ECS Fargate Infrastructure for Multi-Service EdTech Platform
Built a production AWS platform with Terraform to run 5 containerized services on ECS Fargate in both dev and production.
Traffic is protected end‑to‑end: Cloudflare → ALBs → private subnets. I also added event-driven workflows (Lambda/EventBridge/SQS) for things like calendar reminders and webhook handling (Stripe, Google Calendar, CometChat).
Includes CloudFront + S3 for static assets, auto-scaling, CloudWatch alarms + SNS alerts, and centralized secrets management to keep operations clean and predictable.
What this covers
Cloudflare
Cloudflare proxy + Origin CA, TLS hardening (TLS 1.2+), HSTS, and ALB access locked down to Cloudflare.
ECS Fargate
Fargate cluster running 5 services with health checks, autoscaling, and Container Insights for visibility.
Multi-Service
5 independent services (backend, primary frontend, calendar, meetings, drive) — each with its own ECR repo, task definition, and target group.
Multi-Environment
Separate dev (us‑west‑1) and prod (us‑east‑2) setups with isolated VPCs, secrets, logging, and domains.
Serverless
Lambdas triggered via EventBridge/SQS (with DLQs) for reminders and webhook processors.
Networking
VPC split into public/private subnets, NAT where needed, and security groups tightened to reduce exposure.
Monitoring
CloudWatch alarms for key failure signals (CPU/memory, 5xx, DLQ depth, Lambda errors) with SNS email alerts.
Storage
S3 with encryption + lifecycle policies, served through CloudFront with correct CORS and caching behavior.