AWS Deployment Plan - Harary Tic-Tac-Toe

📋 Table of Contents

🎯 Overview
🏗️ Architecture
📝 Step-by-Step Deployment
⚙️ Configuration Updates
📊 Monitoring & Alerts
🔒 Security Considerations
🧮 Cost Assumptions
💰 Cost Optimization
🔄 Deployment Pipeline

🎯 Overview

This document outlines the complete deployment strategy for the Harary Tic-Tac-Toe application on AWS with auto-scaling capabilities. The application consists of a React frontend, PHP backend for AI calculations, and MySQL database for game logging.

🏗️ Architecture

Internet → CloudFront → ALB → Auto Scaling Group → EC2 Instances ↓ RDS MySQL Database

🌐 CloudFront (CDN)

Global content delivery
SSL/TLS termination
Static asset caching
DDoS protection

⚖️ Application Load Balancer

Traffic distribution
Health checks
SSL termination
Auto-scaling integration

🖥️ EC2 Auto Scaling Group

Multiple availability zones
Instance health monitoring
Automatic scaling policies
Launch template management

🗄️ RDS MySQL

Multi-AZ deployment
Automated backups
Read replicas (optional)
Encryption at rest

📝 Step-by-Step Deployment

🔧 Phase 1: Database Setup

1 Create RDS MySQL Instance

Engine: MySQL 8.0
Instance: db.t3.micro (free tier) or db.t3.small
Multi-AZ: Enabled for production
Storage: 20GB GP2 (auto-scaling enabled)
Backup retention: 7 days

2 Configure Security Groups

# RDS Security Group
- Type: MySQL/Aurora
- Port: 3306
- Source: EC2 Security Group
- Description: Database access from application servers
                

3 Initialize Database Schema

# Connect to RDS and run schema
mysql -h [RDS_ENDPOINT] -u admin -p harary_games < schema.sql

# Create application user
CREATE USER 'euler'@'%' IDENTIFIED BY 'euclid';
GRANT ALL PRIVILEGES ON harary_games.* TO 'euler'@'%';
FLUSH PRIVILEGES;
                

🖥️ Phase 2: Application Server Setup

4 Create Launch Template

AMI: Amazon Linux 2
Instance type: t3.micro (free tier) or t3.small
Storage: 8GB GP2
Security groups: Web server access

5 User Data Script

#!/bin/bash
yum update -y
yum install -y httpd php php-mysqlnd php-fpm nginx git

# Install Node.js
curl -sL https://rpm.nodesource.com/setup_18.x | bash -
yum install -y nodejs

# Configure Nginx + PHP-FPM
systemctl enable nginx php-fpm
systemctl start nginx php-fpm

# Clone and setup application
cd /var/www/html
git clone [YOUR_REPO_URL] harary-tic-tac-toe
cd harary-tic-tac-toe

# Install dependencies
npm install
npm run build

# Configure environment
cp .env.example .env
# Update database connection details

# Set permissions
chown -R nginx:nginx /var/www/html
chmod -R 755 /var/www/html
                

6 Nginx Configuration

server {
    listen 80;
    server_name _;
    root /var/www/html/harary-tic-tac-toe/public;
    index index.html index.php;

    # Serve static files
    location / {
        try_files $uri $uri/ /index.html;
    }

    # PHP processing
    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php-fpm/www.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

    # Security headers
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
}
                

⚖️ Phase 3: Load Balancer & Auto Scaling

7 Create Application Load Balancer

Scheme: Internet-facing
IP address type: IPv4
VPC: Default or custom VPC
Subnets: At least 2 availability zones

8 Configure Target Groups

Target type: Instances
Protocol: HTTP
Port: 80
Health check path: /
Health check interval: 30 seconds

9 Create Auto Scaling Group

Launch template: Created in step 4
Network: Same VPC as ALB
Subnets: At least 2 availability zones
Desired capacity: 2 instances
Minimum capacity: 1 instance
Maximum capacity: 10 instances

🌐 Phase 4: CloudFront Setup

10 Create CloudFront Distribution

Origin domain: ALB DNS name
Origin protocol: HTTPS only
Viewer protocol: Redirect HTTP to HTTPS
Price class: Use only North America and Europe

⚙️ Configuration Updates

🔧 Environment Configuration

# .env file on EC2 instances
REACT_APP_API_BASE_URL=https://your-alb-dns-name.com
DB_HOST=your-rds-endpoint.amazonaws.com
DB_NAME=harary_games
DB_USER=euler
DB_PASSWORD=euclid
NODE_ENV=production
            

🔒 Security Group Rules

ALB Security Group

HTTP (80): 0.0.0.0/0
HTTPS (443): 0.0.0.0/0

EC2 Security Group

HTTP (80): ALB Security Group
SSH (22): Your IP only

RDS Security Group

MySQL (3306): EC2 Security Group

📊 Monitoring & Alerts

📈 CloudWatch Metrics

Application Metrics: Response time, error rate, request count
Infrastructure Metrics: CPU, memory, disk usage
Database Metrics: Connections, query performance, storage

🚨 CloudWatch Alarms

High CPU Usage

Threshold: > 80% for 5 minutes
Action: Scale out

High Response Time

Threshold: > 2 seconds
Action: Scale out

High Error Rate

Threshold: > 5%
Action: Alert team

📋 Scaling Policies

1 Target Tracking Policy

Target: Average CPU utilization 70%
Scale out: When CPU > 70%
Scale in: When CPU < 50%

2 Step Scaling Policy

Scale out: Add 1 instance when CPU > 80%
Scale out: Add 2 instances when CPU > 90%
Scale in: Remove 1 instance when CPU < 30%

🔒 Security Considerations

⚠️ Important Security Notes:

Use HTTPS everywhere (CloudFront + ALB)
Implement proper IAM roles with minimal privileges
Enable VPC Flow Logs for network monitoring
Use AWS Secrets Manager for sensitive data
Regular security updates and patches

🔐 IAM Roles

# EC2 Instance Role
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "cloudwatch:PutMetricData",
                "ec2:DescribeTags"
            ],
            "Resource": "*"
        }
    ]
}
            

🧮 Cost Assumptions

Baseline (used for estimates)

Daily Active Users (DAU): 1,000
Peak concurrent users: 50–100
Request rate: 5–10 requests/sec steady, peaks to 25 rps
Data egress: 20–50 GB/month (static assets via CloudFront)
Average response size: 50–150 KB
Avg PHP compute time per request: 50–150 ms (after basic tuning)

Small (dev/test)

DAU: ~100
Peak rps: ~3
Egress: < 5 GB/month
Infra: 1 x t3.micro EC2, 1 x db.t3.micro RDS

Medium (production baseline)

DAU: ~1,000
Peak rps: 20–30
Egress: 20–50 GB/month
Infra: 2 x t3.small EC2 (ASG), 1 x db.t3.small RDS

Large (growth)

DAU: ~10,000
Peak rps: 150–250
Egress: 200–400 GB/month
Infra: 4–8 x t3.medium EC2 (ASG), db.t3.medium RDS + read replica

💰 Cost Optimization

💡 Cost Optimization Strategies:

Use AWS Free Tier (12 months)
Reserved Instances for predictable workloads
Spot Instances for non-critical workloads
Auto-scaling to match demand
CloudFront caching to reduce origin requests

📊 Estimated Monthly Costs

Development/Testing

EC2: $8-15/month (t3.micro)
RDS: $15-25/month (db.t3.micro)
ALB: $20/month
CloudFront: $1-5/month
Total: ~$45-65/month

Production

EC2: $30-100/month (auto-scaling)
RDS: $50-150/month (db.t3.small/medium)
ALB: $20/month
CloudFront: $5-20/month
Total: ~$105-290/month

🏷️ Production Cost Scenarios

Small

Infra: 2 x t3.micro EC2, db.t3.small RDS, ALB, CloudFront
Assumptions: DAU ~1k, peak 20 rps, 20–30 GB egress
Total: ~$90–140/month

Medium

Infra: 2 x t3.small EC2 (ASG), db.t3.small RDS, ALB, CloudFront
Assumptions: DAU ~1k, peak 25–30 rps, 20–50 GB egress
Total: ~$150–250/month

Large

Infra: 4–8 x t3.medium EC2 (ASG), db.t3.medium RDS + read replica, ALB, CloudFront
Assumptions: DAU ~10k, peak 150–250 rps, 200–400 GB egress
Total: ~$230–470/month

🔄 Deployment Pipeline

🚀 Option 1: AWS CodePipeline

1 Source Stage

Connect to GitHub repository
Trigger on main branch changes

2 Build Stage

Install dependencies
Run tests
Build production assets

3 Deploy Stage

Create new AMI
Update launch template
Rolling deployment

⚡ Option 2: GitHub Actions

name: Deploy to AWS
on:
  push:
    branches: [main]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: us-east-1
      
      - name: Deploy to EC2
        run: |
          # Build and deploy steps
          npm install
          npm run build
          # Copy to EC2 instances
            

✅ Deployment Checklist:

✅ Database schema deployed
✅ Application servers configured
✅ Load balancer configured
✅ Auto-scaling policies set
✅ CloudFront distribution active
✅ Monitoring and alerts configured
✅ Security groups configured
✅ SSL certificates installed
✅ Backup strategy implemented
✅ Cost monitoring enabled

🎯 Next Steps

Set up AWS account and configure billing alerts
Create VPC with public and private subnets
Follow the step-by-step guide above
Test the deployment thoroughly
Monitor performance and adjust scaling policies
Set up CI/CD pipeline for automated deployments

📞 Support: For questions or issues during deployment, refer to AWS documentation or contact the development team.

🚀 AWS Deployment Plan