Designing a Production-Grade Blue-Green ECS Platform on AWS with Terraform

Most AWS tutorials stop at "it works." I wanted to build something closer to what a real engineering team would operate: network isolation, IAM least privilege, blue-green deployments, secrets management, and clean teardown—all defined as code. This article walks through the architecture, design decisions, tradeoffs, and the 8 real issues I encountered along the way. GitHub Repository: ecs-production-platform Total Cost: $0.12 for complete validation (4-hour session) Table of Contents What Was Built Architecture Overview Security Design Blue-Green Deployment Mechanics What Broke (8 Issues) Production Tradeoffs Cost Analysis What Was Built A production-aligned ECS Fargate platform running a Flask API backed by PostgreSQL: Networking Custom VPC ( 10.0.0.0/16 ) across 2 Availability Zones Public subnets for ALB and ECS tasks Private subnets for RDS (no internet route) Compute ECS Fargate services (no EC2 instance management) Application Load Balancer with HTTPS (ACM certificate, TLS 1.3)