#BLOG APP : A SIMPLE APPLICATION DEVELOPED IN HTML CSS JAVASCRIPT NODEJS runtime on EXPRESS AND EJS(for templating)..The application expose port 3001 of container It is designed to allow user sign in , registration and posting blogs with one images .Connected backend to RDS Matiadb and S3 for saving images.
To reduce the complexity we email tempalte is already posted in a S3 bucket and the terraform provisions one more bucket for storing user uploaded images under each user named paths. lambda function created through terraform fetches s3 mail template and replace name of user to send welcome mail for registration to platform this then trigger ses mail to be sent to user.
The App and resources are kept minimal to be in limit to free tier ..you could improve this to another level by includingore services and upgrading project...
BlogApp-ECS project is an ECS docker containerized implimentation of earlier project in ec2-ASG-Autoscaling group.This project uses Terraform to provision and dismantle resources it creates.
Jenkins is used here as the CICD tool.
Project Overview
This project provisions a highly available, secure, and scalable AWS infrastructure for a Blog Application using Terraform. The stack includes:
Containers: ECS Task Definition with Docker container from Docker Hub (docker image is generated via jenkins pipeline and pushed based on build stage only in 'BUILD' step.
Load Balancing: ALB (HTTPS with ACM certificate), Target Groups, Listeners, Redirection. : Domain Just4study.click
CI/CD / Automation: Terraform for provisioning and AWS Lambda for sending welcome emails using S3 + SES.
#################
#Orchestration :
CICD : Jenkins pipleline ,please reference the Jenkinsfile
IaC : Terraform (backend configured to TF cloud)
################
Terraform Components:
#Component Resource Type Purpose
| Component | Resource Type | Purpose |
|---|---|---|
| VPC | aws_vpc |
Network isolation with DNS support |
| Subnets | aws_subnet |
Public for ALB/NAT, Private for EC2/RDS |
| Internet Gateway | aws_internet_gateway |
Public internet access |
| NAT Gateway | aws_nat_gateway |
Private subnet outbound internet access |
| Route Tables | aws_route_table |
Public & private routing |
| Security Groups | aws_security_group |
Control inbound/outbound traffic |
| ECS Cluster | aws_ecs_cluster |
Manage containerized applications |
| Launch Template | aws_launch_template |
EC2 configuration for ECS |
| Auto Scaling Group | aws_autoscaling_group |
Dynamic EC2 scaling |
| ECS Task Definition | aws_ecs_task_definition |
Container specs (CPU, memory, ports, secrets) |
| ECS Service | aws_ecs_service |
Runs tasks on cluster with load balancer |
| Load Balancer | aws_lb |
Public facing ALB with HTTPS |
| Target Group | aws_lb_target_group |
Connects ALB to ECS tasks |
| Listeners | aws_lb_listener |
HTTP → HTTPS redirect & HTTPS traffic to targets |
| RDS Database | module "db" |
Private MariaDB instance |
| S3 Bucket | aws_s3_bucket |
Stores blog images & Lambda artifacts |
| Lambda | aws_lambda_function |
Sends welcome emails via SES & S3 |
| IAM Roles | aws_iam_role + module |
Task roles, instance profiles, Lambda execution |
includes directly attaching ssm paramaters and ses connectivity SES take 24 hours for activation and identity verifcation so pre configured to avoid delay
##########
#ECS Blog App Flow
User Request → Domain(cloudflare)--->Hits ALB (HTTPS) → Forwarded to ECS container instance in private subnet Task via Target Group.
ECS Task → Runs Docker container (tonygeorgethomas/blog_app:latest) → Handles request.
Container Secrets → Provided via SSM Parameter Store.
Database Access → Private RDS MariaDB instance.
Static Assets / Uploads → Stored in S3 (with proper bucket policy & CORS).
Welcome Email for user signup → Lambda triggered by events in S3 → Sends email via SES.
Auto Scaling → EC2 instances scale up/down using ASG and ECS Capacity Provider.
######### ####
#########################################################
TF clould is given a federated role Securely access AWS from HCP Terraform using OIDC federation .TF cloud uses env varibles like :
