Back to Blog
DevOps
Docker
AWS
CI/CD

DevOps Pipeline Optimization with Docker and AWS

January 9, 2025
10 min read
By Shubham Yadav
⚙️

Optimized CI/CD Pipeline Architecture

In my journey from building Discord bots to scaling trading platforms at Enigma, I've learned that efficient DevOps pipelines are crucial for rapid deployment and cost optimization. Here's how I've optimized our infrastructure.

The Evolution of Our Pipeline

When I started at Groot Music, deployments were manual and error-prone. By the time I joined Enigma, I had learned the importance of automated, reliable deployment pipelines. Here's the transformation journey:

Before Optimization:

  • Manual deployments taking 2-3 hours
  • Inconsistent environments between dev/staging/prod
  • High infrastructure costs due to over-provisioning
  • Frequent deployment failures and rollbacks

After Optimization:

  • Automated deployments in under 10 minutes
  • Consistent containerized environments
  • 40% reduction in infrastructure costs
  • 99.9% deployment success rate

Docker Containerization Strategy

The foundation of our optimized pipeline is smart containerization. Here's our multi-stage Docker approach:

# Multi-stage Dockerfile for Go applications
FROM golang:1.21-alpine AS builder

# Install dependencies for building
RUN apk add --no-cache git ca-certificates tzdata

WORKDIR /app

# Copy go mod files first for better caching
COPY go.mod go.sum ./
RUN go mod download

# Copy source code
COPY . .

# Build the application
RUN CGO_ENABLED=0 GOOS=linux go build \
    -ldflags='-w -s -extldflags "-static"' \
    -o main cmd/server/main.go

# Final stage - minimal runtime image
FROM scratch

# Copy timezone data and certificates
COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/

# Copy the binary
COPY --from=builder /app/main /main

# Expose port
EXPOSE 8080

# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
  CMD ["/main", "health"]

# Run the binary
ENTRYPOINT ["/main"]

This approach reduced our image size from 800MB to just 15MB, significantly improving deployment speed and reducing storage costs.

AWS Infrastructure as Code

We use Terraform to manage our AWS infrastructure, ensuring consistency and enabling easy scaling:

# terraform/main.tf
resource "aws_ecs_cluster" "main" {
  name = "trading-platform"
  
  setting {
    name  = "containerInsights"
    value = "enabled"
  }
}

resource "aws_ecs_service" "api" {
  name            = "api-service"
  cluster         = aws_ecs_cluster.main.id
  task_definition = aws_ecs_task_definition.api.arn
  desired_count   = var.api_desired_count

  deployment_configuration {
    maximum_percent         = 200
    minimum_healthy_percent = 100
  }

  load_balancer {
    target_group_arn = aws_lb_target_group.api.arn
    container_name   = "api"
    container_port   = 8080
  }

  depends_on = [aws_lb_listener.api]
}

resource "aws_appautoscaling_target" "api" {
  max_capacity       = 20
  min_capacity       = 2
  resource_id        = "service/${aws_ecs_cluster.main.name}/${aws_ecs_service.api.name}"
  scalable_dimension = "ecs:service:DesiredCount"
  service_namespace  = "ecs"
}

resource "aws_appautoscaling_policy" "api_scale_up" {
  name               = "api-scale-up"
  policy_type        = "TargetTrackingScaling"
  resource_id        = aws_appautoscaling_target.api.resource_id
  scalable_dimension = aws_appautoscaling_target.api.scalable_dimension
  service_namespace  = aws_appautoscaling_target.api.service_namespace

  target_tracking_scaling_policy_configuration {
    predefined_metric_specification {
      predefined_metric_type = "ECSServiceAverageCPUUtilization"
    }
    target_value = 70.0
  }
}

GitHub Actions CI/CD Pipeline

Our GitHub Actions workflow handles everything from testing to deployment:

# .github/workflows/deploy.yml
name: Deploy to AWS

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      
      - name: Set up Go
        uses: actions/setup-go@v3
        with:
          go-version: 1.21
          
      - name: Run tests
        run: |
          go test -v -race -coverprofile=coverage.out ./...
          go tool cover -html=coverage.out -o coverage.html
          
      - name: Upload coverage
        uses: codecov/codecov-action@v3

  build-and-deploy:
    needs: test
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/main'
    
    steps:
      - uses: actions/checkout@v3
      
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v2
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: us-east-1
          
      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1
        
      - name: Build and push Docker image
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          ECR_REPOSITORY: trading-api
          IMAGE_TAG: ${{ github.sha }}
        run: |
          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
          
      - name: Deploy to ECS
        run: |
          aws ecs update-service \
            --cluster trading-platform \
            --service api-service \
            --force-new-deployment

Cost Optimization Strategies

Here are the key strategies that helped us reduce infrastructure costs by 40%:

1. Spot Instances for Non-Critical Workloads

resource "aws_launch_template" "worker" {
  name_prefix   = "worker-"
  image_id      = data.aws_ami.ecs_optimized.id
  instance_type = "c5.large"
  
  vpc_security_group_ids = [aws_security_group.ecs.id]
  
  iam_instance_profile {
    name = aws_iam_instance_profile.ecs.name
  }
  
  # Use spot instances for 60% cost savings
  instance_market_options {
    market_type = "spot"
    spot_options {
      max_price = "0.05"
    }
  }
}

2. Intelligent Auto Scaling

# Scale based on multiple metrics
resource "aws_appautoscaling_policy" "api_scale_policy" {
  name               = "api-composite-scaling"
  policy_type        = "TargetTrackingScaling"
  resource_id        = aws_appautoscaling_target.api.resource_id
  scalable_dimension = aws_appautoscaling_target.api.scalable_dimension
  service_namespace  = aws_appautoscaling_target.api.service_namespace

  target_tracking_scaling_policy_configuration {
    # Scale based on CPU and memory
    customized_metric_specification {
      metric_name = "CPUUtilization"
      namespace   = "AWS/ECS"
      statistic   = "Average"
      
      dimensions = {
        ServiceName = aws_ecs_service.api.name
        ClusterName = aws_ecs_cluster.main.name
      }
    }
    target_value = 60.0
  }
}

Monitoring and Observability

Comprehensive monitoring is crucial for maintaining pipeline health:

# CloudWatch Dashboard for pipeline monitoring
resource "aws_cloudwatch_dashboard" "pipeline" {
  dashboard_name = "DevOps-Pipeline"

  dashboard_body = jsonencode({
    widgets = [
      {
        type   = "metric"
        width  = 12
        height = 6
        properties = {
          metrics = [
            ["AWS/ECS", "CPUUtilization", "ServiceName", aws_ecs_service.api.name],
            ["AWS/ECS", "MemoryUtilization", "ServiceName", aws_ecs_service.api.name],
            ["AWS/ApplicationELB", "TargetResponseTime", "LoadBalancer", aws_lb.main.arn_suffix]
          ]
          period = 300
          stat   = "Average"
          region = "us-east-1"
          title  = "Service Performance Metrics"
        }
      }
    ]
  })
}

Security Best Practices

Security is integrated into every step of our pipeline:

  • Image Scanning: Automated vulnerability scanning with Trivy
  • Secrets Management: AWS Secrets Manager for sensitive data
  • Network Security: VPC with private subnets and NAT gateways
  • IAM Roles: Least privilege access for all services
  • Encryption: Data encrypted at rest and in transit
# Security scanning in CI/CD
- name: Run Trivy vulnerability scanner
  uses: aquasecurity/trivy-action@master
  with:
    image-ref: '${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}'
    format: 'sarif'
    output: 'trivy-results.sarif'
    
- name: Upload Trivy scan results
  uses: github/codeql-action/upload-sarif@v2
  with:
    sarif_file: 'trivy-results.sarif'

Performance Metrics and Results

After implementing these optimizations, we achieved significant improvements:

Deployment Metrics

  • • Deployment time: 2-3 hours → 8-10 minutes
  • • Success rate: 85% → 99.9%
  • • Rollback time: 45 minutes → 2 minutes
  • • Mean time to recovery: 2 hours → 15 minutes

Cost Savings

  • • Infrastructure costs: -40%
  • • Developer productivity: +60%
  • • Incident response time: -75%
  • • Resource utilization: +45%

Lessons Learned

Building and optimizing DevOps pipelines taught me several valuable lessons:

  • Start Simple: Begin with basic automation and iterate
  • Monitor Everything: You can't optimize what you don't measure
  • Fail Fast: Quick feedback loops prevent larger issues
  • Security First: Build security into the pipeline, not as an afterthought
  • Document Everything: Good documentation saves hours of debugging

Conclusion

Optimizing DevOps pipelines is an ongoing journey. The strategies I've shared here have been battle-tested in production environments handling millions of requests. The key is to start with solid foundations and continuously iterate based on metrics and feedback.

Remember, the best pipeline is one that your team can understand, maintain, and improve. Focus on reliability first, then optimize for speed and cost. The investment in proper DevOps practices pays dividends in reduced stress, faster feature delivery, and happier developers.