span> <span class="nb">date</span><span class="p">,</span> <span class="n">ROUND</span><span class="p">(</span><span class="k">AVG</span><span class="p">(</span><span class="n">price</span><span class="p">),</span> <span class="mi">2</span><span class="p">)</span> <span class="k">AS</span> <span class="n">avg_price</span><span class="p">,</span> <span class="k">MAX</span><span class="p">(</span><span class="n">high</span><span class="p">)</span> <span class="k">AS</span> <span class="n">day_high</span><span class="p">,</span> <span class="k">MIN</span><span class="p">(</span><span class="n">low</span><span class="p">)</span> <span class="k">AS</span> <span class="n">day_low</span> <span class="k">FROM</span> <span class="n">stock_market_db</span><span class="p">.</span><span class="n">raw_data</span> <span class="k">GROUP</span> <span class="k">BY</span> <span class="n">symbol</span><span class="p">,</span> <span class="nb">DATE</span><span class="p">(</span><span class="nb">timestamp</span><span class="p">)</span> <span class="k">ORDER</span> <span class="k">BY</span> <span class="nb">date</span> <span class="k">DESC</span><span class="p">;</span> <span class="c1">-- Detect anomalies</span> <span class="k">SELECT</span> <span class="n">symbol</span><span class="p">,</span> <span class="nb">timestamp</span><span class="p">,</span> <span class="n">price</span><span class="p">,</span> <span class="n">change_percent</span> <span class="k">FROM</span> <span class="n">stock_market_db</span><span class="p">.</span><span class="n">raw_data</span> <span class="k">WHERE</span> <span class="k">ABS</span><span class="p">(</span><span class="n">change_percent</span><span class="p">)</span> <span class="o">&gt;</span> <span class="mi">5</span> <span class="k">ORDER</span> <span class="k">BY</span> <span class="nb">timestamp</span> <span class="k">DESC</span><span class="p">;</span> </code></pre> </div> <blockquote> <p>💡 <strong>Tip:</strong> Set your Athena query results S3 bucket in <strong>Settings</strong> before running queries.</p> </blockquote> <h3> Step 4 — Stock Trend Alerts using SNS </h3> <p><strong>Setup SNS Topic:</strong></p> <ol> <li>Go to <strong>AWS SNS → Topics → Create Topic</strong> </li> <li>Type: <strong>Standard</strong> </li> <li>Name: <code>Stock_Trend_Alerts</code> </li> <li>Click <strong>Create</strong> </li> </ol> <p><strong>Add Subscription:</strong></p> <ol> <li>Click your topic → <strong>Create Subscription</strong> </li> <li>Protocol: <strong>Email</strong> or <strong>SMS</strong> </li> <li>Endpoint: your email or phone number</li> <li>Confirm the subscription from your inbox</li> </ol> <p>Once the trend analyzer Lambda detects a crossover, SNS fires an alert like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight email"><code><span class="nt">Subject</span><span class="o">:</span><span class="na"> Stock Alert: AAPL</span> <span class="nt">Message</span><span class="o">:</span><span class="na"> AAPL is in an Uptrend! Consider a buy opportunity.</span> </code></pre> </div> <h2> Key Learnings 🧠 </h2> <ul> <li> <strong>Kinesis</strong> is perfect for real-time event streaming — On-demand mode saves cost for unpredictable workloads</li> <li> <strong>Lambda</strong> + <strong>Kinesis trigger</strong> gives you a fully serverless processing layer with automatic scaling</li> <li>Always convert <strong>numpy types to native Python</strong> before serializing to JSON or sending to AWS services</li> <li> <strong>DynamoDB</strong> works great for low-latency lookups but design your partition key carefully — <code>symbol</code> + <code>timestamp</code> as composite key works well here</li> <li> <strong>Glue + Athena</strong> is a powerful combo for ad-hoc SQL queries on raw S3 data without spinning up any infrastructure</li> <li>SMA crossover is a simple but effective signal for trend detection in real-time pipelines</li> </ul> <h2> Resources 🔗 </h2> <ul> <li><a href="https://docs.aws.amazon.com/streams/latest/dev/introduction.html" rel="noopener noreferrer">Amazon Kinesis Data Streams Docs</a></li> <li><a href="https://docs.aws.amazon.com/lambda/latest/dg/welcome.html" rel="noopener noreferrer">AWS Lambda Developer Guide</a></li> <li><a href="https://docs.aws.amazon.com/athena/latest/ug/getting-started.html" rel="noopener noreferrer">Amazon Athena Getting Started</a></li> <li><a href="https://docs.aws.amazon.com/sns/latest/dg/welcome.html" rel="noopener noreferrer">Amazon SNS Documentation</a></li> <li><a href="https://pypi.org/project/yfinance/" rel="noopener noreferrer">yfinance Python Library</a></li> </ul> <p><em>Written by **Muhammad Awais</em>* — DevSecOps Engineer | CKA | CKS*<br> <em>Connect on <a href="https://www.linkedin.com/in/awais684/" rel="noopener noreferrer">LinkedIn</a> | <a href="https://github.com/awais684" rel="noopener noreferrer">GitHub</a></em></p> devops cloud cicd security Muhammad Awais Zahid Fri, 13 Feb 2026 10:08:06 +0000 https://dev.to/awais_684/application-security-sast-sca-dast-23kj https://dev.to/awais_684/application-security-sast-sca-dast-23kj <h2> Focus </h2> <p>This guide helps <strong>absolute beginners</strong> understand:</p> <ul> <li>What <strong>SAST</strong>, <strong>SCA</strong>, and <strong>DAST</strong> are</li> <li>Why we need <em>all three</em> </li> <li>How security tools actually find vulnerabilities</li> <li>How attackers exploit insecure applications</li> <li>How developers should fix issues</li> </ul> <p>You will <strong>build</strong>, <strong>scan</strong>, <strong>attack</strong> a real application.</p> <h2> Core Concepts (Before Touching Tools) </h2> <h3> What is SAST? </h3> <p><strong>Static Application Security Testing</strong></p> <ul> <li>Scans <strong>source code</strong> </li> <li>Does <strong>not</strong> run the application</li> <li>Finds insecure coding patterns</li> <li>Best used <strong>early</strong> (IDE / Pull Requests)</li> </ul> <p>Examples:</p> <ul> <li>Hardcoded secrets</li> <li>SQL injection patterns</li> <li>Command execution risks</li> <li>Insecure Deserialization (pickle)</li> <li>Arbitrary Code Execution (eval/exec)</li> <li>Unsafe YAML Loading (yaml.load)</li> <li>Path Traversal (tarfile.extractall)</li> <li>Insecure SSL/TLS (verify=False)</li> <li>Weak Cryptography (MD5/SHA1 usage)</li> <li>Insecure Temp Files (tempfile.mktemp)</li> </ul> <h4> Detailed Information </h4> <ul> <li>Hardcoded secrets: Storing sensitive data like passwords or API keys directly in your code where anyone who sees the file can steal them.</li> <li>SQL injection patterns: Building database queries by gluing strings together, which lets hackers "trick" your database into deleting data or leaking secrets.</li> <li>Command execution risks: Passing user input directly to your operating system, allowing a hacker to run any command (like format C:) on your server.</li> <li>Insecure Deserialization (pickle): Using the pickle tool on data from the internet, which can automatically run hidden malicious code the moment the file is opened.</li> <li>Arbitrary Code Execution (eval/exec): Using functions that turn text into live code, effectively giving a stranger the keyboard to your application.</li> <li>Unsafe YAML Loading (yaml.load): Opening configuration files in a way that allows the file itself to trigger Python commands during the reading process.</li> <li>Path Traversal (tarfile.extractall): Unzipping files without checking their names, which can let a malicious file overwrite important system files outside your project folder.</li> <li>Insecure SSL/TLS (verify=False): Turning off "security checks" for internet connections, making it easy for hackers to spy on your encrypted data.</li> <li>Weak Cryptography (MD5/SHA1 usage): Using "broken" mathematical formulas to hide data that modern computers can crack in seconds.</li> <li>Insecure Temp Files (tempfile.mktemp): Creating a temporary file name without instantly "locking" it, creating a tiny window of time for a hacker to swap it with a malicious file. </li> </ul> <h3> What is SCA? </h3> <p><strong>Software Composition Analysis</strong></p> <ul> <li>Scans <strong>dependencies</strong> </li> <li>Matches versions against <strong>known CVEs</strong> </li> <li>Answers: <em>“Are we using vulnerable packages?”</em> </li> </ul> <blockquote> <p>Even perfect code can be insecure because of vulnerable libraries.</p> </blockquote> <h3> What is DAST? </h3> <p><strong>Dynamic Application Security Testing</strong></p> <ul> <li>Attacks a <strong>running application</strong> </li> <li>No access to source code</li> <li>Simulates real attackers</li> <li>Finds <strong>exploitable vulnerabilities</strong> </li> </ul> <h2> Why We Need All Three </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Tool</th> <th>Code</th> <th>Dependencies</th> <th>Running App</th> </tr> </thead> <tbody> <tr> <td>SAST</td> <td>✅</td> <td>❌</td> <td>❌</td> </tr> <tr> <td>SCA</td> <td>❌</td> <td>✅</td> <td>❌</td> </tr> <tr> <td>DAST</td> <td>❌</td> <td>❌</td> <td>✅</td> </tr> </tbody> </table></div> <p>👉 <strong>No single tool is enough.</strong></p> <h2> Lab Overview </h2> <p>We will:</p> <ol> <li>Build a vulnerable Python app</li> <li>Run <strong>SAST</strong> using SonarQube</li> <li>Run <strong>SCA</strong> using pip-audit</li> <li>Run <strong>DAST</strong> using OWASP ZAP</li> <li>Compare findings</li> <li>Understand how to fix them</li> </ol> <h2> 🏗️ Project Structure </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>vulnerable-app/ ├── app.py ├── requirements.txt ├── users.db └── sonar-project.properties </code></pre> </div> <h2> Step 1: Vulnerable Application </h2> <h3> app.py </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">flask</span> <span class="kn">import</span> <span class="n">Flask</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="n">jsonify</span> <span class="kn">import</span> <span class="n">sqlite3</span> <span class="kn">import</span> <span class="n">random</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">Flask</span><span class="p">(</span><span class="n">__name__</span><span class="p">)</span> <span class="n">DATABASE</span> <span class="o">=</span> <span class="sh">"</span><span class="s">users.db</span><span class="sh">"</span> <span class="k">def</span> <span class="nf">get_db</span><span class="p">():</span> <span class="k">return</span> <span class="n">sqlite3</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="n">DATABASE</span><span class="p">)</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">"</span><span class="s">/</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">home</span><span class="p">():</span> <span class="k">return</span> <span class="sh">"</span><span class="s">User Management Service</span><span class="sh">"</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">"</span><span class="s">/user</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">get_user</span><span class="p">():</span> <span class="n">user_id</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">args</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">)</span> <span class="n">conn</span> <span class="o">=</span> <span class="nf">get_db</span><span class="p">()</span> <span class="n">cursor</span> <span class="o">=</span> <span class="n">conn</span><span class="p">.</span><span class="nf">cursor</span><span class="p">()</span> <span class="n">query</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">SELECT id, username FROM users WHERE id = </span><span class="sh">'</span><span class="si">{</span><span class="n">user_id</span><span class="si">}</span><span class="sh">'"</span> <span class="n">cursor</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="n">query</span><span class="p">)</span> <span class="n">user</span> <span class="o">=</span> <span class="n">cursor</span><span class="p">.</span><span class="nf">fetchone</span><span class="p">()</span> <span class="n">conn</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">user</span><span class="p">:</span> <span class="k">return</span> <span class="nf">jsonify</span><span class="p">({</span><span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">User not found</span><span class="sh">"</span><span class="p">}),</span> <span class="mi">404</span> <span class="k">return</span> <span class="nf">jsonify</span><span class="p">({</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">:</span> <span class="n">user</span><span class="p">[</span><span class="mi">0</span><span class="p">],</span> <span class="sh">"</span><span class="s">username</span><span class="sh">"</span><span class="p">:</span> <span class="n">user</span><span class="p">[</span><span class="mi">1</span><span class="p">]})</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">"</span><span class="s">/token</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">generate_token</span><span class="p">():</span> <span class="n">token</span> <span class="o">=</span> <span class="nf">str</span><span class="p">(</span><span class="n">random</span><span class="p">.</span><span class="nf">random</span><span class="p">())</span> <span class="k">return</span> <span class="nf">jsonify</span><span class="p">({</span><span class="sh">"</span><span class="s">token</span><span class="sh">"</span><span class="p">:</span> <span class="n">token</span><span class="p">})</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">"</span><span class="s">/admin/calc</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">admin_calculate</span><span class="p">():</span> <span class="n">expr</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">args</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">expr</span><span class="sh">"</span><span class="p">)</span> <span class="n">result</span> <span class="o">=</span> <span class="nf">eval</span><span class="p">(</span><span class="n">expr</span><span class="p">)</span> <span class="k">return</span> <span class="nf">jsonify</span><span class="p">({</span><span class="sh">"</span><span class="s">result</span><span class="sh">"</span><span class="p">:</span> <span class="n">result</span><span class="p">})</span> <span class="k">if</span> <span class="n">__name__</span> <span class="o">==</span> <span class="sh">"</span><span class="s">__main__</span><span class="sh">"</span><span class="p">:</span> <span class="n">app</span><span class="p">.</span><span class="nf">run</span><span class="p">(</span><span class="n">debug</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> </code></pre> </div> <h2> 📦 Step 2: Vulnerable Dependencies </h2> <h3> requirements.txt </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>flask==1.0 requests==2.19.1 </code></pre> </div> <h2> 🔍 Step 3: SAST with SonarQube </h2> <h3> Start SonarQube </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">-d</span> <span class="nt">-p</span> 9000:9000 <span class="nt">--name</span> sonarqube sonarqube:9.9-community </code></pre> </div> <p>Open <a href="http://IP:9000" rel="noopener noreferrer">http://IP:9000</a><br><br> Login: <code>admin/admin</code></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3fp2itpzb7d0lzho1tal.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3fp2itpzb7d0lzho1tal.png" alt="Image descriptionl1" width="800" height="406"></a></p> <h3> sonar-project.properties </h3> <div class="highlight js-code-highlight"> <pre class="highlight properties"><code><span class="py">sonar.projectKey</span><span class="p">=</span><span class="s">vulnerable-python-app</span> <span class="py">sonar.projectName</span><span class="p">=</span><span class="s">Vulnerable Python App</span> <span class="py">sonar.sources</span><span class="p">=</span><span class="s">.</span> <span class="py">sonar.language</span><span class="p">=</span><span class="s">py</span> <span class="py">sonar.python.version</span><span class="p">=</span><span class="s">3</span> </code></pre> </div> <h3> Install Sonar Scanner </h3> <p>Follow the Instructions provided here:</p> <p><a href="https://docs.sonarsource.com/sonarqube-server/10.8/analyzing-source-code/scanners/sonarscanner" rel="noopener noreferrer">https://docs.sonarsource.com/sonarqube-server/10.8/analyzing-source-code/scanners/sonarscanner</a></p> <h3> Install Sonar CLI </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>wget <span class="s2">"https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-8.0.1.6346-linux-x64.zip"</span> <span class="nb">sudo </span>apt update <span class="nb">sudo </span>apt <span class="nb">install </span>unzip <span class="nt">-y</span> unzip sonar-scanner-cli-8.0.1.6346-linux-x64.zip <span class="nb">sudo mv </span>sonar-scanner-8.0.1.6346-linux-x64 /opt/sonar-scanner nano ~/.bashrc <span class="nb">export </span><span class="nv">SONAR_SCANNER_HOME</span><span class="o">=</span>/opt/sonar-scanner <span class="nb">export </span><span class="nv">PATH</span><span class="o">=</span><span class="s2">"</span><span class="nv">$SONAR_SCANNER_HOME</span><span class="s2">/bin:</span><span class="nv">$PATH</span><span class="s2">"</span> <span class="nb">source</span> ~/.bashrc </code></pre> </div> <h3> Run Scan </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>sonar-scanner <span class="nt">-Dsonar</span>.host.url<span class="o">=</span>http://IP:9000 <span class="nt">-Dsonar</span>.login<span class="o">=</span>&lt;TOKEN&gt; </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0ybs0w2l6av8o8joung9.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0ybs0w2l6av8o8joung9.png" alt="Image descriptionl2" width="800" height="392"></a></p> <ul> <li>Check severity</li> <li>Block merge if Critical/Blocker</li> <li>Assign issue</li> <li>Fix or justify</li> <li>Re-run scan</li> <li>Track metrics</li> <li>Improve the process of recurring</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fx54gu0mazt7xqrziwmcb.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fx54gu0mazt7xqrziwmcb.png" alt="Image descriptionl3" width="800" height="341"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F36h8xyymq6p9wvoheoho.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F36h8xyymq6p9wvoheoho.png" alt="Image descriptionl4" width="800" height="361"></a></p> <h3> Expected Findings </h3> <ul> <li>Hardcoded secrets</li> <li>SQL injection risks</li> <li>Command injection risks</li> <li>Debug mode enabled</li> </ul> <h2> Step 4: SCA with pip-audit </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update <span class="nb">sudo </span>apt <span class="nb">install </span>python3-venv python3-full <span class="nt">-y</span> python3 <span class="nt">-m</span> venv venv <span class="nb">source </span>venv/bin/activate pip <span class="nb">install </span>pip-audit pip-audit <span class="nt">-r</span> requirements.txt </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0xc58o1t6jfqqvw7dl4w.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0xc58o1t6jfqqvw7dl4w.png" alt="Image descriptionl5" width="800" height="514"></a></p> <p>Now, we will check that CVE on the internet</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8ofnfhax4tx0p1d9ki6p.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8ofnfhax4tx0p1d9ki6p.png" alt="Image descriptionl6" width="800" height="414"></a></p> <h3> Expected Findings </h3> <ul> <li>Vulnerable Flask version</li> <li>Vulnerable Requests version</li> </ul> <p>Application runs at <a href="http://IP:5000" rel="noopener noreferrer">http://IP:5000</a></p> <h2> 🕷️ Step 6: DAST with OWASP ZAP </h2> <p>Run the Juice Shop Application<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">-d</span> <span class="se">\</span> <span class="nt">--name</span> juice-shop <span class="se">\</span> <span class="nt">-p</span> 3000:3000 <span class="se">\</span> bkimminich/juice-shop </code></pre> </div> <p>Open in browser:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>IP:3000 </code></pre> </div> <p>Scan target by running ZAP from cli<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>docker run --rm \ -v "$(pwd):/zap/wrk" \ -t ghcr.io/zaproxy/zaproxy:stable \ zap-baseline.py \ -t http://IP:3000 \ -r zap-report.html </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftleqkr7dvzbas34cjj6k.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftleqkr7dvzbas34cjj6k.png" alt="Image descriptionl8" width="800" height="600"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkdgyem7825s0tqrdu97n.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkdgyem7825s0tqrdu97n.png" alt="Image descriptionl9" width="800" height="382"></a></p> <p>Scan target by running ZAP from UI<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>docker run -it \ -p 8080:8080 \ ghcr.io/zaproxy/zaproxy:stable \ zap-webswing.sh </code></pre> </div> <p>Open Zap UI:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>http://localhost:8080/zap </code></pre> </div> <h2> Compare Results </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Issue</th> <th>SAST</th> <th>SCA</th> <th>DAST</th> </tr> </thead> <tbody> <tr> <td>Hardcoded Secret</td> <td>✅</td> <td>❌</td> <td>❌</td> </tr> <tr> <td>Vulnerable Library</td> <td>❌</td> <td>✅</td> <td>❌</td> </tr> <tr> <td>SQL Injection</td> <td>✅</td> <td>❌</td> <td>✅</td> </tr> <tr> <td>Command Injection</td> <td>✅</td> <td>❌</td> <td>✅</td> </tr> </tbody> </table></div> <h2> 🛠️ What to Fix Next </h2> <ul> <li>Use parameterised SQL queries</li> <li>Remove <code>shell=True</code> </li> <li>Move secrets to environment variables</li> <li>Upgrade dependencies</li> <li>Disable debug mode</li> </ul> <p>Re-run scans and observe improvements 🚀</p> devsecops cloudsecurity owasp security Muhammad Awais Zahid Tue, 03 Feb 2026 13:45:28 +0000 https://dev.to/awais_684/deployed-a-fully-microservices-stack-on-kubernetes-aws-eks-2cfm https://dev.to/awais_684/deployed-a-fully-microservices-stack-on-kubernetes-aws-eks-2cfm <h2> Create an ec2 machine </h2> <p>First of all, create a ec2 machine of Ubuntu and t2.large and 30gb storage</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foyikjcloujotsrws7vd7.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foyikjcloujotsrws7vd7.png" alt="Image description1" width="800" height="285"></a></p> <h2> SSH into the machine </h2> <p>run following commands, get ssh of your ec2 machine and install some packages<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ssh -i "pem-key.pem" ubuntu@ec2-3-88-54-141.compute-1.amazonaws.com sudo apt update -y sudo apt install unzip curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install aws --version curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.19.6/2021-01-05/bin/linux/amd64/kubectl chmod +x ./kubectl sudo mv ./kubectl /usr/local/bin kubectl version --short --client curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp sudo mv /tmp/eksctl /usr/local/bin eksctl version </code></pre> </div> <h2> Create EKS-Cluster </h2> <p>Run the following commands to create eks-cluster<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>eksctl create cluster --name eksclicluster --region us-east-1 --zones us-east-1a,us-east-1b --without-nodegroup eksctl utils associate-iam-oidc-provider --region us-east-1 --cluster eksclicluster --approve eksctl create nodegroup --cluster=my-cluster --name=mynodegroup --region=us-east-1 --node-type=t3.medium --nodes=2 --nodes-min=2 --nodes-max=4 --node-volume-size=20 --ssh-access --ssh-public-key=pem-key --managed </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy83exohund4k6c68xy7k.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy83exohund4k6c68xy7k.png" alt="Image description2" width="800" height="347"></a></p> <h2> Configure Loadbalancer Controller </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>curl -o iam-policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.17.0/docs/install/iam_policy.json aws iam create-policy \ --policy-name AWSLoadBalancerControllerIAMPolicy \ --policy-document file://iam-policy.json eksctl create iamserviceaccount \ --cluster=&lt;cluster-name&gt; \ --namespace=kube-system \ --name=aws-load-balancer-controller \ --attach-policy-arn=arn:aws:iam::&lt;AWS_ACCOUNT_ID&gt;:policy/AWSLoadBalancerControllerIAMPolicy \ --override-existing-serviceaccounts \ --region &lt;region-code&gt; \ --approve helm repo add eks https://aws.github.io/eks-charts helm repo update eks helm install aws-load-balancer-controller eks/aws-load-balancer-controller \ -n kube-system \ --set clusterName=&lt;your-cluster-name&gt; \ --set serviceAccount.create=false \ --set serviceAccount.name=aws-load-balancer-controller \ --set region=&lt;region&gt; \ --set vpcId=&lt;your-vpc-id&gt; helm repo add eks https://aws.github.io/eks-charts </code></pre> </div> <h2> EBS CSI Plugin configuration </h2> <p>The Amazon EBS CSI plugin requires IAM permissions to make calls to AWS APIs on your behalf.</p> <p>Create an IAM role and attach a policy. AWS maintains an AWS-managed policy, or you can create your own custom policy. You can create an IAM role and attach the AWS managed policy with the following command. Replace my-cluster with the name of your cluster. The command deploys an AWS CloudFormation stack that creates an IAM role and attaches the IAM policy to it<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>eksctl create iamserviceaccount \ --name ebs-csi-controller-sa \ --namespace kube-system \ --cluster &lt;YOUR-CLUSTER-NAME&gt; \ --role-name AmazonEKS_EBS_CSI_DriverRole \ --role-only \ --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \ --approve eksctl create addon --name aws-ebs-csi-driver --cluster &lt;YOUR-CLUSTER-NAME&gt; --service-account-role-arn arn:aws:iam::&lt;AWS-ACCOUNT-ID&gt;:role/AmazonEKS_EBS_CSI_DriverRole --force </code></pre> </div> <h2> Install Application Project </h2> <p>Either create with HELM or use following method<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># from the chart directory (where Chart.yaml is) helm template three-tier . &gt; all.yaml # apply (and re-apply) like normal kubectl kubectl apply -f all.yaml kubectl apply -f ingress.yaml kubectl get ingress -n default -w </code></pre> </div> <p>When you see an ADDRESS: k8s-...elb.amazonaws.com → your ALB is created.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>User/Browser | | HTTPS v AWS ALB (created/managed by AWS Load Balancer Controller via Ingress) | v Kubernetes Ingress (EKS) | v Web Frontend Service | +--&gt; Cart Service ------&gt; Redis (StatefulSet) | +--&gt; Catalogue Service -&gt; MySQL ----\ | \ +--&gt; User Service ------&gt; MongoDB -----&gt; (PVCs -&gt; EBS CSI Driver -&gt; Amazon EBS) | +--&gt; Ratings Service ---&gt; MongoDB | +--&gt; Shipping Service --&gt; RabbitMQ &lt;--- Dispatch Service | +--&gt; Payment Service </code></pre> </div> cloud devops microservices kubernetes Muhammad Awais Zahid Fri, 02 Jan 2026 16:17:25 +0000 https://dev.to/awais_684/short-secure-terraform-project-1p09 https://dev.to/awais_684/short-secure-terraform-project-1p09 <h2> 1. Create a Provider.tf file </h2> <p>In this file i specify the region and AWS user credentials using one of the following secure ways</p> <ul> <li>aws configure</li> <li>Environment variables</li> <li>IAM roles (recommended for EC2, CloudShell, CI/CD) </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>provider "aws" { region = "us-east-1" } </code></pre> </div> <h2> 2. Create Main.tf file </h2> <p>In this file i created an S3 bucket for the remote backend to store terraform state file and make it private with versioning enabled<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>resource "aws_s3_bucket" "example" { bucket = "my-unique-bucket-name-12345" # change this to a unique name acl = "private" versioning { enabled = true } # Block public access block_public_acls = true block_public_policy = true ignore_public_acls = true restrict_public_buckets = true } </code></pre> </div> <h2> 3. Create backend.tf file </h2> <p>In this file i created a remote backend S3 to store terraform state file and make it private with versioning enabled<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>terraform { backend "s3" { bucket = "my-terraform-state-johndoe123" # Replace with your unique bucket name key = "terraform-state-file" region = "us-east-1" } } </code></pre> </div> <h2> 4. Create an AWS Secret Manager </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>aws secretsmanager create-secret --name my-database-password-johndoe --secret-string "YourSecurePassword" </code></pre> </div> <h2> 5. Update Main.tf file </h2> <p>updated my main.tf and create RDS resource<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>resource "aws_s3_bucket" "example" { bucket = "my-unique-bucket-name-12345" # change this to a unique name acl = "private" versioning { enabled = true } # Block public access block_public_acls = true block_public_policy = true ignore_public_acls = true restrict_public_buckets = true } data "aws_secretsmanager_secret_version" "database_password" { secret_id = "my-database-password-johndoe" } resource "aws_db_instance" "my_secret_db" { identifier = "rds-db-instance" allocated_storage = 20 storage_type = "gp2" engine = "mysql" engine_version = "8.0.43" instance_class = "db.t3.micro" username = "admin" password = data.aws_secretsmanager_secret_version.database_password.secret_string # Using the retrieved secret value } </code></pre> </div> terraform aws cloud devops Muhammad Awais Zahid Wed, 24 Dec 2025 17:46:53 +0000 https://dev.to/awais_684/a-practical-guide-to-troubleshooting-git-push-errors-in-terraform-projects-371p https://dev.to/awais_684/a-practical-guide-to-troubleshooting-git-push-errors-in-terraform-projects-371p <p>While working on a Terraform project, I ran into several Git push errors that initially felt confusing and frustrating. However, each error turned out to be a valuable learning moment. This article documents those issues step by step, explains why they happen, and shows how to fix them correctly.</p> <p>If you’re learning Terraform, DevOps, or Infrastructure as Code, chances are you’ll encounter these same problems.</p> <h2> 1️⃣GitHub Rejects Large Files (&gt;100 MB) </h2> <p>Error:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>File .terraform/...terraform-provider-aws is larger than 100 MB </code></pre> </div> <p><strong>Why this happens</strong><br> The .terraform/ directory was committed. This directory contains Terraform provider binaries, which can be hundreds of megabytes in size and should never be version-controlled.</p> <p><strong>Correct Fix</strong><br> Add the following to .gitignore<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>.terraform/ *.tfstate *.tfstate.backup </code></pre> </div> <p>If the file already exists in Git history, the cleanest approach for new projects is to reinitialise the repository:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rm -rf .git git init git add . git commit -m &lt;commit-id&gt; </code></pre> </div> <h2> 2️⃣GitHub Push Protection Blocks Secrets </h2> <p>Error:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Push cannot contain secrets (AWS Access Key detected) </code></pre> </div> <p><strong>Why this happens</strong><br> AWS credentials were hardcoded inside provider.tf. GitHub automatically scans commits for secrets and blocks pushes to prevent credential leaks.</p> <p><strong>What Not to Do</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>provider "aws" { access_key = "AKIA..." secret_key = "xxxx" } </code></pre> </div> <p><strong>Correct Approach</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>provider "aws" { region = "us-east-1" } (or add credentials in another file and add that file in .gitignore) </code></pre> </div> <h2> Provide credentials securely using: </h2> <ul> <li><p>aws configure</p></li> <li><p>Environment variables</p></li> <li><p>IAM roles (recommended for EC2, CloudShell, CI/CD)</p></li> </ul> <p>⚠️ If credentials were committed, they should be rotated immediately, even if the push was blocked.</p> git github terraform devops Muhammad Awais Zahid Wed, 10 Dec 2025 10:16:08 +0000 https://dev.to/awais_684/bluegreen-deployment-on-aws-using-codedeploy-and-codepipeline-2m34 https://dev.to/awais_684/bluegreen-deployment-on-aws-using-codedeploy-and-codepipeline-2m34 <p>When you're learning AWS in depth, nothing teaches you better than building a real-world pipeline. In this project, I created a highly available and automated deployment architecture using EC2, CodeDeploy, Load Balancer, Auto Scaling Group, Launch Templates, GitHub, and CodePipeline.</p> <p>This blog walks you through the exact process — every IAM role, installation, configuration, and deployment — so you can rebuild it on your own or use it as a learning reference.</p> <h2> This setup ensures: </h2> <p>High availability<br> Automated deployments<br> Auto-healing servers<br> CI/CD with zero manual intervention</p> <h2> 1️⃣ Creating IAM Roles </h2> <p>"IAM Role for EC2"</p> <p>This EC2 role needs permissions for:</p> <p>Administrator Access<br> AmazonS3FullAccess<br> AWSCodeDeployFullAccess<br> AWSCodePipelineFullAccess<br> AutoScaling Full Access<br> ELB Full Access</p> <p>Create IAM Role → AWS Service → EC2 → Attach Policies above → Create Role<br> Attach this role later when launching the EC2 instance.</p> <p>"IAM Role for CodeDeploy"</p> <p>CodeDeploy uses this role to interact with your EC2 instances.</p> <p>AdministratorAccess<br> AmazonS3FullAccess<br> Service: CodeDeploy</p> <h2> 2️⃣ Launching an EC2 Instance (Amazon Linux) </h2> <ul> <li>AMI: Amazon Linux 2</li> <li>Instance Type: t2.micro (Free tier)</li> <li>IAM Role: attach the EC2 role you created</li> <li>Security Group: open HTTP (80) + SSH (22)</li> </ul> <p>SSH into the instance:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo yum install httpd -y sudo systemctl start httpd sudo systemctl enable httpd </code></pre> </div> <h2> 3️⃣ Installing the CodeDeploy Agent </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo yum install ruby -y sudo yum install wget -y cd /home/ec2-user wget https://aws-codedeploy-us-east-1.s3.us-east-1.amazonaws.com/latest/install chmod +x ./install sudo ./install auto sudo systemctl start codedeploy-agent sudo systemctl enable codedeploy-agent </code></pre> </div> <p>Verify:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo systemctl status codedeploy-agent </code></pre> </div> <h2> 4️⃣ Creating an AMI from the EC2 Instance </h2> <p>Now that the EC2 instance has a proper role attached:</p> <p>Apache<br> CodeDeploy agent</p> <p><strong>→ Create an AMI:</strong></p> <p>Actions → Image and Templates → Create Image (AMI)<br> Include:</p> <p>Root volume<br> OS</p> <p>This AMI becomes your base image for Auto Scaling.</p> <h2> 5️⃣ Creating a Launch Template </h2> <ul> <li>Go to EC2 → Launch Templates → Create Template</li> <li>Use the AMI you just created</li> <li>Attach the same IAM role</li> <li>Set Auto Scaling Guidance = Enabled</li> <li>Save template</li> </ul> <p>After this → Terminate the original EC2 instance<br> (Your ASG will take over from here.)</p> <h2> 6️⃣ Create a Load Balancer </h2> <ul> <li>Use Application Load Balancer (ALB):</li> <li>Scheme: Internet-facing</li> <li>Listeners: HTTP (80)</li> <li>Target Group: Register later by ASG</li> <li>Health Check Path: /</li> </ul> <h2> 7️⃣ Creating the Auto Scaling Group (ASG) </h2> <p>Go to EC2 → Auto Scaling Groups → Create<br> Select the Launch Template</p> <ul> <li>Select 2 AZs</li> <li>Attach the Load Balancer Target Group</li> <li>Desired Capacity: 2</li> <li>Min: 2</li> <li>Max: 3</li> </ul> <p>Your ASG will launch 2 EC2 instances from the AMI → both have CodeDeploy agent → both are healthy behind ALB.</p> <h2> 8️⃣ Setting Up CodeDeploy </h2> <ul> <li>Create Application → Type: EC2/On-premises</li> <li>Create Deployment Group:</li> <li>Select Service Role (CodeDeploy IAM Role)</li> <li>Deployment Type: In-place</li> <li>Environment: Amazon EC2 Auto Scaling Group</li> <li>Choose your ASG</li> <li>Install during deployment: Enable</li> <li>Load Balancer: Select Target Group</li> </ul> <h2> 9️⃣ Creating Your App Files on GitHub </h2> <p>Repo structure:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>/index.html /appspec.yml </code></pre> </div> <p>index.html<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;h1&gt;Welcome to my AWS CI/CD Project!&lt;/h1&gt; &lt;p&gt;This deployment was automated using AWS CodeDeploy &amp; CodePipeline.&lt;/p&gt; </code></pre> </div> <p>appspec.yml<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>version: 0.0 os: linux files: - source: index.html destination: /var/www/html </code></pre> </div> <h2> 🔟 Creating CodePipeline </h2> <p>Now connect the whole workflow:</p> <ul> <li>Source Stage → GitHub</li> <li>Connect to your repo</li> <li>Detect changes automatically</li> <li>Deploy Stage → CodeDeploy</li> <li>Select Application</li> <li>Select Deployment Group</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjdd61s71cp5i1msqif8f.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjdd61s71cp5i1msqif8f.png" alt="Image description1" width="800" height="333"></a></p> <p>Whenever you push changes to the main branch:</p> <p>Pipeline is triggered<br> CodeDeploy pushes the latest files<br> ASG instances receive an update<br> ALB routes traffic to healthy updated instances</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5pla0t7n4v83dipqmxdo.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5pla0t7n4v83dipqmxdo.png" alt="Image description2" width="800" height="330"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo37gqd43nb1feyusjzs6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo37gqd43nb1feyusjzs6.png" alt="Image description3" width="800" height="335"></a></p> <p>🎉 Full CI/CD and Auto Scaling setup is complete!</p> cicd devops tutorial aws Muhammad Awais Zahid Mon, 08 Dec 2025 10:30:36 +0000 https://dev.to/awais_684/getting-started-with-amazon-ecs-a-practical-guide-for-real-world-deployments-lia https://dev.to/awais_684/getting-started-with-amazon-ecs-a-practical-guide-for-real-world-deployments-lia <p>Over the past few years, containers have become the backbone of modern application delivery. But running containers at scale? That’s where the real challenge begins.<br> This is exactly where Amazon Elastic Container Service (ECS) shines.</p> <p>In this blog, I’ll walk you through ECS in a simple, practical way — the way I wish someone had explained it to me when I started. We’ll talk about what ECS is, how it works, and how to deploy a containerised app without getting lost in the AWS jungle.</p> <h2> What Exactly Is Amazon ECS? </h2> <p>Amazon ECS is AWS’s fully managed container orchestration service.<br> Think of it as the engine that runs, scales, and monitors your containers — without requiring you to install, upgrade, or maintain control planes.</p> <p>ECS gives you the flexibility to run containers on:</p> <p><strong>1. EC2 Launch Type</strong><br> You manage the servers (EC2 instances), and ECS handles the containers.</p> <p><strong>2. Fargate Launch Type</strong><br> Serverless containers — no servers to maintain, patch, or scale. AWS handles all the underlying compute.</p> <h2> Core Concepts </h2> <p><strong>1. Cluster</strong><br> A logical group where your tasks and services live. Think of it as a home for your containers.</p> <p><strong>2. Task Definition</strong><br> This is the “recipe” for your application.<br> It includes:</p> <p>Image location<br> CPU &amp; memory<br> Ports<br> Environment variables<br> IAM roles</p> <p>If you’re coming from Docker, the task definition is like a more structured Docker run command.</p> <p><strong>3. Task</strong><br> A running instance of your task definition. You can run 1 or 1000 — ECS handles scaling.</p> <p><strong>4. Service</strong><br> Responsible for keeping a certain number of tasks running at all times. If one task dies, ECS replaces it instantly.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqq721h2okz78tme4zro7.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqq721h2okz78tme4zro7.png" alt="Image description1" width="800" height="274"></a></p> <h2> Why Choose ECS Over Kubernetes? </h2> <p>Fully managed (no control plane to manage)<br> ✔️ Deep AWS integration<br> ✔️ Lower overhead for small teams<br> ✔️ Great Fargate support<br> ✔️ Simpler learning curve<br> ✔️ Predictable scaling</p> ai awschallenge cloudcomputing ecs Muhammad Awais Zahid Fri, 28 Nov 2025 10:55:59 +0000 https://dev.to/awais_684/understanding-the-aws-serverless-model-a-practical-guide-n9m https://dev.to/awais_684/understanding-the-aws-serverless-model-a-practical-guide-n9m <p>Over the last few years, the shift from traditional servers to serverless architecture has changed the way developers build and scale applications. Instead of worrying about servers, patching, or capacity, serverless lets you focus entirely on writing code and delivering value. AWS has played a major role in this movement with its strong ecosystem of serverless services.</p> <p>In this article, I’ll break down what “serverless” actually means, highlight the core AWS services involved, and share some best practices around security and cost optimisation—two areas that matter a lot when deploying real-world applications.</p> <h2> What Does “Serverless” Really Mean? </h2> <p>Despite the name, “serverless” doesn’t mean that servers disappear. It means that you don’t manage the servers.</p> <p>With serverless:</p> <ul> <li>You don’t provision instances</li> <li>You don’t maintain operating systems</li> <li>You don’t worry about scaling or capacity</li> <li>You only pay for what you use</li> </ul> <p>AWS automatically handles all the infrastructure behind the scenes. This model allows developers to build applications faster while reducing operational overhead.</p> <h2> Core AWS Serverless Services </h2> <p>AWS provides a wide range of fully managed, event-driven services that work together to build complete serverless applications:</p> <p><strong>1️⃣ AWS Lambda</strong><br> The compute backbone of serverless. You upload your code, choose a runtime (Python, Node.js, etc.), and Lambda runs it only when triggered.</p> <p><strong>2️⃣ Amazon API Gateway</strong><br> A fully managed service for creating REST or HTTP APIs. It acts as the secure entry point to your backend and integrates smoothly with Lambda.</p> <p><strong>3️⃣ Amazon DynamoDB</strong><br> A scalable NoSQL database designed for high-performance serverless applications. It has built-in backups, auto scaling, and near-instant read/write latency.</p> <p><strong>4️⃣ Amazon EventBridge &amp; Amazon SNS</strong><br> Event-driven messaging services that help decouple architectures and build reliable workflows.</p> <h2> Security Best Practices in a Serverless Architecture </h2> <p>Security is one of the most important parts of any architecture. With serverless, AWS manages the infrastructure, but you remain responsible for your application logic, permissions, and data protection. Here are some practical best practices:</p> <p><strong>✔ Apply Least-Privilege IAM Policies</strong><br> Every Lambda function should have only the permissions it absolutely needs. Avoid using broad policies like DynamoDBFullAccess in production.</p> <p><strong>✔ Use Environment Variables + KMS Encryption</strong><br> Store sensitive data (API keys, database names, secrets) in encrypted Lambda environment variables or AWS Secrets Manager.</p> <p><strong>✔ Enable API Gateway Throttling &amp; Request Validation</strong><br> This protects your backend from abuse, DDoS-style traffic, and malformed requests.</p> <p><strong>✔ Keep Lambda Dependencies Small</strong><br> Smaller packages mean faster cold starts and fewer vulnerabilities.</p> serverless aws devops security Muhammad Awais Zahid Thu, 27 Nov 2025 05:20:10 +0000 https://dev.to/awais_684/serverless-student-management-system-aws-2h5i https://dev.to/awais_684/serverless-student-management-system-aws-2h5i <p><strong>Summary</strong></p> <ul> <li>Create DynamoDB Table</li> <li>Create IAM Role for Lambda</li> <li>Lambda Function 1 – Get Students</li> <li>Lambda Function 2 – Insert Student Data</li> <li>Create API Using API Gateway</li> <li>Build Frontend on S3</li> <li>Create CloudFront Distribution</li> </ul> <h2> Create DynamoDB Table </h2> <p>Create a Table named "studentData" and Partition Key "studentid" (String). Used to store all student records securely with high availability.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fx35nhspl6h4lrk0gnqqa.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fx35nhspl6h4lrk0gnqqa.png" alt="Image description1" width="800" height="296"></a></p> <h2> Create IAM Role for Lambda </h2> <p>Created a custom IAM role with AmazonDynamoDBFullAccess permission. This role is attached to both Lambda functions to allow database read/write operations.</p> <h2> Lambda Function 1 – Get Students </h2> <p>Use Lambda Runtime "Python 3.12" and Execution role "Existing IAM role with DynamoDB full access". Added code from getstudents.py and deployed. Function retrieves student data from DynamoDB.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>import json import boto3 def lambda_handler(event, context): # Initialize a DynamoDB resource object for the specified region dynamodb = boto3.resource('dynamodb', region_name='us-east-1') # Select the DynamoDB table named 'studentData' table = dynamodb.Table('studentData') # Scan the table to retrieve all items response = table.scan() data = response['Items'] # If there are more items to scan, continue scanning until all items are retrieved while 'LastEvaluatedKey' in response: response = table.scan(ExclusiveStartKey=response['LastEvaluatedKey']) data.extend(response['Items']) # Return the retrieved data return data </code></pre> </div> <h2> Lambda Function 2 – Insert Student Data </h2> <p>Use Lambda Runtime "Python 3.12" and the Execution role "same IAM role". Added code from insertstudentdata.py and deployed. Function inserts new student records into DynamoDB.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>import json import boto3 # Create a DynamoDB object using the AWS SDK dynamodb = boto3.resource('dynamodb') # Use the DynamoDB object to select our table table = dynamodb.Table('studentData') # Define the handler function that the Lambda service will use as an entry point def lambda_handler(event, context): # Extract values from the event object we got from the Lambda service and store in variables student_id = event['studentid'] name = event['name'] student_class = event['class'] age = event['age'] # Write student data to the DynamoDB table and save the response in a variable response = table.put_item( Item={ 'studentid': student_id, 'name': name, 'class': student_class, 'age': age } ) # Return a properly formatted JSON object return { 'statusCode': 200, 'body': json.dumps('Student data saved successfully!') } </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgbirrnqdro7ovy67f4uy.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgbirrnqdro7ovy67f4uy.png" alt="Image description2" width="800" height="328"></a></p> <h2> Create API Using API Gateway </h2> <p>Use API Type "REST API" (Edge Optimized)<br> Created two methods:<br> GET → Linked to Lambda Function 1<br> POST → Linked to Lambda Function 2<br> Enabled CORS to allow browser requests.<br> Deployed the API and copied the invoke URL for frontend integration.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhw3yu7ycdfoy30guxehv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhw3yu7ycdfoy30guxehv.png" alt="Image description3" width="800" height="317"></a></p> <h2> Build Frontend on S3 </h2> <p>Created S3 bucket and uploaded index.html + script.js.<br> Public access blocked (ACL disabled).<br> Added bucket policy allowing GetObject for CloudFront.<br> Enabled Static Website Hosting.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[ { "AllowedHeaders": ["*"], "AllowedMethods": ["GET", "POST", "PUT", "DELETE", "HEAD"], "AllowedOrigins": ["*"], "ExposeHeaders": ["ETag"], "MaxAgeSeconds": 3000 } ] </code></pre> </div> <h2> Create CloudFront Distribution </h2> <p>Set index.html as the default root object.<br> Made the S3 bucket private for better security.<br> Updated bucket policy to allow CloudFront access.<br> CloudFront provides global caching and faster content delivery.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu7j6pkj6d0jaovpuz1z5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu7j6pkj6d0jaovpuz1z5.png" alt="Image description4" width="800" height="343"></a></p> <h2> OUTPUT </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb1hp7mvzy14myiun1tct.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb1hp7mvzy14myiun1tct.png" alt="Image description6" width="800" height="397"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu6pr9qll2t8en7xwt418.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu6pr9qll2t8en7xwt418.png" alt="Image description7" width="800" height="340"></a></p> aws serverless devops security Muhammad Awais Zahid Thu, 27 Nov 2025 04:59:17 +0000 https://dev.to/awais_684/cicd-pipelines-best-practices-1fcc https://dev.to/awais_684/cicd-pipelines-best-practices-1fcc <h2> 💡 Building Efficient CI/CD Pipelines with Jenkins </h2> <p>Recently, I created a Jenkins pipeline to automate the entire build → test → push → deploy workflow. This project helped me understand how continuous integration and continuous delivery (CI/CD) can make software delivery faster, more reliable, and consistent.</p> <p>Here’s what I learned and the best practices I followed while building Jenkins pipelines 👇</p> <h2> ⚙️ CI/CD Best Practices for Jenkins Pipelines </h2> <ul> <li><strong>Use Declarative Pipelines:</strong></li> </ul> <p>Keep your pipeline code in a Jenkinsfile inside your source repo for better version control and traceability.</p> <ul> <li><strong>Follow the "Build Once, Deploy Anywhere" Principle</strong></li> </ul> <p>Build your artifact once and promote it through stages (dev → staging → prod) without rebuilding.</p> <ul> <li><strong>Use Stages and Parallel Steps Wisely</strong></li> </ul> <p>Clearly define stages (build, test, push, deploy) and run independent tasks in parallel to save time.</p> <ul> <li><strong>Add Notifications &amp; Error Handling</strong></li> </ul> <p>Include post blocks for success, failure, or always to send Slack/email notifications or perform cleanup.</p> <ul> <li><strong>Keep Secrets Secure</strong></li> </ul> <p>Store credentials and tokens using Jenkins Credentials Manager — never hardcode sensitive data.</p> <ul> <li><strong>Integrate Automated Testing</strong></li> </ul> <p>Run unit and integration tests automatically before deployment to maintain code quality.</p> <ul> <li><strong>Use Environment Isolation</strong></li> </ul> <p>Utilize containers or agents to ensure consistent builds across environments.</p> <ul> <li><strong>Visualize and Monitor Pipelines</strong></li> </ul> <p>The Jenkins Blue Ocean view (as seen in my screenshot) gives an intuitive visualization of each stage’s performance.</p> <ul> <li><strong>Fail Fast, Recover Gracefully</strong></li> </ul> <p>Detect issues early (e.g., failed push or deploy stage) and ensure logs are clear for quick debugging.</p> <ul> <li><strong>Keep It Modular and Reusable</strong></li> </ul> <p>Use shared libraries for common steps so you can reuse pipeline code across multiple projects.</p> automation cicd devops Muhammad Awais Zahid Wed, 17 Sep 2025 16:58:04 +0000 https://dev.to/awais_684/about-me--5098 https://dev.to/awais_684/about-me--5098 Muhammad Awais Zahid Sun, 07 Sep 2025 16:49:44 +0000 https://dev.to/awais_684/building-and-running-a-nodejs-app-with-multi-stage-docker-builds-4e8d https://dev.to/awais_684/building-and-running-a-nodejs-app-with-multi-stage-docker-builds-4e8d <h2> Create an EC2 machine on AWS </h2> <p>Sign in to your AWS account, go to the EC2 dashboard and launch an instance with the following configuration.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3fswbxdn8m0flunf71yd.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3fswbxdn8m0flunf71yd.png" alt="Image description1" width="800" height="500"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg2dm2398foutw8xvmbn8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg2dm2398foutw8xvmbn8.png" alt="Image description2" width="800" height="520"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foydpktvhlqn4umfn535h.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foydpktvhlqn4umfn535h.png" alt="Image description3" width="800" height="473"></a></p> <h2> SSH using EC2 instance connect option, or MobaXterm or Putty </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgopbfyue69j4orq1w4fv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgopbfyue69j4orq1w4fv.png" alt="Image description4" width="800" height="309"></a></p> <h2> Install Docker </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> sudo yum update -y sudo yum install -y docker sudo service docker start sudo usermod -a -G docker ec2-user </code></pre> </div> <h2> Install git </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo yum install git -y </code></pre> </div> <h2> Write Dockerfile </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># BUILD STAGE FROM node:18-alpine AS build WORKDIR /app COPY package*.json ./ RUN npm ci COPY . . RUN npm run build # DEPLOY STAGE FROM node:18-alpine WORKDIR /app # ✅ Corrected line COPY --from=build /app/dist ./dist RUN npm install -g http-server # EXPOSE PORT EXPOSE 8080 CMD ["http-server", "dist", "-p", "8080", "-c-1"] </code></pre> </div> <h2> Clone Application Source Code </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>git clone https://github.com/awais684/Dockerize-node.js-app.git cp Dockerfile &lt;repditory name&gt; cd &lt;repository name&gt; </code></pre> </div> <h2> Build Docker image &amp; Run container </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>docker build -t &lt;image name&gt; . docker images docker run -d -p 80:8080 --name cont1 &lt;image name&gt; </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9zr2yj8351b2n3w5zukk.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9zr2yj8351b2n3w5zukk.png" alt="Image description5" width="800" height="216"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjsjfj7hv1w1ipopvm29g.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjsjfj7hv1w1ipopvm29g.png" alt="Image description6" width="800" height="408"></a></p> devops cloud docker security