Paul Ayegbusi

Cybersecurity

Cloud Security

Security Researcher

Cybersecurity Content Creator

Paul Ayegbusi

Cybersecurity

Cloud Security

Security Researcher

Cybersecurity Content Creator

Download CV Contact Me

Automated Docker App Deployment to AWS EC2 via POSIX Bash Scripting

Project Background

Cloud-native applications demand reliable, rapid, and secure deployment processes. As part of my professional portfolio, I architected a production-grade Bash automation pipeline for deploying Dockerized applications to remote Linux servers on AWS. This project leverages advanced shell scripting, cloud operating principles, and DevSecOps best practices to achieve full lifecycle automation—starting from source code on GitLab, all the way to live production services behind a hardened Nginx reverse proxy.

Goals & Motivation

  • Eliminate manual error: Remove repetitive SSH steps, package installs, and config procedures from cloud deployments.

  • Standardize and secure: Apply consistent, idempotent deployment logic with credential hygiene and endpoint verification.

  • Hands-Off Automation: Enable “push one button, go live” for tech teams and future clients.

Solution Architecture

1. Parameterized Bash Pipeline

The core of my solution is a single, interactive Bash script (deploy.sh) with strong input validation. The script prompts for:

  • GitLab repo URL (HTTPS, PAT token for authentication, branch selection)

  • Remote SSH details (username, public IP, private key path)

  • Internal app port (from Dockerfile or docker-compose.yml)

2. Cloud Platform Integration

  • Script is executed from Kali Linux, acting as the secure operations node.

  • Target environment is an AWS EC2 Ubuntu instance, provisioned with open SSH and HTTP/S ports (security groups properly configured).

3. Secure Code Transfer & Build

  • Cloning the latest code from GitLab (using access tokens, not passwords)

  • Automatically prepares the remote system: updates OS, installs Docker, Docker Compose, and Nginx using non-interactive, error-trapped SSH commands.

  • Securely uploads the application source and config files from local machine to EC2 (via scp/rsync).

4. Container Orchestration

  • On the remote host, builds and starts containers using detected workflow:

    • If docker-compose.yml is present, uses Docker Compose.

    • Otherwise, builds directly from Dockerfile.

  • Stops/removes existing containers for clean idempotent redeploy.

5. Reverse Proxy Automation

  • Dynamically creates/updates an Nginx config to forward external HTTP requests to the correct Docker container port.

  • Tests, reloads, and validates Nginx setup—ensuring public endpoints route as expected.

6. Health Checks & Logging

  • Validate success by running curl and container status checks remotely.

  • All actions and errors are timestamped to local log file for auditability.

  • Script refuses to log sensitive information (PATs, keys).

7. Repeatability & Cleanup

  • Script design ensures re-running does not break or duplicate resources thanks to robust idempotency logic.

  • Optional cleanup flag allows removal of app containers and configs in seconds.

Key Learning Moments

  • Cloud Networking:
    Realized the distinction between private EC2 IPs (172.x.x.x) and true public IPv4 addresses for remote deployment. Adjusted security group rules and local config for successful SSH and app exposure.

  • Bash Idempotency & Error Handling:
    Upgraded script to gracefully detect and handle every step, making it self-diagnosing and safe to re-run.

  • Authentication Practices:
    Implemented secure GitLab PAT use, practices for SSH key storage, and removed all interactive password use from automation.

  • Debugging Real-World Failures:
    Resolved SSH “connection refused” issues by starting sshd, correcting file permissions, and rechecking AWS network/firewall settings.

  • Production Validation:
    Automated health checks for live endpoint status after each deployment, preventing silent errors in production.

Results

  • Full deployment from local shell to live cloud app reduced to one scripted step.

  • Eliminated manual cloud errors and improved speed and security for dev, test, and production rollouts.

  • Provided a template for scalable DevSecOps automation, reusable in new environments and tech stacks.

  • All process steps audited and replayable from local logs for compliance and client reporting.

    Full script on Github: https://github.com/0xZeteo/docker-bash-deploy/

Tags: