Skip to main content

AWS Deployment & Infrastructure

This document provides a deep dive into the AWS infrastructure that powers Skin Club Pro, managed via AWS CDK.

1. High-Level Architecture

The infrastructure is designed for high availability, security, and scalability.

graph TD
    Internet((Internet)) --> CF[CloudFront]
    CF --> ALB[Application Load Balancer]
    ALB --> ECS[ECS Fargate Cluster]
    
    subgraph "VPC (eu-west-2)"
        ECS --> RDS[(RDS PostgreSQL)]
        ECS --> Redis[(ElastiCache Redis)]
        ECS --> S3[(S3 Media Bucket)]
    end
    
    ECS --> SM[Secrets Manager]
    ECS --> CW[CloudWatch Logs]

2. Network Layer (VPC)

  • Subnets:
    • Public: ALB, NAT Gateways.
    • Private: ECS Tasks (Fargate).
    • Isolated: RDS, ElastiCache.
  • Security Groups:
    • ALB SG: Allows 80/443 from Internet.
    • Service SG: Allows traffic only from ALB SG.
    • DB SG: Allows traffic only from Service SG on port 5432.

3. Compute Layer (ECS Fargate)

Each microservice runs as a separate ECS Service.

  • Task Definition: Defines CPU (0.25 vCPU), Memory (512MB), and Environment Variables.
  • Auto-Scaling: Configured to scale based on CPU/Memory utilization (Target Tracking).
  • Health Checks: ALB performs health checks on /health or / endpoints.

4. Database Layer (RDS)

  • Engine: PostgreSQL 15.
  • Instance Type: t4g.medium (Graviton-based for better price/performance).
  • Storage: 20GB GP3 (Autoscaling enabled).
  • Multi-AZ: Enabled for production to ensure 99.95% availability.

5. Secrets Management

We use AWS Secrets Manager to store sensitive configuration.

  • Naming Convention: {Env}/SkinClubPro/{ServiceName}/{SecretName}.
  • Injection: The CDK stack fetches secrets at deployment time and injects them as environment variables into the ECS Task Definitions.
  • Rotation: Database credentials are automatically rotated using AWS Lambda.

6. Deployment Flow (CI/CD)

  1. Build: GitHub Actions builds the Docker image.
  2. Push: Image is pushed to AWS ECR (Elastic Container Registry).
  3. Deploy: CDK updates the ECS Service with the new image tag.
  4. Rollout: ECS performs a rolling update (Zero-Downtime).

7. Monitoring & Logging

  • Logs: All container logs are sent to CloudWatch Logs.
  • Metrics: CloudWatch Alarms are set for high CPU, Memory, and 5XX error rates.
  • Tracing: AWS X-Ray is used for distributed tracing across services.