Phase 2: Container Migration

Status: Planned | Target: Q2 2026

Phase 2 migrates Steadybase from a single EC2 instance to ECS Fargate — AWS's serverless container platform — while moving secrets to AWS Secrets Manager and implementing CI/CD.

Goals

1. Container isolation — Each service runs in its own container
2. No server management — Fargate eliminates SSH, patching, and OS maintenance
3. Secrets management — Move from .env files to AWS Secrets Manager
4. Automated deployment — CI/CD pipeline via GitHub Actions
5. Centralized logging — CloudWatch for all services

Planned Work

Infrastructure

• Dockerize the API server
• Dockerize the Temporal worker
• Set up ECR (Elastic Container Registry)
• Create ECS cluster and services
• Configure Application Load Balancer (ALB)
• Set up VPC with public/private subnets
• Configure security groups

Secrets Manager

• Migrate TEMPORAL_TLS_CERT to Secrets Manager
• Migrate TEMPORAL_TLS_KEY to Secrets Manager
• Migrate VAPI_API_KEY to Secrets Manager
• Migrate SLACK_BOT_TOKEN to Secrets Manager
• Migrate SLACK_SIGNING_SECRET to Secrets Manager
• Migrate JWT signing key to Secrets Manager
• Migrate invite codes to Secrets Manager
• Update ECS task definitions to reference secrets
• Remove .env files from all environments

CI/CD

• GitHub Actions workflow: build + test
• Docker image build and push to ECR
• ECS rolling deployment on merge to main
• Environment-specific deployments (staging, production)
• Security scanning in CI pipeline (Snyk/Trivy)

Monitoring

• CloudWatch log groups for all services
• CloudWatch alarms for error rates, latency
• Health check endpoints monitored by ALB
• Container-level metrics (CPU, memory, network)

Timeline

Dependencies

• Phase 1 security hardening substantially complete
• AWS account with ECS, ECR, Secrets Manager, and ALB permissions
• GitHub repository connected to GitHub Actions