Back to Projects

On-Demand Infrastructure Demo Platform

Ongoing

Serverless API that deploys production infrastructure with a single click

AWS Lambda API Gateway DynamoDB Node.js Terraform GitLab CI/CD EventBridge Serverless
View on GitLab

Overview

This project powers the "Deploy Live Demo" button on my resume website, allowing potential employers to spin up a live AWS EKS environment on demand. It demonstrates real-world cloud architecture, DevOps practices, and full-stack development skills.

The entire backend is serverless using AWS Lambda, API Gateway, DynamoDB, and EventBridge. The system integrates with GitLab CI/CD to trigger Terraform pipelines, poll deployment status, and automatically clean up resources to control costs.

System Architecture

1

User Request

Click "Deploy Demo"

HTTPS
2

API Gateway

Route + Validate

HTTP API v2 CORS Rate Limit
3

Lambda

Process Request

Validate Idempotency Node.js 20
5

EKS Demo

Live Environment

4

GitLab CI/CD

Terraform Pipeline

Plan Apply Destroy

Supporting Services

DynamoDB State Management
Secrets Manager API Tokens
EventBridge Scheduled Cleanup
CloudWatch Monitoring

API Endpoints

RESTful API with idempotent operations, proper status codes, and comprehensive error handling.

POST
/deploy

Triggers a new infrastructure deployment with idempotency checks.

Returns 201 Created on success, 409 Conflict if deployment already running.

GET
/status

Returns current deployment status with computed fields and elapsed time.

Polls GitLab pipeline status and returns structured JSON with status flags.

GET
/logs

Retrieves pipeline job logs with sensitive data automatically masked.

Scrubs AWS keys, tokens, passwords, JWTs, and email addresses.

POST
/destroy

Manually triggers infrastructure teardown before scheduled cleanup.

Safe operation with state validation before destruction.

Deployment Flow

From button click to live infrastructure in approximately 20-30 minutes.

Button Click
User triggers deploy
Validate
Check idempotency
Trigger Pipeline
GitLab CI/CD
Poll Status
Track progress
Live Demo
EKS running

Challenge and Approach

The Challenge

Showing cloud infrastructure skills on a resume is one thing, but letting employers actually deploy and see the infrastructure in action is far more compelling. I needed a secure, cost-effective way to let anyone trigger a live demo deployment.

The Approach

I built a serverless API that handles the entire deployment lifecycle: triggering GitLab pipelines, tracking state in DynamoDB, polling for status, retrieving logs with sensitive data masked, and automatically destroying resources after a configured duration.

Security Implementation

Defense-in-depth approach with multiple security layers protecting the API and infrastructure.

Least-Privilege IAM

Each Lambda has a dedicated IAM role. trigger-deployment can write to DynamoDB; get-status can only read. No function has permissions it doesn't need.

Secret Masking

Log retrieval scrubs AWS keys, tokens, passwords, JWTs, and email addresses before returning traces. Prevents accidental credential exposure.

CORS Whitelist

Only specified origins can call the API. Dynamic origin validation returns the requesting origin only if whitelisted.

Rate Limiting

5 requests/second with burst of 10. Prevents abuse without affecting legitimate use.

Secrets Manager

Credentials never exist in Terraform state or Lambda config. Enables rotation without redeployment. Cold-start caching minimizes API calls.

Secure Transport

IAM policies include aws:SecureTransport condition. All DynamoDB access must use HTTPS.

Technical Decisions

Key architectural choices with clear rationale for each decision.

HTTP API v2 over REST API

API Gateway Choice

  • 70% cost reduction vs REST API
  • Lower latency for simple integrations
  • Native JWT support
  • Simplified CORS configuration

Single-Item DynamoDB Pattern

State Management

  • Only one deployment runs at a time
  • deployment_id: "ACTIVE" as a lock
  • Conditional writes prevent race conditions
  • Simpler than distributed locking

AWS SDK v3 (Modular)

Runtime Choice

  • Tree-shaking reduces bundle by ~60%
  • Only imports used clients
  • Faster cold starts
  • Modern async/await patterns

EventBridge over CloudWatch Events

Scheduling Choice

  • Decoupled cleanup logic
  • Hourly duration checks
  • Nightly forced cleanup
  • Dead Letter Queue integration

Cost Analysis

Serverless architecture means zero cost when idle. Based on typical usage of 10 deployments/month:

Service Monthly Cost Notes
API Gateway ~$0.10 $1/million requests
Lambda ~$0.20 Included in free tier
DynamoDB ~$0.00 On-demand, minimal usage
Secrets Manager ~$1.20 3 secrets @ $0.40/secret
CloudWatch ~$0.50 Log ingestion + storage
Total ~$2/month

Skills Demonstrated

Serverless Architecture

Lambda, API Gateway, EventBridge, DynamoDB integration with proper patterns

Infrastructure as Code

Terraform with modular design, state management, provider versioning

Security Engineering

IAM policies, secrets management, data masking, CORS configuration

API Design

RESTful endpoints, idempotency, error handling, proper status codes

Results & Impact

~$2
Monthly API Cost
$0
Idle Cost
4
Lambda Functions
100%
Infrastructure as Code

This project enables potential employers to experience my infrastructure work firsthand. The serverless architecture ensures zero cost when idle while providing a production-grade API. It demonstrates proficiency with AWS Lambda, API Gateway, DynamoDB, and CI/CD integration—all patterns used in real enterprise environments.

Explore This Project

Interested in seeing more? Browse the source code on GitLab.

View on GitLab