ECS Fargate Migration

The target deployment architecture migrates from EC2 to ECS Fargate — AWS's serverless container platform. This provides container isolation, auto-scaling, and eliminates server management.

Target Architecture

┌─────────────────────────────────────────────────────────────┐
│                        AWS VPC                              │
│                                                             │
│  ┌────────────────────────────────────────────────────────┐  │
│  │  Public Subnet                                        │  │
│  │  ┌─────────────────────────────────────────────────┐   │  │
│  │  │  Application Load Balancer (ALB)               │   │  │
│  │  │  - TLS termination (ACM certificate)           │   │  │
│  │  │  - Health checks                               │   │  │
│  │  │  - WAF integration                             │   │  │
│  │  └──────────────────────┬──────────────────────────┘   │  │
│  └─────────────────────────┼──────────────────────────────┘  │
│                            │                                 │
│  ┌─────────────────────────┼──────────────────────────────┐  │
│  │  Private Subnet         │                              │  │
│  │                         ▼                              │  │
│  │  ┌─────────────────────────────────────────────────┐   │  │
│  │  │  ECS Fargate Service                           │   │  │
│  │  │  ┌───────────────┐  ┌───────────────┐          │   │  │
│  │  │  │  Task 1       │  │  Task 2       │          │   │  │
│  │  │  │  (API Server) │  │  (API Server) │          │   │  │
│  │  │  └───────────────┘  └───────────────┘          │   │  │
│  │  └─────────────────────────────────────────────────┘   │  │
│  │                                                        │  │
│  │  ┌─────────────────────────────────────────────────┐   │  │
│  │  │  ECS Fargate Service                           │   │  │
│  │  │  ┌───────────────┐                             │   │  │
│  │  │  │  Task         │                             │   │  │
│  │  │  │  (Temporal    │                             │   │  │
│  │  │  │   Worker)     │                             │   │  │
│  │  │  └───────────────┘                             │   │  │
│  │  └─────────────────────────────────────────────────┘   │  │
│  │                                                        │  │
│  │  ┌────────────────────┐  ┌─────────────────────────┐   │  │
│  │  │  RDS PostgreSQL   │  │  ElastiCache Redis     │   │  │
│  │  │  (future)         │  │  (future)              │   │  │
│  │  └────────────────────┘  └─────────────────────────┘   │  │
│  └────────────────────────────────────────────────────────┘  │
│                                                             │
│  ┌────────────────────────────────────────────────────────┐  │
│  │  AWS Services                                         │  │
│  │  ┌──────────┐ ┌───────────┐ ┌────────────┐ ┌───────┐ │  │
│  │  │ Secrets  │ │CloudWatch │ │   ECR      │ │  IAM  │ │  │
│  │  │ Manager  │ │  Logs     │ │ (Images)   │ │ Roles │ │  │
│  │  └──────────┘ └───────────┘ └────────────┘ └───────┘ │  │
│  └────────────────────────────────────────────────────────┘  │
└─────────────────────────────────────────────────────────────┘

Benefits Over EC2

Feature	EC2 (Current)	ECS Fargate (Target)
Server management	Manual patches, SSH access	No servers to manage
Scaling	Manual (resize instance)	Auto-scaling based on load
Isolation	Shared process space	Container isolation per service
Secrets	.env files on disk	AWS Secrets Manager (runtime injection)
Logging	Local files	CloudWatch (centralized, searchable)
Deployment	Manual SSH + git pull	CI/CD with rolling deployment
Networking	Public IP, open ports	Private subnet, ALB only
Cost	Always-on instance	Pay per task runtime

Migration Steps

Containerize the Application Create Dockerfiles for the API server and Temporal worker. Test locally with Docker Compose.

Set Up ECR Create an ECR repository for container images. Push images via CI/CD.

Configure ECS Create ECS cluster, task definitions, and services. Configure ALB with health checks.

Migrate Secrets Move all secrets from .env to AWS Secrets Manager. Update task definitions to reference secrets.

Set Up CI/CD GitHub Actions pipeline: build → test → push to ECR → deploy to ECS.

DNS Cutover Point durableminds.steadybase.io to the ALB. Verify, then decommission EC2.

CI/CD Pipeline (Planned)

# .github/workflows/deploy.yml
name: Deploy to ECS
on:
  push:
    branches: [main]
 
jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Build and push to ECR
        # Build Docker image, push to ECR
      - name: Deploy to ECS
        # Update ECS service with new task definition

Timeline

Step	Target
Dockerize application	Phase 2, Week 1-2
ECR + ECS setup	Phase 2, Week 2-3
Secrets Manager migration	Phase 2, Week 3-4
CI/CD pipeline	Phase 2, Week 4-5
DNS cutover + EC2 decommission	Phase 2, Week 6

ECS Migration