A complete DevOps demonstration showcasing automated deployment of a React.js application using AWS services, Terraform Infrastructure as Code, and GitHub Actions CI/CD pipeline.
- π― Project Overview
- ποΈ Architecture
- π οΈ Technologies Used
- β‘ Quick Start
- π§ Local Development
- βοΈ AWS Deployment
- π CI/CD Pipeline
- π Project Structure
- π Security Features
- π° Cost Optimization
- π Learning Resources
- π€ Contributing
This project demonstrates production-grade frontend deployment using modern DevOps practices. It's designed to showcase skills in:
- Infrastructure as Code with Terraform
- Automated CI/CD with GitHub Actions
- AWS Cloud Services integration
- Security best practices
- Cost-effective architecture
β
Fully Automated Deployment - Push to main branch triggers complete deployment
β
Secure Architecture - Private S3 bucket with CloudFront OAI
β
Global Content Delivery - CloudFront CDN for worldwide performance
β
Infrastructure as Code - Reproducible infrastructure with Terraform
β
Zero-Downtime Deployments - Automated cache invalidation
β
Cost Optimized - Serverless architecture with minimal costs
βββββββββββββββββββ ββββββββββββββββββββ βββββββββββββββββββ
β Developer βββββΆβ GitHub Actions βββββΆβ AWS Cloud β
β (git push) β β CI/CD β β β
βββββββββββββββββββ ββββββββββββββββββββ βββββββββββββββββββ
βΌ
ββββββββββββββββββββ
β React Build β
β (npm run build)β
ββββββββββββββββββββ
βΌ
ββββββββββββββββββββ
β S3 Bucket β
β (Static Files) β
ββββββββββββββββββββ
βΌ
ββββββββββββββββββββ
β CloudFront β
β (Global CDN) β
ββββββββββββββββββββ
βΌ
ββββββββββββββββββββ
β End Users β
β (Worldwide) β
ββββββββββββββββββββ
| Service | Purpose | Configuration |
|---|---|---|
| S3 | Static file storage | Private bucket with encryption |
| CloudFront | Global CDN | HTTPS redirect, caching optimized |
| IAM | Access management | OIDC provider, roles, policies |
| Route 53 | DNS (optional) | Custom domain support |
- React 18 - Modern UI library
- Vite - Fast build tool
- TypeScript - Type safety
- Tailwind CSS - Utility-first styling
- Terraform - Infrastructure as Code
- AWS CLI - Command-line interface
- GitHub Actions - CI/CD automation
- Git - Version control
- GitHub - Repository hosting
- OIDC - Secure authentication
- AWS Account with appropriate permissions
- GitHub Account
- Node.js 18+ installed
- Git installed
- Terraform installed (1.0+)
- AWS CLI configured
-
Clone the repository
git clone https://github.com/vinsin21/cloud-quiz-craft.git cd cloud-quiz-craft -
Configure AWS credentials
aws configure # Enter your AWS Access Key ID, Secret Access Key, and region -
Update Terraform variables
cd terraformEdit
terraform.tfvars:aws_region = "ap-south-1" # Your preferred region bucket_name_prefix = "your-project-bucket-" github_username = "your-github-username" github_repository = "your-repo-name"
-
Deploy infrastructure
terraform init terraform plan terraform apply
-
Save outputs for GitHub Actions
terraform output
# Install dependencies
npm install
# Start development server
npm run dev
# Access application
open http://localhost:5173# Create production build
npm run build
# Preview production build
npm run preview# Run tests
npm test
# Run linting
npm run lint
# Type checking
npm run type-check# Build the application
npm run build
# Deploy to S3
aws s3 sync dist/ s3://your-bucket-name --delete
# Invalidate CloudFront cache
aws cloudfront create-invalidation \
--distribution-id YOUR_DISTRIBUTION_ID \
--paths "/*"resource "aws_s3_bucket" "cloudquiz_bucket" {
bucket_prefix = var.bucket_name_prefix
force_destroy = true
# Security configurations
# - Block public access
# - Server-side encryption
# - Versioning disabled for cost optimization
}resource "aws_cloudfront_distribution" "s3_cloudquiz_distribution" {
# Global edge locations
# HTTPS redirect enforcement
# Optimized caching for static assets
# Origin Access Identity for security
}# GitHub OIDC Provider for secure authentication
# IAM role for GitHub Actions
# Minimal required permissions (principle of least privilege)The CI/CD pipeline automatically triggers on push to main branch:
name: Deploy to AWS S3
on:
push:
branches: [ main ]
jobs:
deploy:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Checkout code
- name: Setup Node.js
- name: Install dependencies
- name: Build React app
- name: Configure AWS credentials (OIDC)
- name: Deploy to S3
- name: Invalidate CloudFront cacheAdd these secrets in your GitHub repository settings:
| Secret Name | Description | Example |
|---|---|---|
AWS_REGION |
AWS deployment region | ap-south-1 |
AWS_ROLE_TO_ASSUME |
IAM role ARN for GitHub Actions | arn:aws:iam::123456789012:role/... |
S3_BUCKET |
S3 bucket name | cloudquiz-bucket-20240101123456 |
CLOUDFRONT_DISTRIBUTION_ID |
CloudFront distribution ID | E1ABCD234567890 |
β
Automated Testing - Runs linting and type checking
β
Secure Authentication - Uses OIDC instead of AWS keys
β
Atomic Deployments - Complete deployment or rollback
β
Cache Invalidation - Immediate content updates
β
Build Optimization - Minified and optimized assets
cloud-quiz-craft/
βββ π src/ # React application source
β βββ π components/ # Reusable UI components
β βββ π pages/ # Page components
β βββ π hooks/ # Custom React hooks
β βββ π lib/ # Utility functions
β βββ π data/ # Static data files
βββ π public/ # Static assets
βββ π terraform/ # Infrastructure as Code
β βββ π main.tf # Main Terraform configuration
β βββ π variables.tf # Input variables
β βββ π output.tf # Output values
β βββ π provider.tf # Provider configuration
β βββ π terraform.tfvars # Variable values
βββ π .github/workflows/ # CI/CD pipeline
β βββ π deploy.yml # GitHub Actions workflow
βββ π package.json # Node.js dependencies
βββ π vite.config.ts # Vite configuration
βββ π tailwind.config.ts # Tailwind CSS configuration
βββ π .gitignore # Git ignore rules
βββ π README.md # This file- Private S3 Bucket - No public access allowed
- Origin Access Identity - Only CloudFront can access S3
- HTTPS Enforcement - All traffic redirected to HTTPS
- IAM Best Practices - Principle of least privilege
- Server-Side Encryption - All files encrypted at rest
- OIDC Authentication - No long-lived AWS credentials stored
- Repository-specific Access - IAM role limited to specific repo
- Secure Secrets Management - GitHub repository secrets
- Audit Trail - All deployments logged and traceable
| Service | Estimated Cost | Notes |
|---|---|---|
| S3 Standard | $0.50 - $2.00 | Based on storage used |
| CloudFront | $0.00 - $1.00 | Free tier: 1TB transfer |
| Route 53 | $0.50 | If using custom domain |
| Total | $1.00 - $3.50 | Very cost-effective |
β
S3 Standard Storage - Cost-effective for frequently accessed files
β
CloudFront Free Tier - 1TB monthly transfer included
β
No EC2 Instances - Serverless architecture
β
Efficient Caching - Reduced origin requests
β
Automated Cleanup - Old build artifacts removed
-
AWS Fundamentals
-
Terraform Learning
-
GitHub Actions
- AWS CDK vs Terraform comparison
- Multi-environment deployment strategies
- Blue-green deployments with CloudFront
- Monitoring and alerting with CloudWatch
- Security scanning in CI/CD pipelines
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
- Add monitoring and alerting
- Implement blue-green deployments
- Add automated testing in CI/CD
- Create Kubernetes deployment option
- Add custom domain setup guide
Vinsin Patel - AWS DevOps Engineer
π§ Email: [email protected]
πΌ LinkedIn: linkedin.com/in/vinsin21
π GitHub: @vinsin21
This project is licensed under the MIT License - see the LICENSE file for details.
β If this project helped you learn AWS DevOps, please give it a star! β