This repository contains the Swashflag application, structured as a monorepo with frontend and backend applications. This document explains the simplified AWS deployment workflow using manually created AWS resources.
swash-flag-monorepo/
├── apps/
│ ├── frontend/ # React/Vite frontend application
│ ├── backend/ # Node.js backend application
├── terraform/ # Deployment configuration
├── .github/
│ └── workflows/ # GitHub Actions workflows
├── docs/ # Documentation
└── packages/ # Shared packages (if any)
Instead of creating infrastructure via Terraform, we now use manually created AWS resources:
- VPC: Created manually in AWS Console
- Subnets:
- Created subnets across multiple availability zones
- Example:
subnet-example123in us-west-2a
- Security Groups:
- Database SG: For PostgreSQL access
- Backend SG: For application access
- RDS Database:
- Endpoint:
your-database.region.rds.amazonaws.com - Database name: Example
swashflag
- Endpoint:
- EC2 Instance:
- Hosts the Node.js backend application
- Example public DNS:
ec2-xx-xxx-xxx-xx.region.compute.amazonaws.com
- S3 & CloudFront:
- S3 Bucket: For static frontend assets
- CloudFront: For content delivery
Note: For security reasons, actual resource IDs, endpoints, and URIs have been replaced with examples in this documentation. When you create your own resources, you'll have your specific values to use.
The deployment is automated using GitHub Actions:
-
Backend Deployment:
- Code is packaged and uploaded to the EC2 instance
- Environment variables are configured
- Application is started/restarted using PM2
-
Frontend Deployment:
- Code is built with the correct backend API URL
- Built files are synced to S3
- CloudFront cache is invalidated
Terraform is now used only for deployment orchestration, not infrastructure creation. The configuration:
- References existing AWS resources via data sources
- Defines deployment processes for both frontend and backend
- Provides outputs for important URLs and connection details
- AWS CLI configured with appropriate permissions
- Node.js and npm/pnpm installed
- SSH key for EC2 access
-
Clone the repository:
git clone <repository-url> cd swash-flag-monorepo -
Install dependencies:
pnpm install -
Configure environment:
- Copy
.env.examplefiles to.envin both frontend and backend directories - Update with appropriate values for local development
- Copy
-
Start development servers:
pnpm run dev --filter=frontend pnpm run dev --filter=backend
-
Set up AWS credentials:
export AWS_ACCESS_KEY_ID=your-access-key export AWS_SECRET_ACCESS_KEY=your-secret-key -
Set environment variables for sensitive information:
export TF_VAR_db_password=your-db-password export TF_VAR_encryption_key=your-encryption-key export TF_VAR_jwt_secret=your-jwt-secret -
Deploy using Terraform:
cd terraform terraform init terraform apply
Push to the main branch to trigger the GitHub Actions workflow.
- Backend:
apps/backend/.env.production - Frontend:
apps/frontend/.env.production - Terraform:
terraform/terraform.tfvars - GitHub Actions:
.github/workflows/front-and-back-deploy.yml
For the GitHub Actions workflow to function, set these repository secrets:
AWS_ACCESS_KEY_ID: AWS access keyAWS_SECRET_ACCESS_KEY: AWS secret keyDB_PASSWORD: Database passwordENCRYPTION_KEY: Backend encryption keyJWT_SECRET: JWT authentication secretEC2_SSH_PRIVATE_KEY: Private SSH key for EC2 accessCLOUDFRONT_DISTRIBUTION_ID: CloudFront distribution ID (optional)
- Sensitive values are stored in GitHub secrets and passed securely to the deployment process
- Local development should use separate environment variables from production
- Never commit sensitive credentials or resource identifiers to the repository
- Do not include actual AWS resource IDs in documentation in public repositories
- Restrict access to your AWS resources using appropriate IAM policies and security groups
See the terraform/README.md file for detailed troubleshooting steps.