Pipeline for Fullstack (React and Nodejs) Applications using Terraform on AWS

STARTING THE PIPELINE:

1. GitHub Actions: when there is a push or a merge to the production branch, the pipeline is initiated using GitHub actions and send to codeQL.
2. CodeQL: which is a security tool is used to scan code property. I added a strict policy that rejects code if it doesn’t meet proper security policies recommended by OWASP.
3. Sonarqube: is used for code analysis. It helps check for code smell, bugs, outdated packages base on the software stack. Also I added a policy rejects the code it doesn’t meet all criteria.

FRONTEND DEPLOYMENT:
At this point “npm install” and “npm run build” are ran and the code is deployed to S3.
Note: the frontend is deployed to AWS S3 bucket which I configured to transform objects to website using terraform.

1. Cloudfront: I created a distribution using the buckets endpoint. Because I want the contents in the buckets (website) to be delivered much faster to my customers in a particular region.
2. Route53: the domain sits on route53. I used the cloudfront distribution created for the bucket (website) as an alias.
   So users hit the website url, cloudfront picks request and send to s3 to deliver content.

BACKEND DEPLOYMENT:
For Backend If code is ok, then it should be ready for the next phase which is build stage

1. Docker builds code and send to the next phase for scanning.
2. Trivy: security tooling used to scan docker images. It sends scan result to the root of the project after scan is complete.
3. ECR: image registry on AWS. The image is then pushed to ECR.
4. ECS: ECS is triggered immediately image is pushed to ECR. ECS then runs task using the latest service of the task definition.
5. Load balancer: when a user makes a request to my service, load balancer handles the request and sends traffic to APi Gateway base on the particular micro service that needs that request.
6. Api Gateway: I used api gateway for secured communication between each of the micro service.
7. Cloudwatch: I created cloudwatch for each of the micro service in the ECS running.
8. SNS: allows applications to send time-critical messages to multiple subscribers through a “push” mechanism.
   I used SNS for push notifications for each of the micro service.
9. Autoscaling Group: I setup autoscler with 1 min and 5 max node limit to help improve performance when traffic gets high.
10. Terraform: the IAC I used in setting up the whole infrastructure.

Below are the repos to each source code, feel free to fork.
frontend (react)
https://lnkd.in/dyA7KDYT

backend (nodejs)
https://lnkd.in/dstTdzNV

infra (terraform)
https://lnkd.in/djpzHub7
https://lnkd.in/d8eiVawm