Final project for the Masterschools Cloud Engineering Program
Production-grade AWS deployment of a grocery e-commerce platform β Flask on EC2, RDS PostgreSQL, S3, CloudWatch, and fully automated CI/CD via GitHub Actions.
Deployment Status: Offline β destroyed via
terraform destroyto avoid charges. All IaC configs in/infrastructure.
| Component | Technology |
|---|---|
| Compute | AWS EC2 (Amazon Linux 2) |
| Database | Amazon RDS PostgreSQL |
| Storage | Amazon S3 (static assets) |
| Logging | Amazon CloudWatch Agent |
| Security | IAM Roles + Security Groups |
| IaC | Terraform (modular) |
| CI/CD | GitHub Actions |
Push to version2
β
β
Terraform CI (parallel) β
Docker Build Check (parallel)
β terraform fmt β docker build
β terraform validate β verifies image builds
β β
βββββββββββββ both pass βββββββββ
β
βΈοΈ Manual approval gate
β
π terraform apply β provisions all AWS resources
AWS credentials stored as GitHub Secrets β never hardcoded.
infrastructure/
βββ main.tf β orchestrates all modules
βββ provider.tf
βββ variables.tf
βββ user_data.tpl β EC2 bootstrap script
modules/
βββ network/ β VPC, subnets, IGW, route tables
βββ compute/ β EC2, instance profile, security group
βββ database/ β RDS PostgreSQL, subnet group
βββ storage/ β S3 bucket
βββ iam/ β roles for EC2 β S3 and EC2 β CloudWatch
βββ cloudwatch/ β log group configuration
On launch, user_data.tpl automatically:
- Installs Docker, Git, and PostgreSQL client
- Clones this repository
- Builds the Flask Docker image
- Starts the container linked to RDS via environment variables
- Installs and configures the CloudWatch Agent for log streaming
Zero manual SSH configuration needed.
cd infrastructure
terraform init
terraform plan
terraform applyTerraform outputs the EC2 public IP and RDS endpoint on completion.
Logs stream automatically to CloudWatch under /aws/flask/grocerymate. View on EC2 directly:
sudo tail -f /var/log/grocerymate.logterraform destroy- CI/CD with GitHub Actions β parallel Terraform validation + Docker build check with manual approval gate
- Modular Terraform β organized 6 reusable modules (network, compute, database, storage, IAM, CloudWatch) keeping infrastructure maintainable and scalable
- RDS integration β injected database credentials via Terraform environment variables, avoiding hardcoded secrets
- CloudWatch observability β configured CloudWatch Agent via user_data to stream application and system logs automatically on EC2 launch
Original Application: Alejandro RomÑn IbÑñez AWS Infrastructure & CI/CD: MisaelTox
