The provided diagram illustrates three similar environments: development, staging, and production. Development and staging are hosted in the same AWS region, while production can optionally be deployed in a region of choice.

The infrastructure includes the following components:

1. AWS ECS (or optionally AWS Elastic Beanstalk) for application orchestration.
2. AWS RDS for relational database management.
3. AWS S3 for object storage.
4. AWS Certificate Manager (ACM), with a shared certificate for one region.
5. API Gateway integrated with AWS Lambda for serverless backend logic.
6. AWS Key Management Service (KMS) to manage encryption keys, such as the key for encrypting the AWS RDS instance’s disk.
7. AWS Cognito for centralized user authentication in one region, integrated with AWS Application Load Balancer. When an unauthenticated user requests access, the load balancer redirects them to Cognito, which issues a session token. This token is recognized by the load balancer, which then grants or denies access to the application running on AWS ECS.
8. AWS ECR serves as a repository for Docker images used to deploy applications on AWS ECS.

Deployment Workflow

Developers push code to the appropriate branch in the repository. The CI/CD pipeline, in this case GitHub Actions, detects changes and initiates artifact preparation. The preparation involves:

1. Building Docker images.
2. Scanning for vulnerabilities using GitHub’s native GHAS tools and third-party scanners (e.g., JFrog, Trivy, OWASP, and optionally ClamAV for virus scanning).

Once all checks pass, deployment to the development environment begins:

1. Pushing Docker images to AWS ECR.
2. Redeploying AWS Lambda functions.
3. Triggering updates for AWS ECS services.

If the application launches successfully, AWS ECS terminates old instances, ensuring a level of fault tolerance during deployments of potentially faulty artifacts.

Staging and Production Environments

• Staging mirrors the development environment, with deployment triggered from a specific branch in GitHub Actions.
• Production is also similar, with deployment triggered from a designated branch or release in GitHub.

Infrastructure Management

The application is primarily managed via AWS ECS, a native AWS solution known for its stability and deep integration with other AWS services. As alternatives:

• AWS Elastic Beanstalk provides a simpler solution.
• AWS EKS offers greater flexibility, enabling seamless migration between cloud providers or deployment on on-premises servers when needed.

CI/CD Tools

We utilize various CI/CD solutions, including GitHub Actions, GitLab CI/CD, Jenkins, Bitbucket Pipelines, and others.