Production-grade real-time chat application built with the MERN stack and Socket.io, deployed end-to-end on AWS with a CI/CD pipeline, infrastructure as code, and observability baked in from day one.

• ›Real-time messaging with Socket.io — typing indicators, online presence, read receipts
• ›JWT authentication with refresh token rotation
• ›Group chats, file uploads, message reactions
• ›Nginx reverse proxy on AWS EC2 handling all traffic on port 80
• ›GitHub Actions pipeline deploying to ECS on every push
• ›Terraform managing the entire AWS infrastructure as code
• ›Prometheus metrics for backend observability

Serverless backend with persistent NoSQL storage

A fully serverless REST API built on AWS — API Gateway routing to Lambda with DynamoDB as the persistent store. IAM scoped to the minimum required action on a single table ARN.

• ›Least-privilege IAM — inline policy scoped to a single table ARN and single action
• ›Lambda proxy integration with API Gateway for full request/response passthrough
• ›CORS handled at both API Gateway and Lambda level
• ›DynamoDB as the NoSQL persistent layer — no server to manage

Network isolation + secure admin access

A production-grade VPC from scratch — public and private subnets across AZs, NAT Gateway for outbound-only private traffic, and a Bastion Host as the sole SSH entry point.

• ›Security group referencing (SG-to-SG, not CIDR) — no IP whitelisting drift
• ›SSH agent forwarding through Bastion — private instances never hold keys
• ›NAT Gateway verified: outbound internet from private subnet confirmed via curl
• ›Route tables configured per subnet — public IGW, private NAT

Infrastructure as Code — zero manual steps after terraform apply

Full IaC — EC2 provisioned, Nginx installed and running, SSH locked to your IP, all from a single terraform apply. No manual steps after the command completes.

• ›SSH access restricted to var.my_ip — no default value, plan fails if unset
• ›cloud-init handles Nginx installation and startup at first boot
• ›Security group allows only port 80 (public) and port 22 (your IP only)
• ›Full teardown with terraform destroy — no orphaned resources

High availability + multi-AZ traffic distribution

ALB distributing traffic across EC2 instances in multiple AZs, with security group chaining ensuring EC2 instances are never directly reachable from the internet.

• ›EC2 security group only accepts traffic from the ALB security group — never from 0.0.0.0/0
• ›Target group health checks gate traffic — unhealthy instances pulled automatically
• ›Nginx installed on EC2 via user-data at launch — no manual SSH required
• ›Multi-AZ target group for resilience across availability zones

Full-featured e-commerce backend with complete product lifecycle management, deployed on AWS ECS via AWS Pipeline for automated deployments.

• ›Product catalog, cart management, order processing
• ›JWT-based authentication with refresh token rotation
• ›MongoDB backend deployed on ECS via AWS Pipeline
• ›RESTful API architecture with full CRUD coverage

Multi-container application with persistent state

Multi-container Docker Compose setup with a Flask app and Redis backend. Redis uses AOF persistence so the counter survives container restarts.

• ›Health checks using condition: service_healthy — Flask waits for Redis to be ready
• ›Redis AOF persistence — counter state survives docker-compose down and restart
• ›Named volumes for data persistence across container lifecycle
• ›python:3.12-slim base for minimal image footprint

DNS management + web serving

EC2 instance running Nginx, served at a custom domain via Route 53. Elastic IP ensures the DNS record stays valid across EC2 stop/start cycles.

• ›Elastic IP attached — DNS record never breaks on EC2 stop/start
• ›Route 53 A record pointing apex domain to the Elastic IP
• ›Nginx configured as the web server — ready for reverse proxy extension