Add readme for EC2

Author: Ahmad-Diab

README.md

@@ -28,6 +28,73 @@ TODO: add link to kubernetes
 
 ### EC2
 
+#### Overview
+
+This project uses GitHub Actions, Terraform, and Ansible to provision an EC2 instance, configure it, and deploy the app stack (via Docker Compose) on AWS.
+All infra-as-code and automation is in infra/.
+
+#### Triggering Deployment
+
+Deployment is triggered manually via the GitHub Actions workflow:
+.github/workflows/aws-ec2-deploy.yml
+
+You provide:
+
+* SSH private key (base64)
+* AWS credentials (access key, secret, session token)
+* GHCR (GitHub Container Registry) token
+
+#### Workflow Steps
+
+a. **Checkout & Secrets**
+Repo is checked out.
+Secrets are masked for safety.
+SSH key is decoded and saved as infra/priv.pem.
+
+b. **Tooling Setup**
+Installs Terraform (v1.12.1) and Ansible (v11.6.0).
+
+c. **Deploying EC2 (Terraform)**
+Runs make deploy in infra/:
+Applies main.tf to create a new EC2 instance (Debian, public IP, SSH open, HTTP/HTTPS open).
+Security group allows ports 22, 80, 443 from anywhere.
+Waits for the instance to be reachable via SSH.
+
+d. **Inventory Update**
+Extracts the new EC2 public IP and injects it into the Ansible inventory (inventory.ini).
+
+e. **SSH Test**
+Verifies SSH connectivity to the new instance using the provided key.
+
+f. **Provisioning (Ansible)**
+Runs make ansible in infra/:
+Executes playbook.yml against the new EC2 instance.
+Installs Docker, Docker Compose, Python, pip, etc.
+Logs into GHCR to pull images.
+Copies all needed config files, secrets, and scripts.
+Writes the EC2 public IP to .env.production (for Traefik/public routing).
+Copies and sets up backend config, monitoring, and mock data scripts.
+Runs Docker Compose (compose.aws.yml) to start all services (Traefik, app services, Postgres, monitoring, etc).
+Waits for Traefik to be up, then loads mock users and profiles via scripts.
+
+#### Result
+
+The EC2 instance is fully provisioned, running all services via Docker Compose, with Traefik as the reverse proxy.
+All services are accessible via the EC2 public IP (HTTP/HTTPS, depending on your compose config).
+Monitoring (Prometheus, Grafana) and mock data are loaded and ready.
+You can access the website by using the public ip of your deployed ec2,
+Access monitoring by {ec2.public\_ip/prometheus}  {ec2.public\_ip/grafana}
+
+#### Files of Interest
+
+infra/main.tf — Terraform infra definition (EC2, security group)
+infra/playbook.yml — Ansible provisioning and deployment
+infra/compose.aws.yml — Docker Compose stack (all services)
+.github/workflows/aws-ec2-deploy.yml — GitHub Actions workflow for automation
+
+
+Push the button in GitHub Actions, provide secrets, and the workflow will spin up a new EC2, configure it, and deploy the full stack automatically.
+
 ## Endpoint Documentation
 
 The endpoints are documented using OpenAPI or Swagger schemas: