Aws-Ec2 on K-Life Hack | Systems Architecture & DevOpshttps://klifehack.com/en/tags/aws-ec2/Recent content in Aws-Ec2 on K-Life Hack | Systems Architecture & DevOpsHugo -- gohugo.ioenSat, 06 Jun 2026 10:13:39 +0900Provisioning AWS Infrastructure and Implementing a Docker-based CI/CD Pipelinehttps://klifehack.com/en/p/aws-ec2-docker-cicd-pipeline/Sat, 06 Jun 2026 10:13:39 +0900https://klifehack.com/en/p/aws-ec2-docker-cicd-pipeline/<p>This article describes the migration process from manual AWS infrastructure construction to a fully automated CI/CD pipeline using Docker and GitHub Actions for the deployment of a commerce payment application. It covers network environment configuration, the transition of HTTPS implementation, dependency conflict resolution within the Spring Boot ecosystem, and implementation details of cloud deployment via containerization.</p> <h2 id="1-aws-infrastructure-configuration">1. AWS Infrastructure Configuration </h2><h3 id="11-network-architecture">1.1 Network Architecture </h3><p>The underlying infrastructure was built within a custom Virtual Private Cloud (VPC). For the purpose of resource isolation, public and private subnets were implemented, and an Internet Gateway (IGW) and route tables were configured to control traffic flow.</p> <h3 id="12-compute-layer-ec2">1.2 Compute Layer (EC2) </h3><p>The application runs on an Amazon EC2 <b>t4g.small</b> instance employing ARM architecture, considering cost efficiency and performance. Amazon Corretto 17 (OpenJDK 17.0.19) was adopted as the runtime.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo dnf install java-17-amazon-corretto -y </span></span><span style="display:flex;"><span>java -version </span></span><span style="display:flex;"><span><span style="color:#75715e"># Output: openjdk version &#34;17.0.19&#34; 2026-04-21 LTS</span> </span></span></code></pre></div><h3 id="13-database-layer-rds">1.3 Database Layer (RDS) </h3><p>A managed MySQL instance was provisioned for persistent data management.</p> <ul> <li><b>Engine:</b> MySQL 8.0.43</li> <li><b>Instance Class:</b> db.t4g.micro</li> <li><b>Provisioning Script:</b></li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>aws rds create-db-instance <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span> --db-instance-identifier commerce-db <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span> --db-instance-class db.t4g.micro <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span> --engine mysql <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span> --engine-version 8.0.43 <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span> --master-username admin <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span> --master-user-password <span style="color:#f92672">[</span>PASSWORD_REDACTED<span style="color:#f92672">]</span> <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span> --allocated-storage <span style="color:#ae81ff">20</span> <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span> --db-subnet-group-name commerce-subnet-group <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span> --publicly-accessible <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span> --region ap-northeast-2 </span></span></code></pre></div><h2 id="2-https-configuration-and-domain-management">2. HTTPS Configuration and Domain Management </h2><h3 id="21-initial-implementation-caddy--nipio">2.1 Initial Implementation: Caddy &amp; nip.io </h3><p>During the prototyping stage, HTTPS was implemented by combining Caddy, which features automatic TLS, with the nip.io wildcard DNS service. To support the ARM64 environment, a method of directly obtaining the binary was used.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>curl -L <span style="color:#e6db74">&#34;https://github.com/caddyserver/caddy/releases/download/v2.8.4/caddy_2.8.4_linux_arm64.tar.gz&#34;</span> -o caddy.tar.gz </span></span><span style="display:flex;"><span>tar -xzf caddy.tar.gz </span></span><span style="display:flex;"><span>sudo mv caddy /usr/local/bin/ </span></span></code></pre></div><h3 id="22-production-environment-implementation-acm--alb">2.2 Production Environment Implementation: ACM &amp; ALB </h3><p>With the migration to the production environment, the configuration was upgraded to use AWS Certificate Manager (ACM) and Application Load Balancer (ALB). Domain management is handled by Route 53, and the structure terminates HTTPS traffic at the ALB and forwards it to the EC2 target group.</p> <h2 id="3-spring-cloud-aws-compatibility-issues-and-resolution">3. Spring Cloud AWS Compatibility Issues and Resolution </h2><h3 id="31-analysis-of-technical-conflicts">3.1 Analysis of Technical Conflicts </h3><p>When the spring-cloud-aws dependency was introduced for the purpose of environment variable management via AWS Parameter Store, a serious compatibility issue occurred with Spring Boot 4.x.</p> <ul> <li><b>Error Log:</b></li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-text" data-lang="text"><span style="display:flex;"><span>java.lang.NoSuchMethodError: &#39;org.springframework.boot.ConfigurableBootstrapContext </span></span><span style="display:flex;"><span>org.springframework.boot.context.config.ConfigDataLocationResolverContext.getBootstrapContext()&#39; </span></span></code></pre></div><h3 id="32-implementation-of-workaround">3.2 Implementation of Workaround </h3><p>Since the NoSuchMethodError was not resolved even after updating the dependency version from 3.1.1 to 3.3.0, the dependency was removed, and the strategy was switched to directly injecting environment variables during JAR execution.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nohup java -jar commerce-payment-application-0.0.1-SNAPSHOT.jar <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span> --spring.profiles.active<span style="color:#f92672">=</span>prod <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span> --PROD_DB_URL<span style="color:#f92672">=</span>jdbc:mysql://<span style="color:#f92672">[</span>RDS_ENDPOINT<span style="color:#f92672">]</span>:3306/commerce_db <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span> --PROD_DB_USERNAME<span style="color:#f92672">=</span>admin <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span> --PROD_DB_PASSWORD<span style="color:#f92672">=[</span>PASSWORD_REDACTED<span style="color:#f92672">]</span> <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span> --PROD_JWT_SECRET<span style="color:#f92672">=[</span>SECRET_KEY_REDACTED<span style="color:#f92672">]</span> &amp;gt; ~/app.log 2&amp;gt;&amp;amp;<span style="color:#ae81ff">1</span> &amp;amp; </span></span></code></pre></div><h2 id="4-docker-cicd-pipeline-construction">4. Docker CI/CD Pipeline Construction </h2><h3 id="41-containerization-dockerfile">4.1 Containerization (Dockerfile) </h3><p>Created a container image optimized for the AWS environment using Amazon Corretto 17 as the base image.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-dockerfile" data-lang="dockerfile"><span style="display:flex;"><span><span style="color:#66d9ef">FROM</span> <span style="color:#e6db74">amazoncorretto:17</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#66d9ef">WORKDIR</span> <span style="color:#e6db74">/app</span><span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#66d9ef">COPY</span> commerce-payment-application-0.0.1-SNAPSHOT.jar app.jar<span style="color:#960050;background-color:#1e0010"> </span></span></span><span style="display:flex;"><span><span style="color:#66d9ef">ENTRYPOINT</span> [<span style="color:#e6db74">&#34;java&#34;</span>, <span style="color:#e6db74">&#34;-jar&#34;</span>, <span style="color:#e6db74">&#34;app.jar&#34;</span>]<span style="color:#960050;background-color:#1e0010"> </span></span></span></code></pre></div><h3 id="42-automated-workflow-via-github-actions">4.2 Automated Workflow via GitHub Actions </h3><p>A pipeline was constructed to automate the build, push to Docker Hub, and deployment to EC2, triggered by a push to the dev branch.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#f92672">name</span>: <span style="color:#ae81ff">Deploy to EC2</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">on</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">push</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">branches</span>: [ <span style="color:#ae81ff">dev ]</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">jobs</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">deploy</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">runs-on</span>: <span style="color:#ae81ff">ubuntu-latest</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">steps</span>: </span></span><span style="display:flex;"><span> - <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Checkout</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">uses</span>: <span style="color:#ae81ff">actions/checkout@v3</span> </span></span><span style="display:flex;"><span> - <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Set up JDK 17</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">uses</span>: <span style="color:#ae81ff">actions/setup-java@v3</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">with</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">java-version</span>: <span style="color:#e6db74">&#39;17&#39;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">distribution</span>: <span style="color:#e6db74">&#39;corretto&#39;</span> </span></span><span style="display:flex;"><span> - <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Build with Gradle</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">run</span>: <span style="color:#ae81ff">./gradlew build -x test</span> </span></span><span style="display:flex;"><span> - <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Docker Build &amp;amp; Push</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">run</span>: |<span style="color:#e6db74"> </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> docker build -t ${{ secrets.DOCKER_USERNAME }}/commerce-payment:latest . </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> docker push ${{ secrets.DOCKER_USERNAME }}/commerce-payment:latest</span> </span></span><span style="display:flex;"><span> - <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Deploy on EC2</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">uses</span>: <span style="color:#ae81ff">appleboy/ssh-action@master</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">with</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">host</span>: <span style="color:#ae81ff">${{ secrets.EC2_HOST }}</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">username</span>: <span style="color:#ae81ff">ec2-user</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">key</span>: <span style="color:#ae81ff">${{ secrets.EC2_KEY }}</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">script</span>: |<span style="color:#e6db74"> </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> docker pull ${{ secrets.DOCKER_USERNAME }}/commerce-payment:latest </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> docker stop commerce-app || true </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> docker rm commerce-app || true </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> docker run -d --name commerce-app --restart=always -p 8080:8080 \ </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> -e SPRING_PROFILES_ACTIVE=prod \ </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> -e PROD_DB_URL=${{ secrets.PROD_DB_URL }} \ </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> -e PROD_DB_USERNAME=${{ secrets.PROD_DB_USERNAME }} \ </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> -e PROD_DB_PASSWORD=${{ secrets.PROD_DB_PASSWORD }} \ </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> -e PROD_JWT_SECRET=${{ secrets.PROD_JWT_SECRET }} \ </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> ${{ secrets.DOCKER_USERNAME }}/commerce-payment:latest</span> </span></span></code></pre></div><h2 id="5-troubleshooting-logs">5. Troubleshooting Logs </h2><table> <thead> <tr> <th style="text-align: left">Event</th> <th style="text-align: left">Cause</th> <th style="text-align: left">Solution</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">Spring Cloud AWS Conflict</td> <td style="text-align: left">Lack of compatibility with Spring Boot 4.x</td> <td style="text-align: left">Removed dependency and adopted direct injection of environment variables</td> </tr> <tr> <td style="text-align: left">RDS Connection Failure</td> <td style="text-align: left">Typo in endpoint</td> <td style="text-align: left">Corrected DNS endpoint string</td> </tr> <tr> <td style="text-align: left">Hibernate Table Error</td> <td style="text-align: left">ddl-auto: validate failure</td> <td style="text-align: left">Applied ddl-auto: create on first startup</td> </tr> <tr> <td style="text-align: left">Caddy Installation Failure</td> <td style="text-align: left">ARM architecture mismatch</td> <td style="text-align: left">Explicitly downloaded binary for arm64</td> </tr> <tr> <td style="text-align: left">Docker Permission Error</td> <td style="text-align: left">Insufficient access rights to the daemon</td> <td style="text-align: left">Executed with sudo or adjusted user groups</td> </tr> </tbody> </table> <h2 id="lessons-learned">Lessons Learned </h2><p>Through this project, the importance of environment configuration separation and security was reaffirmed. Exposure to source code is prevented by excluding application-local.yaml via .gitignore and managing sensitive information with GitHub Secrets. Furthermore, in infrastructure construction, provisioning RDS before EC2 and strictly controlling security groups within the same VPC are key to building a stable cloud architecture.</p>