Switchback automates the complete software delivery lifecycle — from infrastructure provisioning to production deployments on AWS. Built with Terraform, Jenkins, Docker, Amazon ECR, ECS Fargate, CloudFront, and Application Load Balancer, it enables secure, scalable, and reliable application delivery through fully automated CI/CD workflows.
- Executive Summary
- Business Problem
- Solution Overview
- Architecture Diagram
- Technology Stack
- Key Features
- System Architecture
- Infrastructure Architecture
- CI/CD Pipeline Architecture
- Blue-Green Deployment Strategy
- Automated Rollback
- Security Architecture
- Networking Architecture
- High Availability Design
- Auto Scaling Design
- Monitoring and Observability
- Alerting and Incident Response
- CloudFront CDN Layer
- Implementation Roadmap
- Documentation
- Getting Started
- Validation Checklist
- AWS Services Used
- Skills Demonstrated
- Future Improvements
- Author
This project simulates a real-world production deployment platform used by modern engineering teams. It demonstrates end-to-end automation across the full delivery lifecycle.
The platform automates:
- Infrastructure Provisioning
- Continuous Integration and Continuous Delivery
- Container Build, Scan, and Push
- Blue-Green Deployments with Traffic Switching
- Automated Rollback on Failure
- Monitoring, Alerting, and Auto Scaling
- Global Content Delivery via CloudFront
Deployment Lifecycle:
Developer Commit
│
▼
GitHub Repository
│
▼
Webhook Trigger
│
▼
Jenkins Pipeline
│
▼
Build & Test
│
▼
Docker Image Build
│
▼
Trivy Security Scan
│
▼
Push Image to ECR
│
▼
Deploy to ECS Fargate
│
▼
Health Validation
│
▼
Traffic Switch
│
▼
Production Release
Traditional deployment models introduce significant operational risk as infrastructure scales:
| Problem | Impact |
|---|---|
| Manual deployments | Slow release cycles, human error |
| Configuration drift | Environment inconsistency |
| No rollback mechanism | Extended downtime on failures |
| Limited monitoring | Poor visibility into system health |
| Uncontrolled scaling | Capacity mismanagement |
Switchback addresses each of these through automation, observability, and infrastructure as code.
| Capability | Implementation |
|---|---|
| Infrastructure Provisioning | Terraform |
| Continuous Integration | Jenkins |
| Containerization | Docker |
| Image Storage | Amazon ECR |
| Container Orchestration | Amazon ECS Fargate |
| Traffic Management | Application Load Balancer |
| Global Delivery | CloudFront |
| Monitoring | CloudWatch |
| Alerting | SNS |
| Scaling | ECS Auto Scaling |
| Layer | Technologies |
|---|---|
| Source Control | Git, GitHub |
| CI/CD | Jenkins |
| Infrastructure as Code | Terraform |
| Containerization | Docker |
| Security Scanning | Trivy |
| Registry | Amazon ECR |
| Compute | Amazon ECS Fargate |
| Load Balancing | Application Load Balancer |
| CDN | CloudFront |
| Monitoring | CloudWatch |
| Alerting | SNS |
| Networking | VPC, Subnets, NAT Gateway |
| Security | IAM, Security Groups |
Infrastructure as Code Terraform-managed, modular architecture with reproducible and version-controlled environments.
CI/CD Automation GitHub webhook integration triggers automated testing, Docker builds, security scanning, and deployments with full build traceability.
Blue-Green Deployments Two parallel environments with traffic switching enable zero-downtime releases and reduced deployment risk.
Automated Rollback Health validation and failure detection trigger automatic recovery to the previous stable version.
Monitoring and Observability CloudWatch dashboards with centralized logs provide full infrastructure and service visibility.
Auto Scaling CPU and memory-based scaling policies manage elastic capacity automatically.
Content Delivery CloudFront edge caching with HTTPS support delivers content globally with low latency.
GitHub
│
▼
Jenkins
│
▼
Docker Build
│
▼
Amazon ECR
│
▼
Amazon ECS Fargate
│
▼
Application Load Balancer
│
▼
CloudFront
│
▼
End Users
All infrastructure is provisioned and managed through Terraform using a modular Infrastructure as Code (IaC) approach. The platform is designed for scalability, maintainability, and repeatable deployments across environments.
- VPC
- Public and Private Subnets
- Internet Gateway
- NAT Gateway
- Route Tables
- IAM Roles and Policies
- Security Groups implementing least-privilege access
- Amazon ECS Cluster
- ECS Services and Task Definitions
- AWS Fargate Serverless Compute
- Amazon CloudWatch Logs
- CloudWatch Dashboards and Alarms
- Amazon SNS Notifications
The infrastructure architecture is represented in the project-wide architecture diagram and provisioned entirely through Terraform modules, ensuring consistency, version control, and reproducible deployments across environments.
Checkout
│
▼
Install Dependencies
│
▼
Unit Testing
│
▼
Build
│
▼
Docker Build
│
▼
Trivy Scan
│
▼
Push to ECR
│
▼
Deploy Green Environment
│
▼
Validate
│
▼
Approval Gate
│
▼
Switch Traffic
Evidence
Full pipeline documentation: docs/implementation-guide.md
Two independent environments run simultaneously. The Blue environment serves live traffic while Green receives the new deployment. Once health validation passes, traffic switches to Green.
Current Production (Blue)
│
▼
Deploy to Green
│
▼
Health Validation
│
▼
Switch Traffic to Green
│
▼
Green is now Production
Benefits:
- Zero downtime deployments
- Instant rollback capability
- Safer, lower-risk releases
- No user-facing interruption
Evidence
Rollback is triggered automatically under any of the following conditions:
- Deployment validation fails
- ECS task startup fails
- Application health checks fail
- Container crashes occur
Deployment Failure
│
▼
Validation Failure
│
▼
Rollback Triggered
│
▼
Previous Version Restored
Evidence
Rollback test results: docs/validation-testing.md
Identity and Access Management
- IAM Roles and Policies
- Least Privilege Principle applied throughout
Network Security
- Security Groups for controlled ingress and egress
- ECS Tasks running in private subnets
- No direct public exposure of compute workloads
Container Security
- Private Amazon ECR repositories
- Trivy image scanning on every build
- Immutable container deployments
Communication Security
- HTTPS enforced at CloudFront and ALB
- TLS encryption in transit
Internet
│
▼
CloudFront
│
▼
Application Load Balancer (Public Subnet)
│
▼
ECS Fargate Tasks (Private Subnet)
Benefits:
- Network isolation for compute workloads
- Reduced attack surface
- Controlled and auditable ingress paths
- Public-facing traffic restricted to CloudFront and ALB
- Application workloads remain isolated within private subnets
Evidence
The following screenshots validate the networking design and traffic flow implementation:
Demonstrates the VPC architecture, including public and private subnets, Internet Gateway, and NAT Gateway configuration.
Shows healthy target registration and successful traffic routing from the ALB to ECS services.
Validates that ECS Fargate tasks are running successfully within private subnets and serving application traffic through the load balancer.
The platform is designed to tolerate component failures without service interruption through redundancy, health monitoring, and automated recovery mechanisms.
Implemented Controls:
- Multi-AZ deployment strategy for improved fault tolerance
- Application Load Balancer distributes traffic across healthy targets
- ECS continuously monitors task health and replaces unhealthy containers
- ALB and ECS health checks provide automated failure detection
- Service redundancy maintained through desired task count configuration
Recovery Flow:
Task Failure
│
▼
Health Check Failure Detected
│
▼
ECS Detects Unhealthy Task
│
▼
Replacement Task Created
These controls ensure that application availability is maintained during container failures, instance-level issues, and deployment events, minimizing downtime and improving service resilience.
ECS Auto Scaling adjusts task count based on real-time utilization metrics.
Scaling Metrics:
- CPU Utilization
- Memory Utilization
Scale Out
Traffic Increase
│
▼
Threshold Reached
│
▼
New Tasks Created
Scale In
Traffic Decrease
│
▼
Utilization Drops Below Threshold
│
▼
Excess Tasks Removed
Evidence
CloudWatch provides centralized visibility across all platform components.
Metrics Tracked:
- CPU and Memory Utilization
- Request Count and Error Rate
- Latency (p50, p95, p99)
Log Sources:
- Application Logs
- Container Logs
- Deployment Logs
Dashboard Views:
- Infrastructure Health
- Service Health
- Deployment Status
Evidence
The platform uses CloudWatch Alarms integrated with Amazon SNS to provide proactive monitoring and automated incident notification.
CloudWatch Metric Threshold Breached
│
▼
CloudWatch Alarm
│
▼
SNS Topic
│
▼
Email Notification
Alert Types:
- High CPU Utilization
- High Memory Utilization
- ECS Service Failures
- Deployment Failures
- Application Load Balancer 5xx Error Rate
CloudWatch continuously monitors infrastructure and application metrics. When predefined thresholds are exceeded, alarms trigger SNS notifications, enabling rapid incident detection and response.
CloudFront sits in front of the ALB and provides edge caching, HTTPS termination, and global distribution.
User
│
▼
CloudFront (Edge Cache / HTTPS)
│
▼
ALB
│
▼
ECS Fargate
Benefits:
- Reduced origin load through edge caching
- Global availability with low latency
- HTTPS delivery enforced at the edge
- Integrated with ALB origin
Evidence
| Phase | Description |
|---|---|
| Phase 1 | Application Setup |
| Phase 2 | Dockerization |
| Phase 3 | Terraform Foundation |
| Phase 4 | Networking |
| Phase 5 | Security |
| Phase 6 | ECR |
| Phase 7 | ECS Fargate |
| Phase 8 | Application Load Balancer |
| Phase 9 | Blue-Green Deployment |
| Phase 10 | Jenkins CI/CD |
| Phase 11 | Monitoring |
| Phase 12 | Alerting |
| Phase 13 | Auto Scaling |
| Phase 14 | CloudFront |
| Document | Purpose |
|---|---|
| docs/architecture.md | AWS architecture, networking design, security controls, traffic flow, and deployment strategy |
| docs/implementation-guide.md | Phase-wise implementation summary and deployment walkthrough |
| docs/validation-testing.md | Infrastructure validation, rollback testing, monitoring and auto scaling results |
| docs/troubleshooting.md | Common deployment issues, Terraform fixes, ECS and Jenkins debugging, recovery procedures |
- Git
- Docker
- Terraform
- AWS CLI
- Node.js
- Jenkins
git clone https://github.com/Ask99Ayush/SwitchBack.git
cd SwitchBackaws configurecd infrastructure/terraform
terraform init
terraform validate
terraform plan
terraform apply- Infrastructure Provisioned via Terraform
- ECR Repository Created
- ECS Cluster Running
- ECS Services Healthy
- ALB Accessible and Returning 200
- Jenkins Pipeline Successful End-to-End
- Blue-Green Deployment Verified
- Rollback Tested and Confirmed
- CloudWatch Dashboard Operational
- CloudWatch Alarm Triggered
- Auto Scaling Triggered and Verified
- CloudFront Distribution Accessible
- Amazon VPC, Subnets, Internet Gateway, NAT Gateway, Route Tables
- IAM Roles, Policies, and Security Groups
- Amazon ECR
- Amazon ECS with AWS Fargate
- Application Load Balancer
- Amazon CloudWatch
- Amazon SNS
- Amazon CloudFront
- DevOps and Platform Engineering
- Site Reliability Engineering
- Infrastructure as Code with Terraform
- Container orchestration with ECS Fargate
- CI/CD pipeline design with Jenkins
- Blue-Green deployments and traffic management
- Auto scaling and capacity management
- Monitoring, observability, and incident alerting
- AWS networking and IAM security design
- Route53 for custom domain management
- ACM Certificates for managed TLS
- AWS WAF for edge-layer protection
- Slack Notifications for deployment events
- Prometheus and Grafana for metric visualization
- ArgoCD and GitOps deployment model
- Multi-environment support (dev, staging, production)
- Formal disaster recovery strategy
Ayush Rao Chaudhary
GitHub: github.com/Ask99Ayush
LinkedIn: linkedin.com/in/Ask99Ayush









