DEV Community

Shiva Sai Peddy
Shiva Sai Peddy

Posted on • Edited on

A Simple AWS-Powered Clinic Appointment System App Using Docker and SNS

#aws #devops #security #beginners

Deploying full-stack applications on AWS doesn’t have to be overwhelming.

In this article, I’ll show how I built a basic Clinic Appointment Management System using Docker, FastAPI, and a few core AWS services. The app lets patients book appointments online, sends real-time notifications, and provides a secure way for admins to manage data - all in a lightweight and scalable setup.

If you're looking to get hands-on experience with deploying microservices on AWS, this beginner-friendly project is a great place to start!

Project Overview

This system enables:

  • Patients to book appointments via a simple web UI.
  • Real-time SMS/email notifications using AWS SNS.
  • Admins to access the backend securely through OpenVPN.

With its lightweight and modular setup, this architecture is well-suited for beginners and rapid prototyping.

Clinic System Architecture

AWS Architecture Overview

1. VPC Setup

  • CIDR Block: 12.0.0.0/16
  • Split into Public and Private subnets for better isolation and control.
  • Internet Gateway for public services.
  • NAT Gateway to allow private instances to access the internet securely (for updates, etc.).

2. Public Subnet Components

Application Load Balancer (ALB)

  • Routes incoming traffic (HTTP/HTTPS) to backend services.
  • Secured via security groups that limit access to only web ports.

OpenVPN Server

  • Deployed on an EC2 instance with an Elastic IP.
  • Allows secure, encrypted access to internal services.
  • Only accessible on UDP Port 1194.

3. Private Subnet Components

This is where the core application logic lives - isolated from the internet.

Dockerized Microservices

Deployed on an EC2 instance using Docker Compose, the system includes:

Service Port Description
Frontend 8000 Public-facing web UI
Patient Service 8001 Manages patient registration/data
Doctor Service 8002 Manages doctors and schedules
Appointment Service 8003 Handles bookings and availability
Notification Service 8004 Sends confirmations via SNS

Each service uses a lightweight python3.12-slim base with FastAPI + Uvicorn for rapid performance.

PostgreSQL Database

  • Dockerized inside the private subnet.
  • Stores patient, doctor, and appointment records.
  • Only accessible from within the VPC.

4. Admin Access with OpenVPN

  • Admins connect via a VPN client to access the private network.
  • Once authenticated, the admin accesses the PostgreSQL instance within the private subnet using a SQL client.
  • No direct database exposure to the internet - ever.

5. DNS & Multi-AZ Load Balancing

  • The Application Load Balancer provides a DNS endpoint for the frontend.
  • Services are deployed across multiple Availability Zones (us-east-1a & us-east-1b) to increase resilience.

6. Real-Time Notifications with AWS SNS

  • The Notification Service integrates with AWS SNS to send:

    • SMS messages
    • Email confirmations

  • SNS scales automatically and ensures reliable message delivery.

7. Security Practices

Security is built-in, not bolted on:

  • IAM Roles & Policies: Restrict and manage AWS access.
  • Security Groups: Only necessary ports are open.
  • Private Subnets: Critical services are not internet-facing.
  • OpenVPN: Admins can only access internal systems after authentication.

8. Monitoring & Observability

  • AWS CloudWatch tracks:

    • EC2 metrics
    • SNS delivery logs
    • Application logs from microservices

This helps in performance tuning and alerting.

9. Designed for Scalability

  • Load Balancer enables horizontal scaling of services.
  • Docker Microservices can be updated independently.
  • SNS automatically handles messaging load increases.

10. Future Enhancements

Here’s what’s next on the roadmap to make this production-ready:

  • ✅ Add HTTPS support using SSL on the Load Balancer.
  • ✅ Use AWS RDS for managed PostgreSQL.
  • ✅ Build a CI/CD pipeline (AWS CodePipeline).
  • ✅ Migrate to ECS or EKS for better container orchestration.
  • ✅ Use Route 53 for domain-level routing.
  • ✅ Enable WAF, GuardDuty, Inspector for advanced security.
  • ✅ Set up alerting for downtime or intrusions.

💬 Final Thoughts

This project taught me how to combine infrastructure best practices with microservices architecture, all while staying secure and scalable. It’s a solid base for health tech applications, appointment systems, and even e-commerce platforms. Here is the github repository url for the application.

If you're starting your journey with AWS, Docker, or cloud security, this architecture offers a hands-on example with real-world value.

Let me know what you think - and I’d love to hear how you would extend or improve this setup!

Top comments (0)