...
The AWS configuration and deployment is managed by Terraform. It is located in the GitHub repository.
The infrastructure definitions are owned by Martin Wenisch and any changes have to be reviewed by him.
The deployment pipelines (GitHub Actions)
Terraform Apply on Push - triggers the Terraform init
Deploy backend to ECS - uploading the new server version to the Docker repository and trigger a redeploy
GitHub Secrets
We use GitHub Secrets to hide access keys and passwords in our public repository. The GitHub Secrets are use in the Actions where provides secret values for the deployment process (access to AWS) or secrets needed by a pod.
Flow: Github Actions Secret → GitHub Actions → Terraform environment variable → Pod template with predefined system environment variables
AWS connection and deployment secrets
AWS_ACCESS_KEY_ID
AWS_REGION
AWS_REPOSITORY
AWS_SECRET_ACCESS_KEY
CERTIFICATE_ARN
Application secrets
DATABASE_PASSWORD
The password to the PostgreSQL database.
GOOGLE_APPLICATION_CREDENTIALS
The Firebase credentials for the Firebase Admin SDK. The secret contains the content of the JSON file downloaded from the Admin console.
Access to logs
We can get a read-only access the AWS CloudWatch. If you need the access please ask Martin Wenisch .
...