Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/ti-infinite/GSMInfrastructure/llms.txt

Use this file to discover all available pages before exploring further.

GSM Infrastructure is a complete AWS infrastructure-as-code platform built on CloudFormation. It provisions and manages a multi-service application stack — including frontend delivery via CloudFront + S3, containerized backend microservices on ECS-on-EC2, and automated cost controls — across dev, qa, and prod environments through GitHub Actions CI/CD pipelines.

Prerequisites

AWS account setup, required tools, and IAM permissions needed before you begin

Base Setup

Deploy the OIDC provider and IAM executor role to enable keyless GitHub Actions auth

Infrastructure Stack

Deploy ECS cluster, CloudFront distribution, ECR, and all core AWS resources

Scheduler Stack

Automate EC2 start/stop and ECS scaling to reduce off-hours costs

What’s included

GSM Infrastructure provisions the full AWS environment for a microservices-based application through three CloudFormation stacks deployed in order:
1

Base stack — OIDC & IAM

Creates a GitHub OIDC provider and a least-privilege InfraExecutorRole that GitHub Actions assumes via short-lived tokens. No static AWS credentials are stored in CI/CD secrets.
2

Infrastructure stack — Core resources

Provisions the S3 frontend bucket, CloudFront distribution with SPA router function, ECR repository, ECS cluster on EC2, four backend microservice task definitions, security groups, Elastic IP, AWS Budget, and SNS alerts.
3

Scheduler stack — Cost automation

Deploys two Lambda functions and EventBridge Scheduler rules that stop the EC2 instance (scaling ECS to 0) at night and restart it in the morning — cutting off-hours compute costs.

Key capabilities

Architecture Overview

Understand the full system design and how each AWS service fits together

CI/CD Pipeline

Branch-driven GitHub Actions workflows for automated deployments to each environment

Cost Management

AWS Budgets, SNS alerts, and the automated scheduler to control monthly spend

Security

IAM least-privilege policies, OIDC keyless auth, and SSM Parameter Store for secrets
GSM Infrastructure targets us-east-1 by default. All resource names are scoped by environment prefix (e.g., dev-gsmapplication-cluster) so multiple environments can coexist in the same AWS account.

Build docs developers (and LLMs) love

Get started for freeTalk to us