Building an End-to-End DevOps Project on AWS using Terraform, Kubernetes, Jenkins (CI/CD), GitOps, ArgoCD with Full Prometheus Monitoring & Grafana Visualization
In this project, I build a full end-to-end DevOps project on AWS with GitOps workflow. The entire infrastructure was provisioned using Terraform, with state and lock management in AWS S3. The application code is managed on GitHub, and a webhook triggers Jenkins to clone the repo, build a Docker image, push it to Amazon ECR, and update a GitOps-managed repo. ArgoCD watches this repo and automatically deploys to Amazon EKS, using Kubernetes Deployments for app pods and StatefulSets for database pods, backed by Amazon EFS for persistent storage. External access is routed via an Ingress Controller using AWS ALB, secured by AWS Certificate Manager (ACM) and Route 53 for DNS. The entire stack is monitored by Prometheus and visualized through Grafana, with RBAC controlling access and alerts sent via email for any failures in Jenkins pipelines or unhealthy services.
The tech stack includes Terraform, GitHub, Jenkins, Docker, ArgoCD, Helm, Kubernetes, AWS EKS, ECR, EFS, ALB, ACM, Route 53, Prometheus, Grafana, ConfigMap, Secrets, RBAC, and more β delivering a robust, automated, scalable, and secure DevOps pipeline.
- Project Overview
- Architecture
- Tech Stack
- Prerequisites
- Quick Start
- Detailed Setup Guide
- Monitoring & Alerts
This project implements a complete GitOps workflow on AWS with automated infrastructure provisioning, continuous integration/deployment, and comprehensive monitoring. The application is a Python Django web application with MySQL database, deployed on Amazon EKS with persistent storage using EFS.
- Infrastructure as Code: Complete AWS infrastructure managed with Terraform
- CI/CD Pipeline: Jenkins automated build and deployment pipeline
- GitOps Workflow: ArgoCD for Kubernetes deployment automation
- Container Orchestration: Kubernetes with EKS for scalable deployments
- Persistent Storage: EFS-backed storage for database and application data
- Load Balancing: AWS ALB with SSL termination via ACM
- Monitoring: Prometheus metrics collection with Grafana visualization
- Security: RBAC, secrets management, and network security groups
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
β GitHub Repo β β Jenkins CI β β ArgoCD CD β
β βββββΆβ βββββΆβ β
β Application β β Build & Push β β Deploy to EKS β
β Code β β to ECR β β β
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
β
βΌ
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
β Prometheus β β Grafana β β EKS Cluster β
β Monitoring ββββββ Dashboard β β β
β β β β β App + DB Pods β
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
β
βΌ
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
β Route 53 β β ACM β β EFS Storage β
β DNS βββββΆβ SSL Cert βββββΆβ Persistent β
β β β β β Volumes β
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
- Terraform - Infrastructure as Code
- AWS EKS - Kubernetes cluster
- AWS ECR - Container registry
- AWS EFS - Persistent storage
- AWS ALB - Load balancer
- AWS ACM - SSL certificates
- Route 53 - DNS management
- Jenkins - CI/CD pipeline
- ArgoCD - GitOps deployment
- Docker - Containerization
- GitHub - Source code & GitOps repo
- Prometheus - Metrics collection
- Grafana - Visualization & dashboards
- AlertManager - Alert management
- Python Django - Web application
- MySQL - Database
- Kubernetes - Container orchestration
Before starting, ensure you have the following:
- AWS account with appropriate permissions
- S3 bucket for Terraform backend (create manually first)
- Domain name for Route 53 (optional but recommended)
- GitHub account
- Personal access token with repo permissions
- Two repositories:
- Main application repository
- GitOps repository for Kubernetes manifests
git clone https://github.com/yourusername/Building-an-End-to-End-DevOps-Project-on-AWS.git
cd Building-an-End-to-End-DevOps-Project-on-AWSaws configure
# Enter your AWS Access Key ID, Secret Access Key, and default region (ap-southeast-1)aws s3 mb s3://terraform-devops-backend-file --region ap-southeast-1cd Terraform
terraform init
terraform plan
terraform applyFollow the detailed setup guide below for complete configuration.
- Update the S3 bucket name in
Terraform/provider.tf:
terraform {
backend "s3" {
bucket = "your-terraform-backend-bucket"
region = "ap-southeast-1"
key = "terraform.tfstate"
encrypt = true
use_lockfile = true
}
}cd Terraform
terraform init
terraform plan
terraform apply -auto-approveThis will create:
- VPC with public/private subnets
- EKS cluster
- ECR repository
- EFS file system
- EC2 instance for Jenkins
- Route 53 hosted zone
- ACM certificate
aws eks update-kubeconfig --region ap-southeast-1 --name your-eks-cluster-name
kubectl get nodes# Get the public IP of your Jenkins EC2 instance
aws ec2 describe-instances --filters "Name=tag:Name,Values=Jenkins-Server" --query 'Reservations[].Instances[].PublicIpAddress' --output text
# SSH to the server
ssh -i your-key.pem ubuntu@<jenkins-public-ip>Follow the installation guide in Install and Configuration/Jenkins, Docker and AWS CLi installation.txt
- Access Jenkins UI (http://jenkins-public-ip:8080)
- Add GitHub token as credential:
- Go to Manage Jenkins > Credentials > System > Global credentials
- Add new credential:
- Kind: Secret text
- ID: GITHUB_TOKEN
- Secret: Your GitHub personal access token
- Create new Pipeline job
- Configure webhook trigger from GitHub
- Use the Jenkinsfile from
Jenkins_cicd/Jenkinsfile
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yamlkubectl port-forward svc/argocd-server -n argocd 8080:443
# Access https://localhost:8080
# Default username: admin
# Get password: kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d- Create application pointing to your GitOps repository
- Set path to
Kubernetes with ArgoCD/ - Enable auto-sync
- Update image references in Kubernetes manifests
- Configure database credentials in secrets
- Update domain name in ingress configuration
kubectl apply -f "Kubernetes with ArgoCD/"kubectl create namespace monitoring
kubectl apply -f "Install and Configuration/prometheus yml file.txt"kubectl apply -f "Install and Configuration/Grafana installation.txt"- Access Grafana (port-forward or ingress)
- Import Prometheus as data source
- Import monitoring dashboards
- Metrics collection from Kubernetes pods
- Custom metrics for application health
- Alert rules for critical failures
- Kubernetes cluster overview
- Application performance metrics
- Database monitoring
- Jenkins pipeline status
- Email alerts for pipeline failures
- Service health monitoring
- Resource utilization alerts
Terraform/- Infrastructure as CodeJenkins_cicd/Jenkinsfile- CI/CD pipelineKubernetes with ArgoCD/- Kubernetes manifestsInstall and Configuration/- Setup scripts and configs
AWS_REGION=ap-southeast-1
AWS_ACCOUNT_ID=your-account-id
GITHUB_TOKEN=your-github-token