DEV Community: Nik The latest articles on DEV Community by Nik (@kolyaiks). https://dev.to/kolyaiks https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3271107%2Fe52485bd-af57-4cd1-9dce-d45b1dff376e.jpeg DEV Community: Nik https://dev.to/kolyaiks en AWS SES -> Gmail using Terraform Nik Sun, 21 Sep 2025 01:38:54 +0000 https://dev.to/kolyaiks/aws-ses-gmail-using-terraform-1jmd https://dev.to/kolyaiks/aws-ses-gmail-using-terraform-1jmd <h3> The goal </h3> <p>Let's say you have your own domain and you want to have an email address in it, but you don't want to mess with the setup and maintenance of an email server. You also have a working personal email address at Gmail or somewhere else. There is a solution for you.</p> <h3> The architecture </h3> <p>AWS Simple Email Service (SES) is the thing we can leverage to achieve this goal. The basic diagram that represents the solution is here:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq0zoxqt76lbbifc8u6a6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq0zoxqt76lbbifc8u6a6.png" alt=" " width="561" height="121"></a></p> <p>So there are a few steps in this solution:</p> <ul> <li>A message is sent to your custom email address</li> <li>DNS service, AWS Route53 in our case, has an MX entry that points to SES</li> <li>AWS SES sends this email to S3 bucket</li> <li>S3 bucket triggers Lambda that reads the message and forwards it to your Gmail address</li> <li>Once you get this email in your Gmail mailbox you're able to response from your custom email address</li> </ul> <h3> The implementation </h3> <p>Since we're using AWS, it makes sense to leverage an IAC approach and write Terraform configuration for all the components involved in this solution. Check <a href="https://github.com/kolyaiks/ses-gmail-custom-domain" rel="noopener noreferrer">here</a> if you want to see the final solution right away.</p> <p>First of all, make sure you have your bucket for storing your Terraform state set there:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">terraform</span> <span class="p">{</span> <span class="nx">required_providers</span> <span class="p">{</span> <span class="nx">aws</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"hashicorp/aws"</span> <span class="nx">version</span> <span class="p">=</span> <span class="s2">"~&gt; 6.0"</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">backend</span> <span class="s2">"s3"</span> <span class="p">{</span> <span class="nx">bucket</span> <span class="p">=</span> <span class="s2">"&lt;put your bucket here&gt;"</span> <span class="nx">key</span> <span class="p">=</span> <span class="s2">"ses-gmail-custom-domain/terraform.tfstate"</span> <span class="nx">region</span> <span class="p">=</span> <span class="s2">"us-east-1"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Then, let's create an SES Identity and DKIM setup:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqwm2v7nly9q3zgotl0tl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqwm2v7nly9q3zgotl0tl.png" alt=" " width="437" height="499"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="c1">## SES domain identity</span> <span class="k">resource</span> <span class="s2">"aws_ses_domain_identity"</span> <span class="s2">"identity"</span> <span class="p">{</span> <span class="nx">domain</span> <span class="p">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">domain_name</span> <span class="p">}</span> <span class="c1">## SES domain identity DKIM setup</span> <span class="k">resource</span> <span class="s2">"aws_ses_domain_dkim"</span> <span class="s2">"dkim"</span> <span class="p">{</span> <span class="nx">domain</span> <span class="p">=</span> <span class="nx">aws_ses_domain_identity</span><span class="p">.</span><span class="nx">identity</span><span class="p">.</span><span class="nx">domain</span> <span class="p">}</span> </code></pre> </div> <p>Once done, let's verify domain ownership, set MX, DKIM, SPF, DMARC records in Route53:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="c1">## SES domain identity -&gt; custom domain verification</span> <span class="k">resource</span> <span class="s2">"aws_route53_record"</span> <span class="s2">"amazonses_identity_verification_record"</span> <span class="p">{</span> <span class="nx">zone_id</span> <span class="p">=</span> <span class="k">data</span><span class="p">.</span><span class="nx">aws_route53_zone</span><span class="p">.</span><span class="nx">hosted_zone</span><span class="p">.</span><span class="nx">id</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"_amazonses.</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">domain_name</span><span class="k">}</span><span class="s2">"</span> <span class="nx">type</span> <span class="p">=</span> <span class="s2">"TXT"</span> <span class="nx">ttl</span> <span class="p">=</span> <span class="s2">"600"</span> <span class="nx">records</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_ses_domain_identity</span><span class="p">.</span><span class="nx">identity</span><span class="p">.</span><span class="nx">verification_token</span><span class="p">]</span> <span class="p">}</span> <span class="c1">## SES domain identity DKIM entries that allow recipient's mail server to verify digital signature included in email by using a public key stored in these entries</span> <span class="k">resource</span> <span class="s2">"aws_route53_record"</span> <span class="s2">"amazonses_identity_dkim_records"</span> <span class="p">{</span> <span class="nx">for_each</span> <span class="p">=</span> <span class="nx">toset</span><span class="p">(</span><span class="nx">aws_ses_domain_dkim</span><span class="p">.</span><span class="nx">dkim</span><span class="p">.</span><span class="nx">dkim_tokens</span><span class="p">)</span> <span class="nx">zone_id</span> <span class="p">=</span> <span class="k">data</span><span class="p">.</span><span class="nx">aws_route53_zone</span><span class="p">.</span><span class="nx">hosted_zone</span><span class="p">.</span><span class="nx">id</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">each</span><span class="p">.</span><span class="nx">key</span><span class="k">}</span><span class="s2">._domainkey.</span><span class="k">${</span><span class="nx">aws_ses_domain_identity</span><span class="p">.</span><span class="nx">identity</span><span class="p">.</span><span class="nx">domain</span><span class="k">}</span><span class="s2">"</span> <span class="nx">type</span> <span class="p">=</span> <span class="s2">"CNAME"</span> <span class="nx">ttl</span> <span class="p">=</span> <span class="mi">600</span> <span class="nx">records</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"</span><span class="k">${</span><span class="nx">each</span><span class="p">.</span><span class="nx">key</span><span class="k">}</span><span class="s2">.dkim.amazonses.com"</span><span class="p">]</span> <span class="p">}</span> <span class="c1">## MX record pointed to SES server</span> <span class="k">resource</span> <span class="s2">"aws_route53_record"</span> <span class="s2">"mx_record"</span> <span class="p">{</span> <span class="nx">zone_id</span> <span class="p">=</span> <span class="k">data</span><span class="p">.</span><span class="nx">aws_route53_zone</span><span class="p">.</span><span class="nx">hosted_zone</span><span class="p">.</span><span class="nx">id</span> <span class="nx">name</span> <span class="p">=</span> <span class="k">data</span><span class="p">.</span><span class="nx">aws_route53_zone</span><span class="p">.</span><span class="nx">hosted_zone</span><span class="p">.</span><span class="nx">name</span> <span class="nx">type</span> <span class="p">=</span> <span class="s2">"MX"</span> <span class="nx">ttl</span> <span class="p">=</span> <span class="mi">600</span> <span class="nx">records</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"10 inbound-smtp.</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">region</span><span class="k">}</span><span class="s2">.amazonaws.com"</span><span class="p">]</span> <span class="p">}</span> <span class="c1">## SPF record that shows that amazonses.com is allowed to send email on behalf of our custom domain</span> <span class="k">resource</span> <span class="s2">"aws_route53_record"</span> <span class="s2">"spf_record"</span> <span class="p">{</span> <span class="nx">zone_id</span> <span class="p">=</span> <span class="k">data</span><span class="p">.</span><span class="nx">aws_route53_zone</span><span class="p">.</span><span class="nx">hosted_zone</span><span class="p">.</span><span class="nx">id</span> <span class="nx">name</span> <span class="p">=</span> <span class="k">data</span><span class="p">.</span><span class="nx">aws_route53_zone</span><span class="p">.</span><span class="nx">hosted_zone</span><span class="p">.</span><span class="nx">name</span> <span class="nx">type</span> <span class="p">=</span> <span class="s2">"TXT"</span> <span class="nx">ttl</span> <span class="p">=</span> <span class="mi">600</span> <span class="nx">records</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"v=spf1 include:amazonses.com -all"</span><span class="p">]</span> <span class="p">}</span> <span class="c1">## DMARC record</span> <span class="k">resource</span> <span class="s2">"aws_route53_record"</span> <span class="s2">"dmarc_record"</span> <span class="p">{</span> <span class="nx">zone_id</span> <span class="p">=</span> <span class="k">data</span><span class="p">.</span><span class="nx">aws_route53_zone</span><span class="p">.</span><span class="nx">hosted_zone</span><span class="p">.</span><span class="nx">id</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"_dmarc.</span><span class="k">${data</span><span class="p">.</span><span class="nx">aws_route53_zone</span><span class="p">.</span><span class="nx">hosted_zone</span><span class="p">.</span><span class="nx">name</span><span class="k">}</span><span class="s2">"</span> <span class="nx">type</span> <span class="p">=</span> <span class="s2">"TXT"</span> <span class="nx">ttl</span> <span class="p">=</span> <span class="mi">600</span> <span class="nx">records</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"v=DMARC1; p=none;"</span><span class="p">]</span> <span class="p">}</span> </code></pre> </div> <p>Then, we can create an S3 bucket that will be used to store the emails sent to our custom domain and trigger the lambda funtion to send them:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fom90p1ux1sbh0nxr4d2e.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fom90p1ux1sbh0nxr4d2e.png" alt=" " width="800" height="273"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="c1">## S3 bucket for incoming email</span> <span class="k">resource</span> <span class="s2">"aws_s3_bucket"</span> <span class="s2">"incoming_email_bucket"</span> <span class="p">{</span> <span class="nx">bucket</span> <span class="p">=</span> <span class="s2">"ses-inbox-</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">author</span><span class="k">}</span><span class="s2">"</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_s3_bucket_server_side_encryption_configuration"</span> <span class="s2">"encryption"</span> <span class="p">{</span> <span class="nx">bucket</span> <span class="p">=</span> <span class="nx">aws_s3_bucket</span><span class="p">.</span><span class="nx">incoming_email_bucket</span><span class="p">.</span><span class="nx">id</span> <span class="nx">rule</span> <span class="p">{</span> <span class="nx">apply_server_side_encryption_by_default</span> <span class="p">{</span> <span class="nx">sse_algorithm</span> <span class="p">=</span> <span class="s2">"AES256"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_s3_bucket_notification"</span> <span class="s2">"bucket_notification"</span> <span class="p">{</span> <span class="nx">bucket</span> <span class="p">=</span> <span class="nx">aws_s3_bucket</span><span class="p">.</span><span class="nx">incoming_email_bucket</span><span class="p">.</span><span class="nx">id</span> <span class="nx">lambda_function</span> <span class="p">{</span> <span class="nx">lambda_function_arn</span> <span class="p">=</span> <span class="nx">aws_lambda_function</span><span class="p">.</span><span class="nx">lambda_forwarder</span><span class="p">.</span><span class="nx">arn</span> <span class="nx">events</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"s3:ObjectCreated:*"</span><span class="p">]</span> <span class="p">}</span> <span class="nx">depends_on</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_lambda_permission</span><span class="p">.</span><span class="nx">s3_bucket_event</span><span class="p">]</span> <span class="p">}</span> </code></pre> </div> <p>Every new email in the bucket will trigger a lambda function that pulls this message from the bucket and sends it to our Gmail account using SES (don't forget about the permissions):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="c1">## Lambda email forwarder</span> <span class="k">data</span> <span class="s2">"archive_file"</span> <span class="s2">"lambda_zip"</span> <span class="p">{</span> <span class="nx">output_path</span> <span class="p">=</span> <span class="s2">"lambda.zip"</span> <span class="nx">type</span> <span class="p">=</span> <span class="s2">"zip"</span> <span class="nx">source_dir</span> <span class="p">=</span> <span class="s2">"lambda-forwarder-source-code"</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_iam_role"</span> <span class="s2">"lambda_role"</span> <span class="p">{</span> <span class="nx">name_prefix</span> <span class="p">=</span> <span class="s2">"ses-email-forwarder-role"</span> <span class="nx">assume_role_policy</span> <span class="p">=</span> <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"> { "Version": "2012-10-17", "Statement": [ { "Action": "sts:AssumeRole", "Principal": { "Service": "lambda.amazonaws.com" }, "Effect": "Allow", "Sid": "" } ] } </span><span class="no">EOF </span><span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_iam_role_policy"</span> <span class="s2">"lambda_policy"</span> <span class="p">{</span> <span class="nx">name_prefix</span> <span class="p">=</span> <span class="s2">"ses-email-forwarder-role-policy"</span> <span class="nx">policy</span> <span class="p">=</span> <span class="nx">jsonencode</span><span class="p">(</span> <span class="p">{</span> <span class="nx">Version</span> <span class="err">:</span> <span class="s2">"2012-10-17"</span><span class="p">,</span> <span class="nx">Statement</span> <span class="err">:</span> <span class="p">[</span> <span class="p">{</span> <span class="s2">"Effect"</span> <span class="err">:</span> <span class="s2">"Allow"</span><span class="p">,</span> <span class="s2">"Action"</span> <span class="err">:</span> <span class="p">[</span> <span class="s2">"logs:CreateLogGroup"</span><span class="p">,</span> <span class="s2">"logs:CreateLogStream"</span><span class="p">,</span> <span class="s2">"logs:PutLogEvents"</span><span class="p">,</span> <span class="s2">"logs:DescribeLogStreams"</span> <span class="p">],</span> <span class="nx">Resource</span> <span class="err">:</span> <span class="p">[</span> <span class="s2">"*"</span> <span class="p">]</span> <span class="p">},</span> <span class="p">{</span> <span class="s2">"Effect"</span> <span class="err">:</span> <span class="s2">"Allow"</span><span class="p">,</span> <span class="s2">"Action"</span> <span class="err">:</span> <span class="p">[</span> <span class="s2">"s3:GetObject"</span> <span class="p">],</span> <span class="s2">"Resource"</span> <span class="err">:</span> <span class="p">[</span> <span class="s2">"</span><span class="k">${</span><span class="nx">aws_s3_bucket</span><span class="p">.</span><span class="nx">incoming_email_bucket</span><span class="p">.</span><span class="nx">arn</span><span class="k">}</span><span class="s2">/*"</span> <span class="p">]</span> <span class="p">},</span> <span class="p">{</span> <span class="s2">"Effect"</span> <span class="err">:</span> <span class="s2">"Allow"</span><span class="p">,</span> <span class="s2">"Action"</span> <span class="err">:</span> <span class="p">[</span> <span class="s2">"ses:SendEmail"</span><span class="p">,</span> <span class="s2">"ses:SendRawEmail"</span> <span class="p">],</span> <span class="s2">"Resource"</span> <span class="err">:</span> <span class="s2">"*"</span> <span class="p">}</span> <span class="p">]</span> <span class="p">})</span> <span class="nx">role</span> <span class="p">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">lambda_role</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_lambda_function"</span> <span class="s2">"lambda_forwarder"</span> <span class="p">{</span> <span class="nx">filename</span> <span class="p">=</span> <span class="s2">"lambda.zip"</span> <span class="nx">function_name</span> <span class="p">=</span> <span class="s2">"ses-email-forwarder"</span> <span class="nx">role</span> <span class="p">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">lambda_role</span><span class="p">.</span><span class="nx">arn</span> <span class="nx">handler</span> <span class="p">=</span> <span class="s2">"lambda.lambda_handler"</span> <span class="nx">source_code_hash</span> <span class="p">=</span> <span class="k">data</span><span class="p">.</span><span class="nx">archive_file</span><span class="p">.</span><span class="nx">lambda_zip</span><span class="p">.</span><span class="nx">output_base64sha256</span> <span class="nx">runtime</span> <span class="p">=</span> <span class="s2">"python3.9"</span> <span class="nx">environment</span> <span class="p">{</span> <span class="nx">variables</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">REGION</span> <span class="p">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">region</span> <span class="nx">FORWARD_TO</span> <span class="p">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">original_email</span> <span class="nx">DOMAIN</span> <span class="p">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">domain_name</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_lambda_permission"</span> <span class="s2">"s3_bucket_event"</span> <span class="p">{</span> <span class="nx">action</span> <span class="p">=</span> <span class="s2">"lambda:InvokeFunction"</span> <span class="nx">function_name</span> <span class="p">=</span> <span class="nx">aws_lambda_function</span><span class="p">.</span><span class="nx">lambda_forwarder</span><span class="p">.</span><span class="nx">arn</span> <span class="nx">principal</span> <span class="p">=</span> <span class="s2">"s3.amazonaws.com"</span> <span class="nx">statement_id</span> <span class="p">=</span> <span class="s2">"event_permissions_from_</span><span class="k">${</span><span class="nx">aws_s3_bucket</span><span class="p">.</span><span class="nx">incoming_email_bucket</span><span class="p">.</span><span class="nx">bucket</span><span class="k">}</span><span class="s2">"</span> <span class="nx">source_arn</span> <span class="p">=</span> <span class="nx">aws_s3_bucket</span><span class="p">.</span><span class="nx">incoming_email_bucket</span><span class="p">.</span><span class="nx">arn</span> <span class="p">}</span> </code></pre> </div> <p>The full Lambda source code could be found in the git repo with some other things like role policies and roles that are being tied to the objects above, not going to go too deep into it here.</p> <p>So, once the Terraform configuration is applied, the output will contain parameters we need for setting up the Gmail part:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">output</span> <span class="s2">"ses_smtp_server"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="s2">"email-smtp.</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">region</span><span class="k">}</span><span class="s2">.amazonaws.com"</span> <span class="c1">## check in your SES -&gt; SMTP settings</span> <span class="p">}</span> <span class="k">output</span> <span class="s2">"ses_smtp_server_port"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="s2">"587"</span> <span class="p">}</span> <span class="c1">## SMTP user credentials that would be used on Gmail side to send emails on SES behalf</span> <span class="k">output</span> <span class="s2">"ses_smtp_user_username"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">nonsensitive</span><span class="p">(</span><span class="nx">aws_iam_access_key</span><span class="p">.</span><span class="nx">ses_smtp_access_key</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="c1"># just for testing purposes, shouldn't be done in prod</span> <span class="p">}</span> <span class="k">output</span> <span class="s2">"ses_smtp_user_password"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">nonsensitive</span><span class="p">(</span><span class="nx">aws_iam_access_key</span><span class="p">.</span><span class="nx">ses_smtp_access_key</span><span class="p">.</span><span class="nx">ses_smtp_password_v4</span><span class="p">)</span> <span class="c1"># just for testing purposes, shouldn't be done in prod</span> <span class="p">}</span> </code></pre> </div> <p>Having them, we can go to Gmail account settings and create an alias with a new custom domain name.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb8l8jsf43jftbrkmf3g6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb8l8jsf43jftbrkmf3g6.png" alt=" " width="800" height="233"></a></p> <h3> One important notice about SES Sandbox mode </h3> <p>To be able to send and reply to every email address you will need to jump out of the sandbox mode in SES. To do so, raise a ticket with AWS support and say something like this: </p> <blockquote> <p>I've set up a custom domain in SES that's being tied to my gmail.com account. So, when someone sends email to my custom email it goes to my gmail.com email. But I can't respond to the recipient from directly, since in the sandbox mode I have to verify the recipient's email first. So, to avoid this limitation, I'd like to jump out of the sandbox mode and be able to reply to anyone who's reaching out to me via my custom email . </p> </blockquote> <p>Once approved you'll see something like this:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fetbo8zjfvs8np6xdu19d.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fetbo8zjfvs8np6xdu19d.png" alt=" " width="800" height="132"></a></p> <h3> Source code </h3> <p>All the source code could be found here: <a href="https://github.com/kolyaiks/ses-gmail-custom-domain" rel="noopener noreferrer">https://github.com/kolyaiks/ses-gmail-custom-domain</a><br> Thank you.</p> aws terraform route53 ses Building a Crypto Portfolio Tracker desktop app with PyQt6 Nik Sun, 07 Sep 2025 03:12:41 +0000 https://dev.to/kolyaiks/building-a-simple-crypto-portfolio-tracker-with-pyqt6-1mbk https://dev.to/kolyaiks/building-a-simple-crypto-portfolio-tracker-with-pyqt6-1mbk <p>I’ve been experimenting with the PyQt6 library by building a small pet project: a lightweight Crypto Portfolio Tracker. The idea was to move one of my command-line scripts into a proper desktop app — load a CSV with my holdings, fetch live prices from Kraken, and show everything in a table.</p> <p>It turned out to be a fun way to explore PyQt6’s layouts, threading, and event handling.</p> <p><strong>Project Overview</strong></p> <p>The app provides three main actions:</p> <ol> <li>Load Portfolio – import a CSV file of holdings.</li> <li>Refresh Prices – fetch current prices from the Kraken API.</li> <li>Export CSV – save the updated data back to disk.</li> </ol> <p>Along the way, I added multithreading (so the UI stays responsive), a logging system, and a config file for mapping portfolio symbols to Kraken’s trading pairs.</p> <p><strong>The Core UI</strong></p> <p>The main window is made up of:</p> <ul> <li><p>A QTableWidget for portfolio data</p></li> <li><p>Buttons for Load, Refresh, and Export.<br> </p></li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">setUI</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="nf">setWindowTitle</span><span class="p">(</span><span class="sh">"</span><span class="s">CryptoTracker</span><span class="sh">"</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">portfolio</span> <span class="o">=</span> <span class="n">pd</span><span class="p">.</span><span class="nc">DataFrame</span><span class="p">(</span><span class="n">columns</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">symbol</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">amount</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">price</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">total_value</span><span class="sh">"</span><span class="p">])</span> <span class="n">self</span><span class="p">.</span><span class="n">table</span> <span class="o">=</span> <span class="nc">QTableWidget</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="n">btn_load</span> <span class="o">=</span> <span class="nc">QPushButton</span><span class="p">(</span><span class="sh">"</span><span class="s">Load Portfolio CSV</span><span class="sh">"</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">btn_load</span><span class="p">.</span><span class="n">clicked</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">load_portfolio</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">btn_refresh</span> <span class="o">=</span> <span class="nc">QPushButton</span><span class="p">(</span><span class="sh">"</span><span class="s">Refresh Kraken Prices</span><span class="sh">"</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">btn_refresh</span><span class="p">.</span><span class="n">clicked</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">refresh_prices</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">btn_export</span> <span class="o">=</span> <span class="nc">QPushButton</span><span class="p">(</span><span class="sh">"</span><span class="s">Export to CSV</span><span class="sh">"</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">btn_export</span><span class="p">.</span><span class="n">clicked</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">export_csv</span><span class="p">)</span> <span class="n">layout</span> <span class="o">=</span> <span class="nc">QVBoxLayout</span><span class="p">()</span> <span class="n">layout</span><span class="p">.</span><span class="nf">addWidget</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">table</span><span class="p">)</span> <span class="n">layout</span><span class="p">.</span><span class="nf">addWidget</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">btn_load</span><span class="p">)</span> <span class="n">layout</span><span class="p">.</span><span class="nf">addWidget</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">btn_refresh</span><span class="p">)</span> <span class="n">layout</span><span class="p">.</span><span class="nf">addWidget</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">btn_export</span><span class="p">)</span> <span class="n">container</span> <span class="o">=</span> <span class="nc">QWidget</span><span class="p">()</span> <span class="n">container</span><span class="p">.</span><span class="nf">setLayout</span><span class="p">(</span><span class="n">layout</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="nf">setCentralWidget</span><span class="p">(</span><span class="n">container</span><span class="p">)</span> </code></pre> </div> <p><strong>Loading the Portfolio</strong></p> <p>A simple CSV file drives the app. Clicking Load Portfolio opens a file dialog, loads the data into a pandas.DataFrame, and displays it in the table.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">load_portfolio</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">file_name</span><span class="p">,</span> <span class="n">_</span> <span class="o">=</span> <span class="n">QFileDialog</span><span class="p">.</span><span class="nf">getOpenFileName</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="sh">"</span><span class="s">Open CSV</span><span class="sh">"</span><span class="p">,</span> <span class="sh">""</span><span class="p">,</span> <span class="sh">"</span><span class="s">CSV Files (*.csv)</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">file_name</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">portfolio</span> <span class="o">=</span> <span class="n">pd</span><span class="p">.</span><span class="nf">read_csv</span><span class="p">(</span><span class="n">file_name</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Loaded file </span><span class="si">{</span><span class="n">file_name</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="nf">update_table</span><span class="p">()</span> </code></pre> </div> <p>Example portfolio.csv:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>symbol,amount BTC,0.05 ETH,0.7 DOGE,1000 </code></pre> </div> <p><strong>Fetching Prices (with Multithreading)</strong></p> <p>One of the most important lessons in GUI programming: never block the UI thread.<br> Since calling the Kraken API can take time, I used QThreadPool with a custom Worker class and WorkerSignals class - that's how I pass data from the custom thread to the main one, and update the UI from it while avoiding a <code>Segmentation fault</code> error:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">WorkerSignal</span><span class="p">(</span><span class="n">QObject</span><span class="p">):</span> <span class="n">output</span> <span class="o">=</span> <span class="nf">pyqtSignal</span><span class="p">(</span><span class="nb">object</span><span class="p">)</span> <span class="n">error</span> <span class="o">=</span> <span class="nf">pyqtSignal</span><span class="p">(</span><span class="nb">str</span><span class="p">)</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="nf">super</span><span class="p">().</span><span class="nf">__init__</span><span class="p">()</span> <span class="k">class</span> <span class="nc">Worker</span><span class="p">(</span><span class="n">QRunnable</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">fn</span><span class="p">,</span> <span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="nf">super</span><span class="p">(</span><span class="n">Worker</span><span class="p">,</span> <span class="n">self</span><span class="p">).</span><span class="nf">__init__</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="n">fn</span> <span class="o">=</span> <span class="n">fn</span> <span class="n">self</span><span class="p">.</span><span class="n">args</span> <span class="o">=</span> <span class="n">args</span> <span class="n">self</span><span class="p">.</span><span class="n">kwargs</span> <span class="o">=</span> <span class="n">kwargs</span> <span class="n">self</span><span class="p">.</span><span class="n">signals</span> <span class="o">=</span> <span class="nc">WorkerSignal</span><span class="p">()</span> <span class="nd">@pyqtSlot</span><span class="p">()</span> <span class="k">def</span> <span class="nf">run</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">try</span><span class="p">:</span> <span class="n">result</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="nf">fn</span><span class="p">(</span><span class="o">*</span><span class="n">self</span><span class="p">.</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">self</span><span class="p">.</span><span class="n">kwargs</span><span class="p">)</span> <span class="c1"># Initialising the runner function with passed args, kwargs </span> <span class="k">if</span> <span class="n">result</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">signals</span><span class="p">.</span><span class="n">output</span><span class="p">.</span><span class="nf">emit</span><span class="p">((</span><span class="n">result</span><span class="p">,</span> <span class="o">*</span><span class="n">self</span><span class="p">.</span><span class="n">args</span><span class="p">))</span> <span class="c1"># Sends normal result as object (result, kraken_pair, sym) </span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">signals</span><span class="p">.</span><span class="n">error</span><span class="p">.</span><span class="nf">emit</span><span class="p">(</span><span class="nf">str</span><span class="p">(</span><span class="n">e</span><span class="p">))</span> <span class="c1"># Sends exception to GUI </span> </code></pre> </div> <p>When the user clicks Refresh Prices, each symbol is processed in a separate worker thread:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="k">def</span> <span class="nf">refresh_prices</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">logger</span><span class="p">.</span><span class="nf">debug</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Refreshing prices</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">portfolio</span><span class="p">.</span><span class="n">empty</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sh">"</span><span class="s">No data found in portfolio</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="k">for</span> <span class="n">sym</span> <span class="ow">in</span> <span class="n">self</span><span class="p">.</span><span class="n">portfolio</span><span class="p">[</span><span class="sh">"</span><span class="s">symbol</span><span class="sh">"</span><span class="p">]:</span> <span class="n">kraken_pair</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">config</span><span class="p">[</span><span class="sh">'</span><span class="s">KrakenSymbols</span><span class="sh">'</span><span class="p">][</span><span class="n">sym</span><span class="p">.</span><span class="nf">upper</span><span class="p">()]</span> <span class="n">worker</span> <span class="o">=</span> <span class="nc">Worker</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">get_info</span><span class="p">,</span> <span class="n">kraken_pair</span><span class="p">,</span> <span class="n">sym</span><span class="p">)</span> <span class="n">worker</span><span class="p">.</span><span class="n">signals</span><span class="p">.</span><span class="n">output</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">parse_resp</span><span class="p">)</span> <span class="n">worker</span><span class="p">.</span><span class="n">signals</span><span class="p">.</span><span class="n">error</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="k">lambda</span> <span class="n">err</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Worker error: </span><span class="si">{</span><span class="n">err</span><span class="si">}</span><span class="sh">"</span><span class="p">))</span> <span class="c1"># quick inline handler for error in worker </span> <span class="n">self</span><span class="p">.</span><span class="n">threadPool</span><span class="p">.</span><span class="nf">start</span><span class="p">(</span><span class="n">worker</span><span class="p">)</span> </code></pre> </div> <p>Example config.ini with Kraken symbol mappings:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[KrakenSymbols] BTC=XXBTZUSD ETH=XETHZUSD DOGE=XDGUSD USDT=USDTZUSD SOL=SOLUSD </code></pre> </div> <p><strong>Updating the Table</strong></p> <p>After fetching prices, the app updates both the DataFrame and the visible table:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="k">def</span> <span class="nf">update_table</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">logger</span><span class="p">.</span><span class="nf">debug</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Update table </span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">table</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Setting up the table based on portfolio file </span> <span class="n">self</span><span class="p">.</span><span class="n">table</span><span class="p">.</span><span class="nf">setRowCount</span><span class="p">(</span><span class="nf">len</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">portfolio</span><span class="p">))</span> <span class="n">self</span><span class="p">.</span><span class="n">table</span><span class="p">.</span><span class="nf">setColumnCount</span><span class="p">(</span><span class="nf">len</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">portfolio</span><span class="p">.</span><span class="n">columns</span><span class="p">))</span> <span class="n">self</span><span class="p">.</span><span class="n">table</span><span class="p">.</span><span class="nf">setHorizontalHeaderLabels</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">portfolio</span><span class="p">.</span><span class="n">columns</span><span class="p">)</span> <span class="c1"># Updating table rows (used for initial setup and while updating) </span> <span class="k">for</span> <span class="n">i</span><span class="p">,</span> <span class="n">row</span> <span class="ow">in</span> <span class="n">self</span><span class="p">.</span><span class="n">portfolio</span><span class="p">.</span><span class="nf">iterrows</span><span class="p">():</span> <span class="k">for</span> <span class="n">j</span><span class="p">,</span> <span class="n">col</span> <span class="ow">in</span> <span class="nf">enumerate</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">portfolio</span><span class="p">.</span><span class="n">columns</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">table</span><span class="p">.</span><span class="nf">setItem</span><span class="p">(</span><span class="n">i</span><span class="p">,</span> <span class="n">j</span><span class="p">,</span> <span class="nc">QTableWidgetItem</span><span class="p">(</span><span class="nf">str</span><span class="p">(</span><span class="n">row</span><span class="p">[</span><span class="n">col</span><span class="p">])))</span> </code></pre> </div> <p>Each row then shows:</p> <ul> <li>symbol (e.g., BTC)</li> <li>amount (from CSV)</li> <li>price (from Kraken)</li> <li>total_value (amount × price)</li> </ul> <p><strong>Logging</strong></p> <p>To keep track of what’s happening, I added a simple logger that writes both to app.log and the console. This was especially helpful when debugging API responses and PyInstaller packaging.</p> <p><strong>Lessons Learned</strong></p> <ul> <li>Threading is crucial: without it, the UI froze while waiting for Kraken responses.</li> <li>Thread-safe approach with PyQt means you need to use signals to get data out of a custom worker thread and pass it to the main thread, then update UI from the main thread.</li> <li>PyQt6 layouts are flexible, but nested layouts take some trial and error.</li> <li>PyInstaller works, but you need to handle bundled resources like config.ini carefully (sys._MEIPASS trick).</li> <li>Combining pandas with a QTableWidget makes it easy to keep the GUI and data in sync.</li> <li>To run the app anywhere as a docker container you can build a docker image from an image with Ubuntu + VNC (for example, <code>accetto/ubuntu-vnc-xfce-g3</code>) and put the app inside it.</li> </ul> <p><strong>Demo and the source code</strong></p> <p>Here you can find how it looks like: <a href="https://youtu.be/YUqXW-J0R_c" rel="noopener noreferrer">https://youtu.be/YUqXW-J0R_c</a><br> The source code could be found here: <a href="https://github.com/kolyaiks/crypto_tracker" rel="noopener noreferrer">https://github.com/kolyaiks/crypto_tracker</a></p> python pyqt6 programming Deploying SpringBoot application into Kubernetes cluster in AWS using ArgoCD Nik Fri, 20 Jun 2025 21:01:03 +0000 https://dev.to/kolyaiks/deploying-springboot-application-into-kubernetes-cluster-in-aws-using-argocd-2e0i https://dev.to/kolyaiks/deploying-springboot-application-into-kubernetes-cluster-in-aws-using-argocd-2e0i <p>In this article I'll walk you through the process of deploying a simple Spring Boot application to a Kubernetes cluster in AWS using GitHub Actions, and Argo CD.<br> Along the way, we'll also use a few additional tools and components, which we'll briefly cover — though they won't be the main focus of this article.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbyemjr9x15cwiqujo2bb.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbyemjr9x15cwiqujo2bb.png" alt=" " width="800" height="329"></a></p> <h2> Why ArgoCD? </h2> <p><a href="https://argo-cd.readthedocs.io/en/stable/" rel="noopener noreferrer">ArgoCD</a> nowadays is the industry standard for the K8S deployment process. <br> Some key benefits:</p> <ol> <li><p>Declarative GitOps approach<br> Git is the single source of truth. All deployment configurations are stored in Git, making rollbacks, audits, and version control easy.</p></li> <li><p>Automated Continuous Delivery<br> Argo CD automates the deployment of applications to Kubernetes once changes are pushed to Git.</p></li> <li><p>Visual UI &amp; Observability<br> Offers a web UI to visualize:<br> a. Application status<br> b. Health of Kubernetes resources<br> c. Sync status (Git vs cluster) </p></li> <li><p>Access Control &amp; Security<br> a. Role-based access control (RBAC)<br> b. Supports integrations with OIDC, SSO providers (e.g., Google, GitHub)<br> c. Can limit which users can deploy to which namespaces or clusters</p></li> <li><p>Multi-Cluster Support<br> a. Manages and deploys apps to multiple Kubernetes clusters from a single Argo CD instance<br> b. Good fit for hybrid or multi-cloud environments</p></li> <li><p>Tooling Flexibility<br> Supports Helm, Kustomize, Jsonnet, and plain YAML.</p></li> </ol> <h2> Prerequisites </h2> <p>To demonstrate the real-world example we'll need a few things in place before we can jump to the CI/CD process itself.<br> These things are going be covered by these two repos:</p> <ol> <li><a href="https://github.com/kolyaiks/argo-deployment-demo-infra" rel="noopener noreferrer">IAC repo</a></li> <li><a href="https://github.com/kolyaiks/argo-deloyment-demo-app" rel="noopener noreferrer">Application repo</a></li> </ol> <p>So, the 3 things we need to have before we can go further are: </p> <ol> <li><p>Kubernetes cluster which has ArgoCD onboard<br><br> This is the step where we create all the infrastructure needed for hosting our application - Network, Certificates, DNS entries, and Kubernetes cluster itself. I use <a href="https://developer.hashicorp.com/terraform#what-is-terraform" rel="noopener noreferrer">Terraform</a> to bootstrap the <a href="https://docs.aws.amazon.com/eks/latest/userguide/what-is-eks.html" rel="noopener noreferrer">EKS</a> Kubernetes cluster in AWS, and install ArgoCD into it.<br> The configuration that covers this part could be found <a href="https://github.com/kolyaiks/argo-deployment-demo-infra/tree/main/aws/iac" rel="noopener noreferrer">here</a></p></li> <li><p><span id="k8s-yaml-config">Kubernetes YAML configuration</span> <br> This is the step where we define the K8S components of our application - deployment, service, configmap, ingress.<br> Since we will have two environments, I use Kustomize here. Kustomize is a Kubernetes-native configuration management tool that allows you to customize raw, template-free base YAML files using overlays, without modifying the original manifests. Overlay will have an environment-specific Spring Boot application properties file that our container application will consume.<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffheuj9td266z00y6mf4o.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffheuj9td266z00y6mf4o.png" alt="Kustomize" width="800" height="565"></a><br> The configuration that covers this part could be found <a href="https://github.com/kolyaiks/argo-deployment-demo-infra/tree/main/k8s-yaml/app/argo-deployment-demo-app" rel="noopener noreferrer">here</a></p></li> <li><p>The application itself<br> For this demo I created a simple Spring Boot application that renders a simple html page with the environment name and the application version. The environment name is the thing that comes from the Spring Boot properties file.<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5ssn7gtbduuteigpqzmg.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5ssn7gtbduuteigpqzmg.png" alt="Application's default output" width="473" height="208"></a><br> The repo that covers this part could be found <a href="https://github.com/kolyaiks/argo-deloyment-demo-app" rel="noopener noreferrer">here</a></p></li> </ol> <p>Ok, so that was a lot already. I intentionally don't dive too deep into the implementation of each step above since it would be overwhelming, and wouldn't allow us to focus on the main part of this article - the CI/CD part. But if you're curious - feel free to reach out, I'll be glad to speak on details.</p> <h2> CI part </h2> <p>As long as we speak about K8S we need to build the image that will be hosted there. <br> There are three main components needed to achieve that:</p> <ol> <li><p>The Dockerfile <br> That's the thing that uses the multi-stage build approach where the Build stage does the Maven build and the Run stage launches the application. <br> You can find it <a href="https://github.com/kolyaiks/argo-deloyment-demo-app/blob/dev/Dockerfile" rel="noopener noreferrer">here</a></p></li> <li><p>ECR repository<br> This image needs to be hosted somewhere. It could be DokerHub, your cloud provider repository, or something else. Because the K8S cluster in my case is placed in AWS, I use ECR service for it.</p></li> <li><p><span id="ci-workflow">GitHub Actions CI workflow</span><br> This is the part that's responsible for building the docker image from our Dockerfile, pushing it to ECR repository, and setting the updated image in the K8S YAML configuration.<br> Just as a side note - there are many options to automate CI process. Since the code for this project is being stored in GitHub, I decided to use GitHub Actions. You can use the one you're most comfortable with like Jenkins, or even Argo Workflows.<br> The code for the GitHub Actions workflow could be found <a href="https://github.com/kolyaiks/argo-deloyment-demo-app/blob/dev/.github/workflows/update_dev.yml" rel="noopener noreferrer">here</a></p></li> </ol> <h2> CD part </h2> <p>Once the docker image is built and the K8S deployment YAML is updated using the GitHub Actions CI workflow from the application repository, ArgoCD comes into action.<br> We have an application (ArgoCD entity) in it that constantly monitors the changes in the pre-defined path of the IAC repository related to <strong>dev overlay</strong> and makes sure the actual cluster state is aligned with the configuration in GitHub. So, once the deployment object gets updated, ArgoCD automatically applies these changes, and no administrator action is needed for the <strong>dev environment</strong>.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz9hne6bq2thkdajfv3lv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz9hne6bq2thkdajfv3lv.png" alt="Dev application K8S layout" width="800" height="339"></a></p> <p>Once the code is synced you can open <strong>dev-app.put-your-domain-here.com</strong> in your browser and see the application environment and version like this:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzfobyfqorp0iujrwco9e.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzfobyfqorp0iujrwco9e.png" alt="Dev app output example" width="800" height="110"></a></p> <p>But do we want to see the same behavior for the <strong>prod</strong>? Probably, not. That's why use the second workflow placed in the IAC repo <a href="https://github.com/kolyaiks/argo-deployment-demo-infra/blob/main/.github/workflows/promote_from_dev_to_prod.yml" rel="noopener noreferrer">here</a>: <br> That's the workflow that gets an image version as an input and raises the PR to the main branch of IAC repo with the updated image version for the <strong>prod overlay</strong>. Once the PR is raised, the administrator reviews and approves it. So, the thing that's needed to see these changes in production is to press the SYNC button in the ArgoCD UI.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft2r14dwkp2zbe9olwmrp.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft2r14dwkp2zbe9olwmrp.png" alt="Prod application configuration" width="800" height="579"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fikdznoyqsuchvvqbrws5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fikdznoyqsuchvvqbrws5.png" alt="Prod application" width="800" height="445"></a></p> <p>Once the code is synced you can open <strong>prod-app.put-your-domain-here.com</strong> in your browser and see the application environment and version like this:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmw5abk22lcdjvaoryx9f.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmw5abk22lcdjvaoryx9f.png" alt=" " width="800" height="111"></a></p> <h2> Conclusion </h2> <p>That’s it — we’ve fully automated the CI/CD pipeline for deploying the SpringBoot application to the Kubernetes cluster, using Terraform to spin up the infrastructure in AWS, GitHub Actions for continuous integration, and Argo CD for continuous delivery.<br> Now, every development build is deployed automatically without manual intervention, while production releases require a pull request review and merge.</p> <p>Feel free to ask questions, share your experience and suggestions in the comments section below.<br> Cheers!</p> <p>The video version of this article could be found here: <a href="https://youtu.be/PxBy87_MxWU" rel="noopener noreferrer">https://youtu.be/PxBy87_MxWU</a></p> kubernetes argocd aws terraform