CertifyMed – Cloud-Native Healthcare Platform on AWS EKS

CertifyMed is a microservices-based healthcare application that required a secure, scalable, and fully automated cloud-native deployment. The challenge was to build a production-grade Kubernetes environment on AWS with secure CI/CD, observability, and dynamic scaling while ensuring sensitive healthcare data and configurations remained protected.

Objective

To design and deploy a cloud-native microservices architecture on AWS EKS with automated CI/CD pipelines, secure secret management, observability, and scalable workload handling for a healthcare platform.

Architecture Overview

The system was deployed on Amazon EKS using containerized microservices managed via Kubernetes. GitHub Actions was integrated with OIDC for secure CI/CD deployment without storing AWS credentials. Services were exposed through AWS ALB Ingress Controller with path-based routing. Prometheus and Grafana were deployed using Helm for monitoring and alerting. HPA ensured dynamic scaling based on workload, while AWS Secrets Manager and Kubernetes ConfigMaps handled secure configuration management.

Tools & Technologies Used

AWS EKS, Kubernetes, GitHub Actions, OIDC, Docker, Helm, Prometheus, Grafana, AWS ALB Ingress Controller, AWS Secrets Manager, ConfigMaps, HPA

Implementation Steps

Deployed microservices architecture on Amazon EKS cluster
Configured GitHub Actions with OIDC for secure CI/CD deployment
Containerized services using Docker and deployed via Helm charts
Set up AWS ALB Ingress Controller for secure external access with path-based routing
Implemented Prometheus and Grafana using Helm for monitoring and dashboards
Configured Horizontal Pod Autoscaler (HPA) for dynamic workload scaling
Managed secrets securely using AWS Secrets Manager and ConfigMap.

Challenges Faced

Securely deploying CI/CD pipelines without storing AWS credentials
Managing microservices communication inside Kubernetes
Configuring ALB Ingress for path-based routing correctly.
Setting up monitoring stack in a scalable Kubernetes environment.

Troubleshooting & Solutions

Implemented OIDC-based authentication in GitHub Actions to eliminate static AWS credentials. Debugged Kubernetes ingress configurations for correct routing of microservices. Fine-tuned Prometheus scraping configurations for accurate metrics collection and optimized HPA thresholds to ensure stable scaling behavior under load.

Outcome

Fully automated CI/CD pipeline with zero credential storage.
Scalable and resilient Kubernetes-based healthcare system.
Real-time monitoring and alerting via Prometheus & Grafana.
Secure and production-ready microservices deployment.

Key Learnings

This project strengthened expertise in Kubernetes orchestration, cloud-native architecture design, secure CI/CD practices using OIDC, and production-grade observability systems.