Phase 6 GUI: CI/CD Pipeline - AWS Console Guide

Prerequisites

All previous phases (1-5) completed
GitHub repository with your code
AWS IAM user with programmatic access
Cloudflare account with API token

Step 1: Configure GitHub Secrets

🔐 What are GitHub Secrets?
GitHub Secrets securely store credentials for CI/CD workflows. They're encrypted and never exposed in logs.

1.1

Add AWS Credentials to GitHub

1

Go to your GitHub repository
2

Click "Settings" tab
3

In left sidebar, click "Secrets and variables" → "Actions"
4

Click "New repository secret"
5

Add the following secrets one by one:

AWS_ACCESS_KEY_ID - Your AWS access key
AWS_SECRET_ACCESS_KEY - Your AWS secret key
AWS_REGION - us-east-1
ECR_REPOSITORY - helium-backend
ECS_CLUSTER - helium-production-cluster
ECS_SERVICE - helium-backend-service
CLOUDFLARE_API_TOKEN - Your Cloudflare API token

Security Best Practice

Create a dedicated IAM user for CI/CD with minimal permissions. Don't use your admin credentials!

1.2

Get Cloudflare API Token

1

Go to Cloudflare Dashboard
2

Click your profile icon → "My Profile"
3

Click "API Tokens" in left sidebar
4

Click "Create Token"
5

Use template: Edit Cloudflare Workers
6

Click "Continue to summary"
7

Click "Create Token"
8

Copy the token (you won't see it again!)
9

Add it to GitHub Secrets as CLOUDFLARE_API_TOKEN

Step 2: Create GitHub Actions Workflow

⚠️ Note: This step requires creating a file in your repository. You can do this through GitHub's web interface!

2.1

Create Workflow File via GitHub Web

1

Go to your GitHub repository
2

Click "Actions" tab
3

Click "New workflow"
4

Click "set up a workflow yourself"
5

Name the file: deploy-backend.yml
6

Copy and paste the workflow code (see below)
7

Click "Commit changes"

name: Deploy Backend to ECS

on:
  push:
    branches: [ main ]
    paths:
      - 'backend/**'
  workflow_dispatch:

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ secrets.AWS_REGION }}
      
      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v2
      
      - name: Build and push Docker image
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
          IMAGE_TAG: ${{ github.sha }}
        run: |
          cd backend
          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
          docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:latest
          docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
      
      - name: Update ECS service
        run: |
          aws ecs update-service \
            --cluster ${{ secrets.ECS_CLUSTER }} \
            --service ${{ secrets.ECS_SERVICE }} \
            --force-new-deployment
                

Step 3: Monitor Deployments

3.1

View GitHub Actions Runs

1

Go to your GitHub repository
2

Click "Actions" tab
3

You'll see all workflow runs
4

Click on any run to see details
5

Click on job steps to see logs

✅ Success Indicators:
• Green checkmark on workflow run
• All steps completed successfully
• ECS service updated
• New tasks running

3.2

Verify Deployment in AWS Console

AWS Console Navigation

AWS Console → ECS → Clusters → helium-production-cluster

1

Click on helium-backend-service
2

Click "Deployments and events" tab
3

Verify new deployment is in progress or completed
4

Click "Tasks" tab
5

Verify new tasks are running with latest image

Step 4: Verify Cloudflare Pages Auto-Deploy

4.1

Check Cloudflare Pages Deployments

1

Go to Cloudflare Dashboard
2

Click "Workers & Pages"
3

Click on your project: helium-frontend
4

Click "Deployments" tab
5

Verify deployments trigger automatically on git push

ℹ️ Automatic Deployments:
Cloudflare Pages automatically deploys when you push to your main branch. No additional configuration needed!

4.2

Test Automatic Deployment

1

Make a small change to your frontend code

Example: Update a text in your homepage
2

Commit and push to main branch
3

Go to GitHub Actions tab
4

Watch the workflow run in real-time
5

Go to Cloudflare Pages deployments
6

Verify new deployment started automatically
7

Wait for deployment to complete (3-5 minutes)
8

Visit your website and verify the change is live

Phase 6 Verification Checklist

GitHub Secrets configured
AWS credentials added
Cloudflare API token added
GitHub Actions workflow created
Test deployment successful
Backend auto-deploys on push
Frontend auto-deploys on push
Deployment monitoring working
No errors in workflow runs

What's Next?

Now that your deployment is complete, consider these next steps:

Set up monitoring dashboards
Configure backup strategies
Implement disaster recovery plan
Optimize costs with Reserved Instances
Add WAF rules for security
Set up performance monitoring
Create staging environment
Document your architecture

CI/CD Pipeline Setup