TurboVets – ECS Fargate Topology

← Back to Documentation Hub

👤 End Users

Access via Browser
HTTPS Only (Port 443)
301 Redirect from HTTP

https://aws-docker-terrafrom-github-actions.marvinmeite.cloud

⬇️

Route 53 & ACM

Hosted Zone: Alias Record → ALB
ACM: Public SSL/TLS Certificate
DNS Validation enabled

GitHub Actions (CI/CD)

Triggers: Push/Dispatch

Build: Multi-stage Docker build
Tag: Commit SHA
Secrets: AWS_KEYS injected
CDKTF: npm install & deploy

CDK for Terraform

TypeScript IaC
Manages State & Locking

S3 + DynamoDB

S3: Remote tfstate storage
Encryption: AES256 (Server-side)
DynamoDB: State locking table

Amazon ECR

Repo: turbovets-app
Policy: Scan on push
Managed by CI (prevents deletion)

☁️ AWS Region (us-east-1)

VPC 10.0.0.0/16

Internet Gateway & Routes

Attached to VPC
Route Table: 0.0.0.0/0 → IGW
Associated with Public Subnets

CloudWatch Logs

Group: /ecs/turbovets-app-prod
Centralized task logging
Retention policies applied

Application Load Balancer

Multi-AZ

Internet Facing

Listener HTTPS: Port 443 (Cert attached)
Listener HTTP: Port 80 (301 Redirect)
Target Group: IP Mode (Fargate)
Health Check: /health

🛡️ ALB Security Group

Inbound: 0.0.0.0/0 (80/443)
Outbound: To ECS SG (Port 3000)

Availability Zone 1

🔓 Public Subnet A 10.0.1.0/24

ECS Fargate Task RUNNING

CPU: 256 (.25 vCPU) Mem: 512 MB Desired: 1

📦 Docker Container

Image: Node.js 22 Alpine
Env: PORT=3000, AWS_REGION
App: Serves endpoints / and /health

🛡️ ECS Security Group

Inbound: Port 3000 (From ALB Only)

IAM Roles

Execution Role: Pull ECR, Push Logs
Task Role: App specific AWS SDK calls

Availability Zone 2

🔓 Public Subnet B 10.0.2.0/24

🐳 HA / Failover Capacity

Subnet configured for high availability. ALB automatically routes here if traffic spikes or AZ-1 fails.

Same Security Groups Same Route Table