🚀 Multi-Application CI/CD on AWS (Production-Style)

🎯 Project Goal
Host multiple web applications on AWS where:

• Developers push code to GitHub
• GitHub Actions automatically:
• Tests code
• Builds Docker images
• Pushes images to AWS ECR
• Deploys to AWS ECS (Fargate) or EC2 + Docker
• End users access apps via HTTPS (ALB + ACM)
• Logs & monitoring via CloudWatch
• Supports rolling / blue-green deployment

🏗️ High-Level Architecture

Developer
   |
   v
GitHub Repo (App1, App2, App3)
   |
GitHub Actions (CI/CD)
   |
   |-- Test
   |-- Docker Build
   |-- Push to ECR
   v
AWS ECR (Images)
   |
AWS ECS (Fargate)
   |
Application Load Balancer
   |
   v
End Users (HTTPS)

📁 Repository Structure

multi-app-devops/
├── app1/
│   ├── Dockerfile
│   └── src/
├── app2/
│   ├── Dockerfile
│   └── src/
├── app3/
│   ├── Dockerfile
│   └── src/
└── .github/
    └── workflows/
        └── deploy.yml

Each app is independent but deployed via same pipeline logic.

🔐 STEP 1: AWS ACCOUNT & IAM
Create IAM User (DevOpsUser)
Permissions:

• AmazonEC2FullAccess
• AmazonECS_FullAccess
• AmazonEC2ContainerRegistryFullAccess
• CloudWatchFullAccess
• IAMReadOnlyAccess

⚠️ Create Access Key (Programmatic)

🌐 STEP 2: Networking (VPC)

• Create VPC
• 2 Public Subnets
• Internet Gateway
• Route Table
• Security Groups:
• ALB: 80, 443
• ECS: 3000/5000/80 (app ports)

📦 STEP 3: Create ECR Repositories
Create one ECR per app:

app1-ecr
app2-ecr
app3-ecr

Save:

• AWS Account ID
• Region
• Repository URI Example:

123456789012.dkr.ecr.us-east-1.amazonaws.com/app1

🐳 STEP 4: Dockerize Applications
Example Dockerfile (Node.js / Python)

FROM node:18-alpine
WORKDIR /app
COPY package*.json .
RUN npm install
COPY . .
EXPOSE 3000
CMD ["npm", "start"]

Repeat per app.

⚙️ STEP 5: ECS Cluster (Fargate)

1. Create ECS Cluster
2. Create Task Definition per App

• Container Image: ECR URI
• Port Mapping
• CPU & Memory

Create Service

• Launch Type: FARGATE
• Attach ALB
• Desired Tasks: 2 (HA)

🌍 STEP 6: Application Load Balancer
Create ALB
Listener:
HTTP → Redirect HTTPS
HTTPS → Target Groups
Path-based routing:

/app1 → app1-service
/app2 → app2-service
/app3 → app3-service

🔑 STEP 7: GitHub Secrets
In GitHub Repo → Settings → Secrets
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_REGION
AWS_ACCOUNT_ID
ECR_REPO_APP1
ECR_REPO_APP2

🔄 STEP 8: GitHub Actions CI/CD Pipeline
.github/workflows/deploy.yml

name: CI-CD Pipeline

on:
  push:
    branches: [ "main" ]

env:
  AWS_REGION: us-east-1

jobs:
  deploy:
    runs-on: ubuntu-latest

    steps:
    - name: Checkout Code
      uses: actions/checkout@v4

    - name: Configure AWS Credentials
      uses: aws-actions/configure-aws-credentials@v4
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: ${{ env.AWS_REGION }}

    - name: Login to Amazon ECR
      run: |
        aws ecr get-login-password --region $AWS_REGION \
        | docker login --username AWS --password-stdin \
        ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.$AWS_REGION.amazonaws.com

    - name: Build & Push App1
      run: |
        docker build -t app1 ./app1
        docker tag app1:latest ${{ secrets.ECR_REPO_APP1 }}:latest
        docker push ${{ secrets.ECR_REPO_APP1 }}:latest

    - name: Deploy to ECS
      run: |
        aws ecs update-service \
          --cluster devops-cluster \
          --service app1-service \
          --force-new-deployment

✔ Repeat build steps for app2 & app3.

📊 STEP 9: Monitoring & Logs
Enable CloudWatch Logs in ECS Task Definition
View:

• App logs
• CPU/Memory
• Health checks

🔐 STEP 10: Security & Best Practices
✔ HTTPS using ACM
✔ IAM least privilege
✔ Secrets in GitHub (not code)
✔ Private ECR
✔ Auto-scaling

🧪 STEP 11: Testing Flow

1. Developer changes code
2. Push to main
3. GitHub Action triggers
4. Docker image rebuilt
5. Image pushed to ECR
6. ECS pulls new image
7. Rolling deployment
8. End user sees updated app