DEV Community

Manthan Ankolekar
Manthan Ankolekar

Posted on

πŸš€ Deploying a Node.js CRUD App on AWS with Terraform

#node #aws #terraform #webdev

Managing cloud infrastructure manually can quickly become messy. Terraform allows us to define infrastructure as code (IaC), making deployments repeatable, version-controlled, and automated.

In this guide, we’ll build a Node.js CRUD API (with Express + MongoDB) and deploy it to AWS ECS Fargate using Terraform.

🧩 What We’re Building

  • A RESTful Todo API (CRUD endpoints with Express + MongoDB).
  • Dockerized app pushed to Amazon ECR.
  • AWS ECS Fargate service running containers in a managed VPC.
  • Application Load Balancer (ALB) to expose the service.
  • Secrets Manager for storing MongoDB credentials securely.
  • CloudWatch Logs for centralized logging.

Here’s the final architecture:

Client β†’ ALB β†’ ECS (Fargate Task) β†’ MongoDB (Atlas/Local) ↑ CloudWatch (logs)
Enter fullscreen mode Exit fullscreen mode

πŸ› οΈ Tech Stack

Backend

  • Node.js + Express
  • MongoDB + Mongoose
  • CORS + dotenv

Infrastructure

  • Docker (containerization)
  • Terraform (IaC)
  • AWS ECR (image registry)
  • AWS ECS Fargate (orchestration)
  • AWS ALB (load balancing)
  • AWS Secrets Manager (secure DB credentials)
  • AWS IAM + Security Groups

πŸ“ Project Structure

Your project is split into two main parts: app code and infra code.

manthanank-nodejs-terraform/ β”œβ”€β”€ server.js # Express entry β”œβ”€β”€ Dockerfile # Build container β”œβ”€β”€ config/db.js # Mongo connection β”œβ”€β”€ controllers/todoController.js β”œβ”€β”€ models/Todo.js β”œβ”€β”€ routes/todoRoutes.js β”œβ”€β”€ terraform/ # Infrastructure as Code β”‚ β”œβ”€β”€ vpc.tf # VPC + networking β”‚ β”œβ”€β”€ ecs.tf # ECS cluster/service β”‚ β”œβ”€β”€ ecr.tf # ECR repo β”‚ β”œβ”€β”€ iam.tf # IAM roles/policies β”‚ β”œβ”€β”€ security.tf # Security groups β”‚ β”œβ”€β”€ logs.tf # CloudWatch logs β”‚ β”œβ”€β”€ secrets.tf # Secrets Manager β”‚ β”œβ”€β”€ variables.tf # Config vars β”‚ β”œβ”€β”€ outputs.tf # Useful outputs β”‚ └── provider.tf # AWS provider setup
Enter fullscreen mode Exit fullscreen mode

πŸ“ Step 1 β€” Build the Node.js API

Our CRUD endpoints live under /api/todos.
Example schema:

const todoSchema = new mongoose.Schema({ title: { type: String, required: true, trim: true }, description: { type: String, default: "" }, completed: { type: Boolean, default: false }, createdAt: { type: Date, default: Date.now }, });
Enter fullscreen mode Exit fullscreen mode

Start locally:

npm install npm run dev
Enter fullscreen mode Exit fullscreen mode

Test:

curl http://localhost:5000/api/todos
Enter fullscreen mode Exit fullscreen mode

πŸ“¦ Step 2 β€” Dockerize the App

Dockerfile:

FROM node:18-alpine WORKDIR /app COPY package*.json ./ RUN npm ci --only=production COPY . . ENV PORT=5000 EXPOSE 5000 CMD ["node", "server.js"]
Enter fullscreen mode Exit fullscreen mode

Build locally:

docker build -t nodejs-todo-api . docker run -p 5000:5000 -e MONGO_URI=your_mongo_uri nodejs-todo-api
Enter fullscreen mode Exit fullscreen mode

☁️ Step 3 β€” Terraform AWS Infrastructure

Initialize 

cd terraform terraform init
Enter fullscreen mode Exit fullscreen mode

Key Resources

  • ECR β€” stores our container image (ecr.tf).
  • ECS Fargate Service β€” runs containers (ecs.tf).
  • ALB + Target Group β€” load balancing (ecs.tf).
  • VPC + Subnets β€” networking (vpc.tf).
  • IAM Roles β€” ECS execution permissions (iam.tf).
  • Secrets Manager β€” injects MONGO_URI securely (secrets.tf).
  • CloudWatch Logs β€” for application logs (logs.tf).

🐳 Step 4 β€” Push Image to ECR

  1. Create the repo: 
terraform apply -target=aws_ecr_repository.app -auto-approve
Enter fullscreen mode Exit fullscreen mode
  1. Build & push: 
AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text) REGION=ap-south-1 REPO=$AWS_ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com/node-crud-app IMAGE_TAG=v1 docker build -t node-crud-app:$IMAGE_TAG . aws ecr get-login-password --region $REGION | \ docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com docker tag node-crud-app:$IMAGE_TAG $REPO:$IMAGE_TAG docker push $REPO:$IMAGE_TAG
Enter fullscreen mode Exit fullscreen mode

πŸš€ Step 5 β€” Deploy with Terraform

Apply the full infra:

terraform apply
Enter fullscreen mode Exit fullscreen mode

Grab the output:

terraform output alb_dns
Enter fullscreen mode Exit fullscreen mode

Test:

curl http://<alb_dns>/api/todos
Enter fullscreen mode Exit fullscreen mode

πŸ”„ Step 6 β€” Deploy Updates

  1. Build and push a new image with IMAGE_TAG=v2.
  2. Update variables.tf β†’ image_tag = "v2".
  3. Run: 
terraform apply -var="image_tag=v2"
Enter fullscreen mode Exit fullscreen mode

ECS performs a rolling update behind the ALB.

πŸ“Š Monitoring & Logs

  • CloudWatch Logs: All app logs stream automatically.
  • ALB Health Checks: Ensure tasks are healthy.
  • Troubleshooting: Check ECS task logs in CloudWatch if service won’t start.

πŸ”’ Security Best Practices

  • Use private subnets + NAT Gateway in production.
  • Restrict Secrets Manager IAM role to a single secret ARN.
  • Use immutable image tags (v1, v2) instead of latest.
  • Enable HTTPS on ALB with ACM certificates.

🎯 Conclusion

With just a few .tf files, we’ve automated provisioning of:

  • Containerized Node.js API
  • Secure AWS networking & IAM
  • Load-balanced ECS service
  • Secrets and logs managed by AWS

This approach scales to any microservice β€” just add more services, modules, or CI/CD pipelines.

✨ Pro tip: Next step, integrate GitHub Actions or GitLab CI to automatically build/push Docker images and run terraform apply for full CI/CD.

πŸ”— GitHub Repository: manthanank/nodejs-terraform
πŸ§‘β€πŸ’» Author: Manthan Ankolekar

Top comments (0)