edwinjdevops/damolak-challenge

This repository is a submitted answer to a 96-hour DevOps Engineer practical challenge from a company called Damolak Technologies. The author, Chibuike Obi, packages a small Python web service together with the cloud infrastructure and automation needed to run it on Amazon Web Services. The point of the exercise is to show end-to-end skill: write the code, containerize it, describe the cloud setup in files, and wire up an automated pipeline that ships changes when you push to the main branch. The application itself is a FastAPI service with three endpoints (/health, /info, and /). It runs inside a Docker container that is built in two stages so the final image is small and runs as a non-root user. The container is stored in Amazon ECR (a private image registry) and run on ECS Fargate, which is a serverless way to run containers without managing virtual machines. Traffic from the internet goes through an Application Load Balancer in public subnets, while the tasks themselves sit in private subnets across two availability zones, so they have no public addresses. The cloud setup is written in Terraform, split into separate modules for the VPC network, the ECR registry, IAM permissions, the load balancer, and the ECS service. A GitHub Actions workflow uses OIDC to obtain short-lived AWS credentials, so there are no long-lived access keys stored anywhere. The pipeline runs tests with pytest, builds and pushes the Docker image, then updates the ECS service in a rolling, zero-downtime way. CloudWatch Container Insights collects metrics and logs, with a CPU alarm above eighty percent. The README lists known limitations: HTTP only with no HTTPS, a fixed task count instead of autoscaling, local Terraform state, and environment variables for secrets instead of Secrets Manager.