DEV Community: Gabriel

Deploying a 3-Tier Full-Stack App on AWS with Terraform, GitHub Actions, and Amplify (Node.js + React)

Gabriel — Wed, 16 Jul 2025 14:01:37 +0000

In this post, I walk you through how I built and deployed a 3-tier full-stack application using AWS services. The project combines Infrastructure as Code with Terraform, CI/CD with GitHub Actions, and frontend hosting with AWS Amplify.

This guide is ideal for DevOps engineers, cloud practitioners, and developers looking to bridge the gap between application code and scalable infrastructure.

What Is a 3-Tier App?

A 3-tier architecture is a classic design pattern that divides an application into three distinct layers:

Presentation Layer (Frontend)
The user interface users interact with.
👉 In this project: a React.js app hosted on AWS Amplify.
Application Layer (Backend)
Handles business logic and API processing.
👉 Here: a Node.js API deployed on an EC2 instance behind a Load Balancer.
Data Layer (Database)
Responsible for storing and retrieving data.
👉 In this case: a PostgreSQL database deployed in a private subnet on AWS.

Why Use 3 Tiers?

Separation of concerns – Each tier is independently scalable and maintainable.
Security – Sensitive data stays isolated in the private network.
Scalability – Easily grow or debug specific components.

This architecture is widely adopted in real-world production systems and aligns perfectly with modern DevOps workflows.

Project Overview

This deployment setup uses two open-source apps to showcase DevOps automation workflows and infrastructure practices:

Backend API
A Node.js + TypeScript app using Express and Prisma ORM, connected to PostgreSQL.
🔗 Repo: gabbyTI/nodejs-simple-api-with-db
Frontend
A minimal React app that communicates with the backend via API requests.
🔗 Repo: gabbyTI/react-simpleapi-frontend

The focus isn’t on complex application logic — it’s on demonstrating how to deploy and manage full-stack apps on AWS using Terraform, CI/CD, and AWS-native services.

Architecture Diagram

Here’s the high-level infrastructure design:

Components Breakdown

A VPC with public and private subnets across two Availability Zones
Application Load Balancer (ALB) routes traffic to the backend
EC2 instance hosts the Node.js app
PostgreSQL deployed in a private subnet (via RDS or manually)
AWS Amplify hosts and deploys the frontend from GitHub
IAM roles, security groups, and routing are defined via Terraform

Infrastructure as Code with Terraform

All infrastructure lives in the infrastructure/ folder of the backend repo. Using Terraform ensures the setup is reproducible, modular, and version-controlled.

🔗 Infra Code: infrastructure/

Key AWS Resources

aws_vpc, subnets, route tables, internet/NAT gateways
aws_security_group for EC2 and RDS
aws_alb, listeners, and target groups
aws_instance for the backend app
aws_db_instance for PostgreSQL

Each resource is modularized for reusability. The infrastructure README includes setup instructions.

Backend CI/CD with GitHub Actions

The backend API is deployed to an EC2 instance via a GitHub Actions pipeline triggered on pushes to the main branch.

CI/CD Workflow

Multi-version Node Testing
The code is tested against Node.js versions 22, 23, and 24.
Artifact Packaging
After testing, an artifact containing the compiled app and environment files is prepared.
Deployment to EC2

Artifact is securely copied via scp
On the EC2 instance:
- Old files are cleared
- Dependencies are installed
- .env is generated using GitHub Secrets
- TypeScript is compiled
- Prisma migrations are applied
- Dev dependencies are pruned
- App is restarted using pm2

All secrets (e.g., DB URLs, SSH keys) are securely managed via GitHub Secrets and Encrypted Variables.

GitHub Actions Workflow (Simplified)

name: Deploy to EC2

on:
  push:
    branches: [ "main" ]

jobs:
  test:
    strategy:
      matrix:
        node-version: [22, 23, 24]
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
      - run: npm ci && npm test

  upload-artifact:
    needs: test
    steps:
      - run: upload app files as artifact

  deploy:
    needs: upload-artifact
    steps:
      - run: download artifact
      - run: scp files to EC2
      - run: ssh to EC2 and:
          - set up .env
          - install dependencies
          - run build & migrations
          - prune dev deps
          - reload app with pm2

Frontend Hosting with AWS Amplify

The frontend is hosted using AWS Amplify, which automatically builds and deploys on every GitHub push.

Why Amplify?

Built-in CI/CD and GitHub integration
Free SSL and custom domain support
Quick to set up and deploy

I connected the frontend repo, set the build output to build/, and Amplify took care of the rest.

What’s Done

✅ Full-stack app (Node.js + React) complete
✅ Infrastructure provisioned manually with Terraform
✅ CI/CD pipeline for backend using GitHub Actions
✅ Automatic frontend deployment with AWS Amplify

What’s Next

🔄 Add infrastructure CI/CD (terraform plan + apply via GitHub Actions)
📊 Integrate CloudWatch for logs and observability
📉 Set up alarms and billing alerts for cost control

Key Takeaways

You don’t need Kubernetes to follow solid DevOps practices.
Declarative IaC with Terraform boosts reproducibility and confidence.
CI/CD pipelines can be simple yet powerful.
AWS Amplify is perfect for fast and secure frontend deployments.

Let’s Connect

If you found this guide helpful, follow me or connect on LinkedIn

Feel free to ⭐ the repo or fork it for your own DevOps experiments:
🔗 https://github.com/gabbyTI/nodejs-simple-api-with-db

Quick Setup: Jenkins on AWS with Terraform & Bash

Gabriel — Sat, 16 Mar 2024 02:18:54 +0000

Introduction
The Bash Script
- docker-setup.sh
- jenkins-slave-setup.sh
- jenkins-setup.sh
Terraform IaC Scripts
- main.tf
- output.tf
Conclusion

Introduction

Hey there! Welcome to the world of automation where we make tedious tasks disappear with the magic of scripts and infrastructure as code. Today, I'm going to share with you a practical solution for automating the setup of a Jenkins server and a slave node on AWS using Terraform and Bash scripts.

Forget about manual configurations and hours of tinkering. With the scripts I've crafted, you'll breeze through the process of provisioning an AWS EC2 instance and configuring Jenkins, all in a few simple steps.

No lengthy theoretical discussions here—just pure, hands-on automation goodness. So, let's dive straight into the action and see how Terraform and Bash can revolutionize your CI/CD pipeline setup.

The Bash Scripts

We have three bash scripts that will be used in this setup:

Script to setup up Jenkins
Script to install Docker
Script to setup Jenkins slave server

docker-setup.sh

#!/bin/bash
#
# Automate Installation of Docker
# Author: Gabriel Ibenye

# Update the apt package index and install packages to allow apt to use a repository over HTTPS
sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common

# Add Docker’s official GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

# Set up the stable repository for your architecture (amd64)
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

# Update the apt package index again and install the latest version of Docker Engine and containerd
sudo apt-get update
sudo apt-get install -y docker-ce docker-ce-cli containerd.io

# Verify that Docker Engine is installed correctly
sudo docker --version

# Add your user to the docker group to run Docker commands without sudo
sudo usermod -aG docker ${USER}

echo "User added to the docker group. Logging out and back in to apply changes..."

echo "Docker setup completed."

jenkins-slave-setup.sh

#!/bin/bash
#
# Automate Jenkins Slave Node Setup
# Author: Gabriel Ibenye
#
#######################################
# Print a message in a given color.
# Arguments:
#   Color. eg: green, red
#######################################
function print_color() {
  NC='\033[0m' # No Color

  case $1 in
  "green") COLOR='\033[0;32m' ;;
  "red") COLOR='\033[0;31m' ;;
  "*") COLOR='\033[0m' ;;
  esac

  echo -e "${COLOR} $2 ${NC}"
}

echo "---------------- JENKINS SLAVE NODE SETUP ------------------"

print_color "green" "Update apt repository. "
sudo apt update

print_color "green" "Installing Java(openjdk-17-jre)"
sudo apt install openjdk-17-jre -y

echo "---------------- SETUP COMPLETE ------------------"

jenkins-setup.sh

#!/bin/bash
#
# Automate Installation of Jenkins
# Author: Gabriel Ibenye

#######################################
# Print a message in a given color.
# Arguments:
#   Color. eg: green, red
#######################################
function print_color() {
  NC='\033[0m' # No Color

  case $1 in
  "green") COLOR='\033[0;32m' ;;
  "red") COLOR='\033[0;31m' ;;
  "*") COLOR='\033[0m' ;;
  esac

  echo -e "${COLOR} $2 ${NC}"
}

#######################################
# Check the status of a given service. If not active exit script
# Arguments:
#   Service Name. eg: firewalld, mariadb
#######################################
function check_service_status() {
  service_is_active=$(sudo systemctl is-active $1)

  if [ $service_is_active = "active" ]; then
    echo "$1 is active and running"
  else
    echo "$1 is not active/running"
    exit 1
  fi
}

#######################################
# Check if a given service is enabled to run on boot. If not enabled exit script
# Arguments:
#   Service Name. eg: jenkins, mariadb
#######################################
function check_service_enable() {
  service_is_enabled=$(sudo systemctl is-enabled $1)

  if [ $service_is_enabled = "enabled" ]; then
    echo "$1 is enabled"
  else
    echo "$1 is not enabled"
    exit 1
  fi
}

#######################################
# Check the status of a firewalld rule. If not configured exit.
# Arguments:
#   Port Number. eg: 3306, 80
#######################################
function is_firewalld_rule_configured() {

  firewalld_ports=$(sudo firewall-cmd --list-all --zone=public | grep ports)

  if [[ $firewalld_ports == *$1* ]]; then
    echo "FirewallD has port $1 configured"
  else
    echo "FirewallD port $1 is not configured"
    exit 1
  fi
}

echo "---------------- Adding Debian package repository of Jenkins to apt repository ------------------"

print_color "green" "Download jenkins debian package repository. "
sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \
  https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key

print_color "green" "Adding jenkins debian package to apt repository. "
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
  https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
  /etc/apt/sources.list.d/jenkins.list >/dev/null

print_color "green" "Update apt repository. "
sudo apt update

print_color "green" "Installing fontconfig"
sudo apt install fontconfig -y

print_color "green" "Installing Java(openjdk-17-jre)"
sudo apt install openjdk-17-jre -y

print_color "green" "Installing Jenkins"
sudo apt install jenkins -y

print_color "green" "Enable jenkins service to run on boot"
sudo systemctl enable jenkins

print_color "green" "Starting jenkins service"
sudo systemctl start jenkins

# check Jenkins is enable
check_service_enable jenkins

# check Jenkins is running
check_service_status jenkins

print_color "green" "Opening jenkins default port (8080)"
sudo ufw allow 8080

print_color "green" "Opening OpenSSH port"
sudo ufw allow OpenSSH

print_color "green" "Enable Firewall"
yes | sudo ufw enable

echo "---------------- SETUP COMPLETE ------------------"

Terraform IaC Scripts

With the IaC tool terraform, we will be provisioning 2 basic ec2 instances with a security group.

Prerequisite: you should have your ssh private and public keys setup locally. To create these you can run the ssh-keygen command. Default location of the keys is ~/.ssh/ or in windows os c:/users/<user>/.ssh/.

main.tf

resource "aws_instance" "primary" {
  ami           = "ami-0e83be366243f524a"
  instance_type = "t2.micro"
  #running script
  user_data = file("path/to/bash/jenkins-setup.sh")
  tags = {
    "Name" = "Jenkins Server"
  }
  key_name               = aws_key_pair.web.id
  vpc_security_group_ids = [aws_security_group.primary.id]
}

resource "aws_instance" "slave" {
  ami           = "ami-0e83be366243f524a"
  instance_type = "t2.micro"
  #running script
  user_data = "${file("path/to/bash/jenkins-slave-setup.sh")}${file("path/to/bash/docker-setup.sh")}"
  tags = {
    "Name" = "Jenkins Slave"
  }
  key_name               = aws_key_pair.web.id
  vpc_security_group_ids = [aws_security_group.primary.id]
}

#Enabling ssh access
resource "aws_key_pair" "web" {
  public_key = file("~/.ssh/id_rsa.pub")
}

resource "aws_security_group" "primary" {
  name        = "jenkins_sg"
  description = "Allow Jenkins Server Traffic"

  # SSH Port
  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  # Jenkins port
  ingress {
    from_port   = 8080
    to_port     = 8080
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  # Allow all outbound connection over the internet
  egress {
    protocol    = "-1"
    from_port   = 0
    to_port     = 0
    cidr_blocks = ["0.0.0.0/0"]
  }
}
/**
* Creating node on jenkins
* First create a credential to login with username and private key
* Create the private key and public key on the jenkins slave (ssh-keygen)
* Use the private key on the jenkins credential you were creating earlier
* Copy and paste the public key into the authorized_keys file (~/.ssh/authorized_keys) of the slave server
* In the jenkins credentials select Non verifying Verification Strategy
*/

output.tf

output "jenkins_server_ip" {
  value = aws_instance.primary.public_ip
}
output "jenkins_slave_ip" {
  value = aws_instance.slave.public_ip
}

Conclusion

In a nutshell, automating Jenkins setup on AWS with Terraform and Bash is a game-changer. Say goodbye to manual headaches and hello to streamlined processes. With just a few commands, you're up and running, saving time and hassle. Keep exploring and tweaking to fit your needs.
Happy automating!

How to Setup Jenkins Locally With Oracle VirtualBox VM

Gabriel — Mon, 26 Feb 2024 03:32:16 +0000

Creating The Virtual Box VM
Installing Jenkins on VM
Opening the firewall
Setting Up Port Forwarding
Setting Up Jenkins

Creating The Virtual Box VM

Download and Install Oracle VM Virtual Box

Download Ubuntu 22.04 VirtualBox(VDI) Image from Osboxes.org

Note: Extract the content of the downlod downloaded file

Open Oracle VM Virtual Box application and create new VM

Name: vm-jenkins

Base: Memory 2048

CPU: 2

Use Existing Virtual Hard Disk File: Import the VDI file downloaded earlier

Start Up the VM and Login

Username: osboxes

Password: osboxes.org

Open Terminal and update system



sudo apt update

Installing Jenkins on VM

This is the Debian package repository of Jenkins to automate installation and upgrade. To use this repository, first add the key to your system



sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \
  https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key

Then add a Jenkins apt repository entry:



echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
  https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
  /etc/apt/sources.list.d/jenkins.list > /dev/null

Update your local package index, then finally install Jenkins:



sudo apt update
sudo apt install fontconfig openjdk-17-jre -y
sudo apt install jenkins -y

Start Jenkins by using systemctl:



sudo systemctl enable jenkins
sudo systemctl start jenkins

Since systemctl doesn’t display status output, we’ll use the status command to verify that Jenkins started successfully:



sudo systemctl status jenkins

If everything went well, the beginning of the status output shows that the service is active and configured to start at boot(enabled):

Output



● jenkins.service - Jenkins Continuous Integration Server
     Loaded: loaded (/lib/systemd/system/jenkins.service; enabled; vendor preset: enabled)
     Active: active (running) since Sun 2024-02-25 18:55:21 EST; 10min ago
   Main PID: 779 (java)
      Tasks: 46 (limit: 2292)
     Memory: 273.7M
        CPU: 21.993s
     CGroup: /system.slice/jenkins.service
             └─779 /usr/bin/java -Djava.awt.headless=true -jar /usr/share/java/jenkins.war --webroot=/var/cache/jenkins/war --httpP>

Now that Jenkins is up and running, let’s adjust our firewall rules so that we can reach it from a web browser to complete the initial setup.

Opening the firewall

By default, Jenkins runs on port 8080. We’ll open that port using ufw:



sudo ufw allow 8080

Note: If the firewall is inactive, the following commands will allow OpenSSH and enable the firewall:



sudo ufw allow OpenSSH
sudo ufw enable

Check ufw’s status to confirm the new rules:



sudo ufw status

You’ll notice that traffic is allowed to port 8080 from anywhere:



Status: active
To                         Action      From
--                         ------      ----
8080                       ALLOW       Anywhere
OpenSSH                    ALLOW       Anywhere
8080 (v6)                  ALLOW       Anywhere (v6)
OpenSSH (v6)               ALLOW       Anywhere (v6)

Now we will look at how to reach the jenkins vm on the host machine by setting port forwarding.

Setting Up Port Forwarding

Open VirtualBox VM settings.
Navigate to the NAT network adapter settings.
Click Advanced and then Port Forwarding.
Add a new rule named "jenkins connection".
Set Protocol to TCP.
Enter Host IP as 127.0.0.1 and Host Port as 8080.
Guest Port should also be set to 8080.
Click OK to save the settings.

Setting Up Jenkins

Open your browser and go to 127.0.0.1:8080 to access Jenkins, you will land on the getting started jenkins page:

Use the terminal in your VM and run



sudo cat /var/lib/jenkins/secrets/initialAdminPassword

Copy the 32-character alphanumeric password from the terminal and paste it into the Administrator password field on the Jenkins page. Then, click Continue.
Click on Install suggested plugins
Create your admin user
Set http://127.0.0.1:8080 as the jenkins URL
Click Save and Finish

THE END

Cloud Safety: How to Establish Azure Point-to-Site VPN Connections

Gabriel — Fri, 16 Feb 2024 23:38:01 +0000

Table of Contents
Introduction
Understanding Point-to-Site (P2S) VPN Connection
- P2S Example Sceneraio
Setting up P2S VPN Connection in Azure
Step by step P2S VPN implementation
- Create resource group
- Create virtual network
- Create gateway subnet
- Create virtual network gateway
- Point-to-Site Configuration
- Authorize the Azure VPN application
- Download VPN Client Configuration
- Install the Azure VPN client
- Import VPN Client Configuration
- Connect to the VPN
Create Virtual Machine
Logging into VM with Private IP
Conclusion

Introduction

In a world where remote work has become a norm, ensuring secure and reliable access to company infrastructure has become increasingly important, Cloud solutions like Microsoft Azure offer tools for establishing secure connections between remote users and resources hosted in the cloud. One such tool is the Point-to-Site (P2S) VPN, a mechanism that enables individual devices to securely connect to your azure infrastructure.

In this guide, we'll walk through the process of setting up a Point-to-Site VPN connection in Azure, providing step-by-step instructions to on how you can establish a secure link between your local device and your Azure infrastructure.

Understanding Point-to-Site (P2S) VPN Connection

Before diving into the setup process, let's briefly explain what a Point-to-Site VPN connection is and how it functions. In a Point-to-Site VPN configuration, individual client devices establish encrypted connections to a virtual network in Azure. This enables remote users to securely access resources such as Azure Virtual Machines, Azure SQL Databases, and other services within the virtual network, as if they were directly connected to it.

P2S Example Sceneraio

A company XYZ has an Azure virtual machine (VM) resource that has both a public & private IP address and is secured behind a virtual private network. Usually, logging into the VM is done with the public IP address but this is unsecure because it goes through the internet. So the company decides to get rid of the public IP entirely and requies staff to access the VM with only the private IP.

When trying to access the VM with private IP, the staff encounter a connection error because that private IP address is not discoverable from outside the Azure virtual network. This means that attempting to access the VM solely via its private IP address from an external network, such as the internet or another corporate network, won't establish a connection due to network isolation.

To address this problem and make sure the staff can securely reach the VM, Company XYZ opts to set up a Point-to-Site (P2S) VPN connection in Azure. With this setup, our team members can safely connect to the Azure virtual network where the VM is located from anywhere they have internet access.

Setting up P2S VPN Connection in Azure

We will go over setting up everything from scratch, including the virtual machine. Here are resources and tools that will be used in this setup:

Resource Group
Virtual Machine
Virtual Network (VNet) and Subnets
Virtual Network Gateway
Azure VPN Client

Step by step P2S VPN implementation

Create resource group

Create a resource group with name "RGTEST1". This is the resource group that you will create every other resource in.

Create virtual network

Create a virtual network resource in the RGTEST1 resource group

Name: my-secure-vnet

Create gateway subnet

Create a gateway subnet in the "my-secure-vnet" virtual network

⚠️ Price alert: virtual network gateway is NOT free. Except the SKU type VpnGw1 that is only free for the 1st 12 months of your azure free account subscription.
⚠️ DELETE ALL RESOURCES AFTER PRACTICE

Point-to-Site Configuration

In the virtual network gateway resource, navigate to and click point-to-site-configuration under settings section in the left menu. Click on Configure now. You should see something like this:

Use the details below to complete the configuration:

Address pool (can be any valid address range of your choice): 10.1.3.0/27
Tunnel type: OpenVPN(SSL)
Authentication type: Azure Active Directory
Tenant ID: https://login.microsoftonline.com/<YOUR_TENANT_ID>/ (for your tenant id go to Microsoft Entra ID -> Properties)
Audience (same for everyone): 41b23e61-6c1e-4545-b367-cd054e0ed4b4
Issuer: https://sts.windows.net/<YOUR_TENANT_ID>/

Click Save

Note:
The trailing " / " is required
Saving can take up to 30 minutes

Authorize the Azure VPN application

Make sure you are signed into to your azure portal as a Global administrator.
Copy the link below.
Replace <YOUR_TENANT_ID> with your Azure tenant ID.



https://login.microsoftonline.com/<YOUR_TENANT_ID>/oauth2/authorize?client_id=41b23e61-6c1e-4545-b367-cd054e0ed4b4&response_type=code&redirect_uri=https://portal.azure.com&nonce=1234&prompt=admin_consent

You will be prompted to sign in again, sign in with the global administrator user. You should then see this

Click "Accept"

Download VPN Client Configuration

When the P2S configuration is done saving, refresh the page and click the Download VPN Client button

A zipped file is downloaded, Extract the content to a folder. The contents are as shown below

Install the Azure VPN client

Download and install the Azure VPN client from Microsoft Store (for windows PC) and Mac App Store (For Mac)

Import VPN Client Configuration

Open the Azure VPN client and click the plus sign on the bottom left

Click on Import
Navigate to the Extracted content fronme step 7 and select the file AzureVPN/azurevpnconfig.xml.
After Importing, Click Save.

Connect to the VPN

When you click the connect button, you will be prompted to login to your azure account for authentication.

Create Virtual Machine

Now that we have our network infrasture setup, we can go ahead and create a virtual machine that will be in the virtual network. I will be creating a windows VM, here are the details i used to create the vm:

Basics Tab

-** resource group**: RGTEST1

Name: my-secure-vm
Image: Windows Server 2019 Datacenter - x64 Gen2
Size: Standard_B2s - 2 vcpus, 4 GiB memory
Username: adminUser
Password: ******************
Public Inbound Ports: Allow Seleted Ports
Select Inbound Ports: RDP (3389)

Networking Tab

Virtual network: my-secure-vnet (the vnet we created ealier)
Public IP: None (We won't be needing a public facing IP address for this vm)

⚠️ Price Alert: Creating a VM is NOT free
DELETE ALL RESOURCES AFTER PRACTICE

Click Create
Go to the newly creted VM resource and get the Private IP address

Logging into VM with Private IP

Connect your virtual network with Azure VPN Client
Open Remote Desktop Connection
Input the Private IP
Input Username and Password that we set when creating the VM

Conclusion

Throughout this guide, we've navigated the process of setting up a Point-to-Site (P2S) VPN connection in Azure. From understanding the concept of P2S VPNs to configuring the necessary resources in Azure and connecting remote devices securely, we've covered the essentials. By implementing this solution, you can ensure secure access to your Azure infrastructure for your remote workforce, enabling seamless collaboration and productivity from any location.

Cloud Resume Challenge - Azure Edition (part 2)

Gabriel — Wed, 07 Feb 2024 05:11:15 +0000

Table of Content

Table of Content
1. Introduction
2. The Deployments
- 2.1. Infrastructure CI/CD pipeline
- 2.2. Frontend CI/CD Pipeline
- 2.3. Backend CI/CD Pipeline
3. What's Next
4. Conclusion

1. Introduction

In part one, we covered the basics of my Cloud Resume Challenge journey. Now, let's dive into the heart of the challenge: deployment pipelines. These are the backbone of our cloud setup, making deployment smooth and efficient. Join me as we explore how these pipelines work and how they make our deployment process easier.

2. The Deployments

2.1. Infrastructure CI/CD pipeline

To streamline our infrastructure management, I've implemented a pipeline using GitHub Actions. Here's the breakdown of our workflow:

Initialization: We kick off by initializing Terraform, ensuring all necessary configurations and plugins are set up correctly.
Planning: Terraform meticulously plans the proposed changes, outlining what will be added, modified, or destroyed in our infrastructure.
Validation: Once the plan is generated, Terraform validates it against our existing infrastructure, ensuring compatibility and compliance without making any actual modifications.
Applying Changes: With the validated plan, Terraform proceeds to apply the changes, seamlessly updating our infrastructure to reflect the desired state.

Here is the workflow flow file:

name: CI
on:
  push:
    branches: [main]

permissions:
  contents: 'read'
  id-token: 'write'

env:
  ARM_CLIENT_ID: '${{ secrets.AZURE_CLIENT_ID }}'
  ARM_CLIENT_SECRET: '${{ secrets.AZURE_CLIENT_SECRET }}'
  ARM_SUBSCRIPTION_ID: '${{ secrets.AZURE_SUBSCRIPTION_ID }}'
  ARM_TENANT_ID: '${{ secrets.AZURE_TENANT_ID }}'

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v3
      - uses: hashicorp/setup-terraform@v3

      - name: Initialize terraform configuration
        run: terraform init

      - name: Validate terraform configuration
        run: terraform validate

      - name: Plan terraform configuration
        run: terraform plan -refresh=false

      - name: Apply terraform configuration
        run: terraform apply -refresh=false -auto-approve

Note: I used a service principal details and environment varaibles to authenticate terraform to azure. Read more about that HERE.

2.2. Frontend CI/CD Pipeline

For the deployment pipeline for the frontend, i have used github actions workflows. The workflow includes the following steps:

Azure Login: Authenticates access to the Azure environment.
Delete Previous Content: Clears out existing website content to ensure a clean deployment.
Upload New Content: Transfers the updated website content to the Azure platform.
Purge Azure CDN: Refreshes the Azure CDN to reflect the latest changes.
Azure Logout: Safely terminates the Azure session.

Here is the workflow flow file:

name: Cloud Resume Deployment
on:
  push:
    branches: [main]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: azure/login@v1
        with:
          creds: ${{ secrets.AZURE_CREDENTIALS }}
      - name: Delete previous content
        uses: azure/CLI@v1
        with:
          inlineScript: |
            az storage blob delete-batch --account-name ${{ vars.STORAGE_ACCOUNT_NAME }} --auth-mode key --source '$web'

      - name: Upload to blob storage
        uses: azure/CLI@v1
        with:
          inlineScript: |
            az storage blob upload-batch --account-name ${{ vars.STORAGE_ACCOUNT_NAME }} --auth-mode key -d '$web' -s .

      - name: Purge CDN endpoint
        uses: azure/CLI@v1
        with:
          inlineScript: |
            az cdn endpoint purge --content-paths  "/*" --profile-name ${{ vars.CDN_PROFILE_NAME }} --name ${{ vars.CDN_ENDPOINT_NAME }} --resource-group ${{ vars.RESOURCE_GROUP }}
        # Azure logout
      - name: logout
        run: |
          az logout
        if: always()

2.3. Backend CI/CD Pipeline

I decided to switch it up a bit and used azure DevOps for deploying to the Azure functions. The script steps:

Installing Dependencies: Ensuring all necessary dependencies are set up and ready to go.
Publishing Deployment Artifact: Packaging everything up neatly for deployment to Azure Functions.

Here is the pipeline file:

name: Cloud Resume Deployment
on:
  push:
    branches: [main]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: azure/login@v1
        with:
          creds: ${{ secrets.AZURE_CREDENTIALS }}
      - name: Delete previous content
        uses: azure/CLI@v1
        with:
          inlineScript: |
            az storage blob delete-batch --account-name ${{ vars.STORAGE_ACCOUNT_NAME }} --auth-mode key --source '$web'

      - name: Upload to blob storage
        uses: azure/CLI@v1
        with:
          inlineScript: |
            az storage blob upload-batch --account-name ${{ vars.STORAGE_ACCOUNT_NAME }} --auth-mode key -d '$web' -s .

      - name: Purge CDN endpoint
        uses: azure/CLI@v1
        with:
          inlineScript: |
            az cdn endpoint purge --content-paths  "/*" --profile-name ${{ vars.CDN_PROFILE_NAME }} --name ${{ vars.CDN_ENDPOINT_NAME }} --resource-group ${{ vars.RESOURCE_GROUP }}
        # Azure logout
      - name: logout
        run: |
          az logout
        if: always()

The remaining steps are configured in Azure DevOps by creating a release pipeline. Here is mine shown below:

3. What's Next

While the project is mostly complete, there's always room for improvement. Here are some areas I'll be focusing on to enhance my knowledge and experience:

Implementing unit testing for Python code.
Conducting code scans with SonarQube or Synk for security and quality assurance.
Modularizing infrastructure to make it more reusable and scalable.
Privatizing Azure infrastructure behind a VNet (Virtual Network) for enhanced security.
Setting up a DNS Zone and managing my custom domain for better branding and accessibility.
Implementing monitoring solutions to ensure system health and performance optimization.

4. Conclusion

That wraps up part two of our Cloud Resume Challenge journey! We've dived deep into the deployment pipelines, seeing how they make our cloud setup smooth and efficient. From initializing Terraform to deploying our frontend and backend, each step has been crucial in streamlining our deployment process.

But our journey doesn't end here. We've outlined some areas for improvement, like implementing unit testing, conducting code scans, and making our infrastructure more modular and secure. These steps will help us further enhance our project and deepen our understanding of cloud technologies.

Cloud Resume Challenge - Azure Edition (part 1)

Gabriel — Wed, 07 Feb 2024 04:34:51 +0000

Table of Content

Table of Content
1. Introduction
2. The Certification
3. The HTML, CSS & JavaScript Frontend
4. Backend Code: Python Counter API
- 4.1. Prerequisite
- 4.2. Setup
- 4.3. Running Azure Function Locally
5. Terraform IaC
6. Conclusion

1. Introduction

The Cloud Resume Challenge offers a really cool and hands-on way to dive into cloud technologies. I recently took on the Azure-focused version, and it was a fantastic journey through Microsoft's cloud platform. In this blog post, I'll share my experience and the awesome skills I picked up along the way. Here are some useful links:

Below is a diagram of the entire system, showing all tools used in for this challenge and how it was implemented.

2. The Certification

First requirement for this challenge was to get the fundamental azure certification (AZ900). I studied for this with the Microsoft learn website and it was helpful. A quick tip, the exam is a little bit more practical than you would expect, so as you go through the modules, practice on the azure portal (even as little as searching for the azure services).

3. The HTML, CSS & JavaScript Frontend

Don't know about you, but i used an existing HTML & CSS template for the website, mostly to speed up my development. You can check out the template right HERE.
I wrote a JavaScript file where i call my python counter API, here is the code below:

// Function to fetch visitor count from the API
function getVisitorCount() {
  fetch('https://<PYTHON_COUNTER_API_BASE_URL>/api/getvisitorcount', {
    method: 'GET',
    headers: {
      'Content-Type': 'application/json',
    },
  })
    .then((response) => response.json())
    .then((data) => {
      // Update the counter on the webpage
      console.log('HEREEEE');
      document.querySelector('.counter').textContent = data.count;

      // Call updateVisitorCount with the current count
      updateVisitorCount();
    })
    .catch((error) => {
      console.error('Error fetching visitor count:', error);
    });
}

// Function to update visitor count on the API
function updateVisitorCount() {
  fetch('https://<PYTHON_COUNTER_API_BASE_URL>/api/updatevisitorcount', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
    },
    body: JSON.stringify({}),
  })
    .then((response) => response.json())
    .then((data) => {
      console.log('Visitor count updated successfully:', data);
    })
    .catch((error) => {
      console.error('Error updating visitor count:', error);
    });
}

// Fetch the visitor count and update on page load
document.addEventListener('DOMContentLoaded', getVisitorCount);

4. Backend Code: Python Counter API

I had some trouble when trying to write this initially, so much so, i had to rewrite the azure functions in NodeJS(here) which worked fine, Then went back to it and discovered it was a python version constraint with the azure-functions-core-tools i had downloaded. Here is a little documentation on my backend

4.1. Prerequisite

Python v10 or higher
Azure CosmosDB for Table database connection string
Azure CLI
Install latest azure-functions-core-tools

npm install -g azure-functions-core-tools

4.2. Setup

4.2.1. Clone repository

git clone https://github.com/gabbyTI/python-counter-api.git

4.2.2. Initialize the azure function to create the

cd python-counter-api
func init

4.2.3. Install dependencies

pip install -r requirements.txt

4.2.4. Add connection string and table name to the local.settings.json file(this is created after the 2nd steps)

{
  ...
  "Values": {
    ...
    "conn_str": "your connection string",
    "table_name": "your table name"
  }
}

4.3. Running Azure Function Locally

4.2.1. Login to Azure

az login

4.2.2. Start the azure function locally

func start -p 7071

5. Terraform IaC

Provisioning the infrastructure for this challenge was done entirely with terraform IaC tool. This was the most fun for me during this challenge because of there was much i learnt from this stage. I would say the best is the knowledge of how to use the comprehensive terraform provider documentations. I created the following resources with terraform

Resource Group: containing all resources
Azure Function
ComosDB for Table API
Storage Account & Static Website Container
CDN Profile & Endpoint

I also implemented a remote backend for for my terraform state in a separate storage account and on a different resource group that i created manually. Checkout out my terraform scripts repository HERE

6. Conclusion

As we come to the end of this part of our journey, I've decided to split it into two parts to make sure we can really dive deep into everything we've experienced. In this first part, we've gone over some of the most exciting moments and things I've learned along the way. From getting my Azure certification to putting together a cool website, it's been quite the ride with its fair share of challenges and triumphs.

But hold onto your hats because the fun isn't over yet! In the next part, we'll dig even deeper into the deployment pipelines that made all of this possible. We'll take a closer look at how these pipelines were set up and fine-tuned to make our deployment process smoother than ever. So get ready for more insights and behind-the-scenes action as we continue this adventure together!
Go to part two

DEV Community: Gabriel

Deploying a 3-Tier Full-Stack App on AWS with Terraform, GitHub Actions, and Amplify (Node.js + React)

What Is a 3-Tier App?

Why Use 3 Tiers?

Project Overview

Architecture Diagram

Components Breakdown

Infrastructure as Code with Terraform

Key AWS Resources

Backend CI/CD with GitHub Actions

CI/CD Workflow

GitHub Actions Workflow (Simplified)

Frontend Hosting with AWS Amplify

Why Amplify?

What’s Done

What’s Next

Key Takeaways

Let’s Connect

Quick Setup: Jenkins on AWS with Terraform & Bash

Introduction

The Bash Scripts

docker-setup.sh

jenkins-slave-setup.sh

jenkins-setup.sh

Terraform IaC Scripts

main.tf

output.tf

Conclusion

How to Setup Jenkins Locally With Oracle VirtualBox VM

Creating The Virtual Box VM

Installing Jenkins on VM

Opening the firewall

Setting Up Port Forwarding

Setting Up Jenkins

Cloud Safety: How to Establish Azure Point-to-Site VPN Connections

Table of Contents

Introduction

Understanding Point-to-Site (P2S) VPN Connection

P2S Example Sceneraio

Setting up P2S VPN Connection in Azure

Step by step P2S VPN implementation

Create resource group

Create virtual network

Create gateway subnet

Create virtual network gateway

Point-to-Site Configuration

Authorize the Azure VPN application

Download VPN Client Configuration

Install the Azure VPN client

Import VPN Client Configuration

Connect to the VPN

Create Virtual Machine

Logging into VM with Private IP

Conclusion

Cloud Resume Challenge - Azure Edition (part 2)

Table of Content

1. Introduction

2. The Deployments

2.1. Infrastructure CI/CD pipeline

2.2. Frontend CI/CD Pipeline

2.3. Backend CI/CD Pipeline

3. What's Next

4. Conclusion

Cloud Resume Challenge - Azure Edition (part 1)

Table of Content

1. Introduction

2. The Certification

3. The HTML, CSS & JavaScript Frontend

4. Backend Code: Python Counter API

4.1. Prerequisite

4.2. Setup

4.3. Running Azure Function Locally

5. Terraform IaC

6. Conclusion