Life ConnectLife Connect
Wiki index
Architecture
Services
Concepts
Runbooks
Infra
Swagger Docs
GitHub
Wiki index
Architecture
Services
Concepts
Runbooks
Infra
Swagger Docs
GitHub
  • Cross-cutting concepts

    • EventBridge fanout
    • Atlas Triggers
    • ECS Fargate deploy lifecycle
    • Keycloak hosting
    • Cloudflare Pages auto-deploy
    • Bitbucket Pipelines (legacy)
    • Terraform-managed envs (legacy)
  • Accounting model

    • Accounting model
    • Events catalog
    • Accounting journals
    • Plan of accounts (PCG)
    • Auxiliary accounts
    • FEC fields (Fichier des Écritures Comptables)
    • pieceReference numbering
    • Tenant matrix (payable / receivable)
    • Owner matrix (payable / receivable)
    • Take-over UI display rules
Last updated 2026-05-03

ECS Fargate deploy lifecycle

AI-generated content

This document was generated by an AI assistant. Verify accuracy before relying on the details.

The new infra/ Pulumi project deploys Spring Boot services to AWS ECS Fargate. Each microservice runs as one ECS service, with autoscaling between minTasks and maxTasks (defined per env in infra/src/catalog/services.js). A push to main triggers pulumi up -s staging; a push to the production branch triggers prod deploy with manual approval. PR previews deploy to a dedicated adb-preview AWS account on /deploy PR-comment commands.

At a glance

FactValue
ComputeAWS ECS Fargate, capacity providers FARGATE + FARGATE_SPOT (Spot for non-prod)
NetworkingVPC per env (3 AZs), private subnets for tasks, public ALB with HTTPS only, optional WAFv2 (prod)
Image registryECR in adb-shared AWS account
Image pullCross-account via repository policy scoped to the org
Image tag patternprod/staging: <env>-<sha>. preview: pr-<n>-<sha>.
Health checkALB targets path /actuator/health, ECS task-level same
Deploy strategyrolling, deploymentMinimumHealthyPercent=50, deploymentMaximumPercent=200
ECS ExecEnabled (gated by IAM Debug permission set)
LogsCloudWatch log group per service (/ecs/adb-<env>/<service>), retention 14 d non-prod / 90 d prod

Details

Stack layout

flowchart TB
    push[Push to main / production]
    gha[GitHub Actions: deploy-staging.yml or deploy-production.yml]
    pulumi[pulumi up -s staging|production]
    ecr[ECR: adb-shared]
    network[VPC + subnets + endpoints]
    cluster[ECS Cluster]
    services[ECS Services x9]
    alb[ALB + listener rules]
    sqs[SQS queues from catalog]

    push --> gha --> pulumi
    pulumi --> network
    pulumi --> cluster
    pulumi --> services
    pulumi --> alb
    pulumi --> sqs
    services -.pulls images.-> ecr
    services -.consumes.-> sqs
    alb -->|/api/<service>/*| services

Deploy paths

TriggerWorkflowStackApproval
Push to main.github/workflows/deploy-staging.ymlstagingnone
Push to production branch.github/workflows/deploy-production.ymlproductionGitHub Environment manual approval
/deploy PR comment.github/workflows/pr-deploy.ymlpr-<N> (created on demand)none
/destroy PR comment.github/workflows/pr-destroy.ymlpr-<N> (destroyed)none
PR closed.github/workflows/pr-destroy.ymlpr-<N> (destroyed)none
nightly.github/workflows/nightly-cleanup.ymlsweeps pr-* stacks whose PR closed >24hnone

Per-service plumbing

For every entry in services.js SERVICES, the env stack creates:

  • An ECR-scoped task definition with image adb-shared.dkr.ecr.eu-west-3.amazonaws.com/<image>:<env>-<sha>.
  • A task IAM role with read on its own queues, buckets, and secrets only (least privilege).
  • An ALB listener rule routing /api/<service>/* to a target group with the service's port.
  • Autoscaling on CPU 60% target, between sizing[<env>].minTasks and maxTasks.
  • A CloudWatch log group with the per-env retention.

The whole topology is reproducible: pulumi destroy and pulumi up rebuild it deterministically.

Local mirror

infra/docker/compose.yaml runs the same 9 services + MongoDB replica set + Keycloak + LocalStack (SQS/SNS/S3/Secrets Manager) + Mailpit. The LocalStack init script provisions queues using the same names the catalog produces, so messaging code works locally without changes.

Open questions

  • Container Insights is enabled but no dashboard is provisioned. Worth adding a per-env CloudWatch dashboard with p95 latency, 5xx rate, queue depth, and DLQ count.
  • We deploy from images tagged <env>-<sha> but don't currently restrict which SHAs can deploy. A future hardening: signed images + ECR scan-on-push gating.
  • Spring Boot startup is slow (~30–60 s); healthCheckGracePeriodSeconds on the ECS service may need tuning before the first prod cutover.
Edit this page
Last Updated:
Contributors: Yevhenii Khudolii
Prev
Atlas Triggers
Next
Keycloak hosting