HumanGov: Configuration and Deployment of HumanGov SaaS Application on AWS EC2 Inventory Across US States Using Ansible Securely Storing Configuration Files on AWS Code Commit

In this project based on a real-world scenario, I used the Ansible configuration management automation to configure and deploy the innovative HumanGov SaaS application on AWS EC2 instances that will serve the entire United States, each state with its own independent infrastructure and configuration.

As described in the architecture abstract above, I played the role of a DevOps engineer and provisioned the necessary resources (thanks to terraform) across all the 50 states, including EC2 instances that will host the Jinja2 dynamic webserver using Nginx in a reversed proxy to Gunicorn (application server) through Unix sockets. Then the Gunicorn will be calling the Flask web application using Python scripts. In order to support the new users of the HumanGov application a Dynamodb table will be created as a back-end database, then an S3 bucket will be there as well to store all the files of new users (ID cards, files, pdfs…).

After Provisioning the resources, now it’s time to create Ansible playbooks, that will automatically install the web server, application server and web application inside of the EC2 instances. Ansible inventory was automatically populated after creation of our infrastructure resources, since IAM user roles were used to allow terraform to interact with the AWS services, otherwise many of AccessDenied errors will restrict the provisionning.

After our inventory was created and populated, Ansible roles were utilized to encapsulate tasks, handlers, files, templates and module dependecies in a way to enhance the organization and the scalability of our automated code.

Finally, in order to maintain security best practices and CI/CD principles, our configuration files together with the ones of provisioning the infrastructure, were pushed to AWS CodeCommit that was pre-authenticated with our Cloud9 instance.