This project is a scalable, cloud-native Full-Stack Inventory Management System built with Next.js (frontend) and Spring Boot (backend), fully deployed on Amazon Web Services (AWS) with modern DevOps practices.
✅ Cloud-Native Deployment – Fully automated AWS infrastructure managed via Terraform (Infrastructure as Code).
✅ CI/CD Automation – Seamless deployment pipeline using GitHub Actions for continuous integration and deployment.
✅ State Management & Performance – Redux Toolkit ensures efficient, real-time UI updates.
✅ Backend-Driven Data Processing – All business logic and calculations are handled on the Spring Boot backend using a PostgreSQL database.
✅ Responsive & Scalable – Optimized for performance, security, and scalability, handling large datasets and concurrent users.
This project demonstrates expertise in full-stack development, cloud architecture, DevOps automation, and scalable infrastructure design—ideal for enterprise-grade applications. 🚀
🚀 Explore the live demo deployed to AWS.
🔗 Live Application: View Deployed App
👉 Frontend Repository: GitHub Link to Frontend
- Next.js & TypeScript
- State Management: Redux Toolkit, RTK Query
- UI & Styling: Tailwind CSS, Material UI Data Grid, Lucide Icons
- Charts & Visualization: Recharts
- Networking & APIs: Axios, Next.js Context Providers
- Notifications: Sonner-native
- Spring Boot (REST API, JPA)
- Postman (API Testing)
- PostgreSQL
- DBeaver (Database Management)
- Compute & Containers: ECS Fargate, ECR
- Networking & Security: VPC, VPC Endpoints, IAM, IAM Identity Center
- Storage & Databases: RDS (PostgreSQL), S3, DynamoDB
- Traffic Management: ALB, API Gateway
- Monitoring & Logging: CloudWatch
- Frontend Hosting: Amplify
- Infrastructure as Code: Terraform
- Automation & Deployment: GitHub Actions, Docker Desktop
- AWS CLI Tools: aws-vault (for secure AWS authentication), AWS CLI
The Terraform workflow consists of two main stages:
- 🛠 Setup Stage (manual, run by a developer) → Configures AWS resources needed for CI/CD (e.g., IAM permissions for deployment).
- 🚀 Deploy Stage (automated via GitHub Actions) → Deploys infrastructure and applications to AWS.
By structuring Terraform into setup and deploy stages, we ensure that deployments remain version-controlled and automated.
To enable Terraform to manage AWS resources in a CI/CD pipeline (GitHub Actions), we configure access:
✅ Create a dedicated IAM user for CI/CD with the necessary AWS permissions.
Terraform requires a backend to track state and ensure consistency:
✅ Amazon S3 (Versioning Enabled) – Stores Terraform state files, tracking existing resources in the AWS account.
✅ Amazon DynamoDB – Enables Terraform state locking, preventing conflicts.
This stage provisions essential AWS resources for CI/CD execution:
1️⃣ Create an IAM user for GitHub Actions with the necessary permissions.
2️⃣ Set up reusable resources, like an ECR repository for storing Docker images.
This stage provisions the application infrastructure and deploys the application to AWS.
We use GitHub Actions for Continuous Integration (CI) and Continuous Deployment (CD) to automatically manage deployments.
✅ Workflows are stored in .github/workflows/ and triggered by GitHub events.
✅ Each workflow is structured as jobs containing sequential steps.
- Checks Workflow → Runs Terraform linting (format & validate).
- Deploy Workflow → Linting + deployment to AWS.
- Destroy Workflow → Manually triggered to remove AWS resources.
- Trigger: On pull request to
mainbranch. - Jobs:
- Run Terraform formatting (
terraform fmt) & validation (terraform validate). - Ensures code quality before merging.
- Run Terraform formatting (
-
Trigger: On pull request to
mainbranch. -
Jobs:
1️⃣ Lint → Reuseschecks workflow.
2️⃣ Build & Push Docker Image:- Builds the Spring Boot app:
mvn clean package -DskipTests
- Logs into AWS ECR and pushes the Docker image.
3️⃣ Terraform Apply → Deploys infrastructure using Terraform.
- Builds the Spring Boot app:
- Trigger: Manually triggered (
workflow_dispatch). - Jobs:
- Terraform Destroy → Removes AWS resources (e.g., RDS, ALB) to reduce costs.
- Ensures complete cleanup when infrastructure is no longer needed.
We build a highly available, scalable, reliable, and secure AWS cloud infrastructure for containerized applications.
✅ Least privilege IAM permissions
✅ Network segmentation (public & private subnets)
✅ Restricted access via security groups
- Create a VPC to isolate cloud resources.
- Deploy two public & two private subnets across multiple availability zones (A/B) for redundancy.
- Public subnets host the Application Load Balancer (ALB).
- Private subnets host backend services (ECS, RDS).
- Internet Gateway (public subnets) → Allows inbound access to ALB.
- VPC Endpoints (private subnets) for secure AWS service access:
- S3 Gateway Endpoint → Access S3 storage.
- ECR & DKR Interface Endpoints → Pull container images from ECR.
- CloudWatch Interface Endpoint → Log ECS & Amplify activities.
- RDS PostgreSQL deployed in a private subnet → prevents public access.
- ECS Fargate runs the Spring Boot application as a serverless, containerized service, reducing infrastructure management overhead.
- Connects to RDS & AWS services via VPC Endpoints.
📌 ALB Setup:
- Public Subnets → Exposes application externally.
- Security Group → Allows inbound traffic on ports 80 & 443, and allows all outbound traffic to enable communication with backend services.
📌 Target Group & Health Checks:
- ALB forwards traffic to ECS tasks via a Target Group (IP-based routing, port 8080).
- Health checks (
/rest/actuator/health) ensure only healthy tasks receive traffic.
📌 ALB Listeners:
- Port 80 → Forwards requests to ECS Target Group.
- Captures ECS task logs for debugging & monitoring.
- Connect GitHub repository → Select a deployment branch.
- Set environment variables in Amplify.
✅ Solution: API Gateway proxies requests securely between Amplify & ECS.
- S3 bucket hosts static image files.
1️⃣ Create an ECS cluster.
2️⃣ Define IAM roles (task execution role & task role).
3️⃣ Create a task definition → Configure container settings.
4️⃣ Deploy an ECS service → Runs tasks on Fargate.
5️⃣ Connect ECS to ALB for traffic routing.
- A logical grouping of ECS services & tasks for easy management.
- Task Execution Role → Allows ECS to:
✅ Pull container images from ECR.
✅ Send logs to CloudWatch. - Task Role → Defines application permissions inside the container.
- Assume Role → Allows ECS tasks to assume IAM roles dynamically. This is attached to both the Task Execution Role and the ECS Task Role.
- CloudWatch Log Group → Stores ECS task logs for monitoring & debugging.
- Task Definition: Configures CPU, memory, networking, IAM roles.
- Container Definition:
- DB Connection Strings:
aws_db_instance.main.address # RDS hostname aws_db_instance.main.db_name # Database name
- JDBC URL Format:
jdbc:postgresql://<address>:5432/<db_name>
- Port Mapping:
8080:8080 - Logging
- DB Connection Strings:
- Ensures the correct number of tasks are running.
- Routes traffic via ALB.
- ALB → ECS (port 8080, private subnet)
- ECS → RDS (port 5432, private subnet)
The database schema was generated using Prismaliser. The ER diagram is as follows:
Docker packages the application into a container, ensuring consistent runtime behavior across environments.
- Base Image: Uses the Java Runtime Environment from the Eclipse Temurin project.
- Working Directory: Sets
/appas the working directory (default in Docker). - Copying Artifacts: Transfers the built Spring Boot JAR (
app.jar) from thetargetdirectory into the container. - Port Exposure: Exposes port
8080for application access. - Startup Command: Defines
CMD ["java", "-jar", "app.jar"]to run the Spring Boot application.
✅ The Dockerfile follows containerization best practices by using a lightweight base image, setting a proper working directory, copying the application efficiently, exposing the necessary port, and defining a clear startup command. It integrates seamlessly with AWS ECS for scalable deployment.
Spring Boot Actuator is used to expose key application health and monitoring endpoints:
management.endpoints.web.exposure.include: info,health,httptraceTo resolve CORS issues, the application globally configures allowed origins, methods, and headers using the WebMvcConfigurer interface. This ensures controlled access from trusted domains while maintaining security by:
- 🚫 Disabling credential sharing
- 📦 Controlling pre-flight caching
The frontend consists of multiple pages, including:
- Dashboard
- Orders, Products, Customers
- Statistics & Charts (Orders, Payments, Transactions)
- Settings, Notifications
A fuzzy search function is implemented using the Simple Substring Match with Tolerance for Extra Spaces algorithm.
The project utilizes Material-UI Data Grid for efficient tabular data handling. Features include:
- 🔎 Quick Filtering: Filter rows across multiple columns with a single text input using
<GridToolbarQuickFilter />. - 📤 Export to CSV: Users can export table data for external use.
- 🛠️ Advanced Filtering: The toolbar allows users to filter data using appropriate operators for numbers, dates, and text based on column types.
This project leverages Redux Toolkit (RTK) for centralized state management. This approach ensures a modular, scalable, and high-performance state management system.
A global state is created using createSlice to manage UI variables such as:
- 🗄 Sidebar collapse state
- 🌙 Dark mode preferences
- 🔔 Notifications
📌 State persistence is achieved using redux-persist, and RTK Query is used for API interactions.
- Dynamic UI Updates: Components use
useAppSelectorto read Redux state and update UI dynamically. - Theming & Layout Adaptation: The dashboard layout adjusts in real-time based on sidebar and theme preferences, ensuring a consistent experience.
- Notifications reflect real-time state changes.
- Typed Hooks: Custom hooks for dispatching actions and selecting state improve maintainability and type safety.
The project integrates RTK Query into the Redux store to efficiently manage API requests:
- Centralized API Slice: Uses
createApito define API endpoints to centralizes all API calls by configuring a base URL and managing endpoints for queries and mutations. - Automatic Cache Management: Endpoints use tags to automatically manage cache invalidation, so that any update to the data automatically triggers a refetch of affected queries.
- RTK Query Generated Hooks: Pre-generated hooks simplify API call integration in React components, ensuring our UI is always in sync with the latest server data.