Project starting point — what you were given
You joined as a DevOps engineer with access to the application’s codebase only. From that starting point the first working setup was deliberately simple and meant to validate the application end-to-end:- Access to the AWS CodeCommit repository for source control.
- An AWS Cloud9 development environment for quick, browser-based development.
- Containerization of the application (Docker) and local validation of the container image.
Key technical learnings and trade-offs
During the project you made several architecture and operational decisions. Each choice had trade-offs related to reliability, scalability, and team productivity:- Docker image tagging strategies — immutable tags (e.g., content-hash) vs. mutable tags (e.g.,
latest) and how mutable tags can cause unpredictable deployments. - Amazon ECS as the chosen container orchestration platform to run Docker containers in a managed service.
- CI/CD design using AWS services (CodeCommit, CodeBuild, CodePipeline) for automated builds and deployments.
- Safe rollback and deployment reliability strategies such as blue/green or canary deployments and use of Application Load Balancer (ALB) for traffic shifting.
Prefer immutable Docker image tags (for example, the image digest or a unique build number) to ensure reproducible, auditable deployments and simpler rollback procedures.
Architectural evolution: Monolith → Microservices
You refactored by separating concerns into distinct services. The product functionality and the login/authentication functionality were decoupled into separate services and repositories. Each service has its own build and deployment pipeline, enabling independent releases and reducing cross-team coupling. Benefits of this refactor include:- Independent deployability for each team.
- Reduced blast radius for failures.
- Finer-grained scaling per service to optimize cost and performance.
- Clearer ownership and faster CI/CD cycles.

Side-by-side: Initial vs Final architecture
Recommended next steps and operational best practices
- Adopt immutable image tagging and store images in Amazon ECR with proper lifecycle policies.
- Implement deployment strategies that minimize downtime: blue/green or canary deployments with accurate health checks on the ALB.
- Automate observability: centralized logging (CloudWatch Logs), metrics (CloudWatch / Prometheus), and distributed tracing.
- Harden CI/CD pipelines with automated tests, security scans (container image scanning), and IAM least-privilege for build/deploy roles.
- Document service contracts and API versioning to reduce integration friction between teams.