A production-grade, full-stack DevOps implementation featuring a React frontend, Node.js backend, and automated AWS infrastructure managed via Terraform.
This project implements a robust, secure, and scalable architecture on AWS.
graph TD
User([User]) --> ALB[AWS Application Load Balancer]
subgraph VPC [AWS VPC - ap-south-1]
ALB --> FE[Frontend Pods - Nginx/React]
ALB --> BE[Backend Pods - Node.js]
BE --> RDS[(RDS PostgreSQL - Private)]
BE --> SM[AWS Secrets Manager]
BE --> CW[CloudWatch Metrics]
end
subgraph Security
BE -- IRSA --> SM
BE -- IAM Role --> CW
end
- Frontend: React, Vite, Nginx, Docker.
- Backend: Node.js, Express, PostgreSQL, AWS SDK.
- Infrastructure: Terraform, AWS (EKS, RDS, ECR, Secrets Manager, VPC).
- CI/CD: GitHub Actions.
Get the environment running locally in seconds using Docker Compose:
# Clone the repository and run:
docker-compose up --build- Frontend: http://localhost:5173
- Backend API: http://localhost:3000
cd terraform/environments/dev
terraform init
terraform apply -auto-approveaws eks update-kubeconfig --name demo-eks --region ap-south-1# Build & Push images to ECR (Replace <ACCOUNT_ID>)
docker build -t <ACCOUNT_ID>.dkr.ecr.ap-south-1.amazonaws.com/demo-backend:latest ./app/backend
docker push <ACCOUNT_ID>.dkr.ecr.ap-south-1.amazonaws.com/demo-backend:latest
# Build & Push Frontend
docker build -t <ACCOUNT_ID>.dkr.ecr.ap-south-1.amazonaws.com/demo-frontend:latest ./app/frontend
docker push <ACCOUNT_ID>.dkr.ecr.ap-south-1.amazonaws.com/demo-frontend:latest
# Apply Kubernetes Manifests
kubectl apply -f k8s/We use a zero-trust approach for credentials. Instead of hardcoding keys, the backend pod uses an IAM Role (...-backend-irsa) to dynamically fetch database credentials from AWS Secrets Manager at runtime.
- RDS: Placed in private subnets with no public access.
- EKS Nodes: Managed in private subnets, receiving traffic only via the ALB.
- ALB: Internet-facing, providing a single secure entry point.
- ALB Stuck?: Ensure your public subnets are tagged with
kubernetes.io/role/elb = 1. - 403 Access Denied?: Check if the OIDC provider ID in the IAM Trust Policy matches the current cluster (
aws eks describe-cluster). - RDS Connection Failed?: Verify that the backend is fetching secrets from the correct region (
ap-south-1).
To avoid AWS costs when finished:
# 1. Delete K8s resources (deletes ALB)
kubectl delete -f k8s/
# 2. Destroy Infrastructure
cd terraform/environments/dev
terraform destroy -auto-approveDeveloped as part of the Alpha EKS Demo Series.