• Provision all resources need - EC2,RDS, security group, Route table, Associated Route table, s3, Internet gateway

• create a IAM role attach s3 and give full access

  Attach an IAM Role to EC2 for S3 Access

  Instead of storing credentials in .env, the EC2 instance should assume an IAM role with permissions to access S3.

  Open the AWS IAM Console.

  Navigate to Roles → Create Role.

  Select AWS Service → EC2 → Next.

  Attach the policy AmazonS3FullAccess (for development).

  Name the role (e.g., grocery-ec2-role) → Create Role.

  Attach the role to your EC2 instance:

  Go to EC2 Console → Instances.

  Select the instance → Actions → Security → Modify IAM Role.

  Assign grocery-ec2-role → Update IAM Role.

  Verify IAM Role Permissions on EC2

  SSH into the instance

  ssh -i <key_pair.pem> ec2-user@<public ip>
  

  run (make sure to replace the placeholder for your S3 bucket name):

  aws sts get-caller-identity  # Confirms the role is assumed
  aws s3 ls s3://<grocerymate-avatars>/avatars/ # Confirms access to S3 bucket
  

• ssh to the EC2 with the key pair you create, for Mac use .pem

• Install all package including Git nd clone your up to date repo

  Update the System

  Keeping your EC2 instance up-to-date ensures stability, security, and compatibility with newer software versions.

  Run the following command to update all installed packages:

  sudo yum update -y
  

  🔹 What does this do?

  Fetches and installs the latest security patches.

  Updates core system libraries.

  Ensures compatibility with the latest software versions.

  For more details, check the AWS Linux Package Management Guide.

  ✅ Install Essential Software

  The application requires Git, Python, PostgreSQL, and dependencies. Install them using:

  sudo yum install -y git python3 python3-pip postgresql15 postgresql15-server postgresql15-contrib
  

  🔹 What does this do?

  Git → Version control system to clone repositories and manage updates.

  Python3 & Pip → Required for running the backend.

  PostgreSQL → The database system used by the application.

  Verify installation:

  git --version
  python3 --version
  pip --version
  psql --version
  

• Now check if there is communication between the EC2 n RDS

  Verify Connection from EC2

  On your EC2 instance, test the database connection:

  psql -h <your-rds-endpoint> -U <your-db-username> -d <your-db-name>
  
  

  • <your-rds-endpoint> → The RDS instance endpoint from the AWS Console.
  • <your-db-username> → Your PostgreSQL username.
  • <your-db-name> → The name of your database. Usually you do not have a database name at this stage yet. If not, use the default database name ‘postgres’ here.

  If the connection is successful, you should see the PostgreSQL prompt.

  If authentication fails, verify your database username and password.

Now that the rds connects with EC2, it’s time to populate the database.

• Always remember the username and database name of your rds

Create the Database and User in RDS

Before importing data, create the necessary database and user on RDS.

if you are within the database just use -CREATE DATABASE grocerymate_db;

psql -h <your-rds-endpoint> -U postgres -c "CREATE DATABASE grocerymate_db;" #If this is not already created when you did the RDS
psql -h <your-rds-endpoint> -U postgres -c "CREATE USER grocery_user WITH ENCRYPTED PASSWORD 'grocery_test';"

Grant Permissions:

GRANT USAGE, CREATE ON SCHEMA public TO grocery_user;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO grocery_user;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO grocery_user;
GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA public TO grocery_user;

-- Set default privileges for future objects
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO grocery_user;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO grocery_user;

Verify User and Schema Permissions:

\\dn+ public # Should show grocery_user=UC/pg_database_owner
\\ddp # Should show grocery_user with table/sequence privileges

🔹 Explanation:

• Creates a new database → grocerymate_db for the application.
• Creates a dedicated user → grocery_user with a secure password.
• Database Creation: grocerymate_db is the dedicated space for your app’s data. Creating it explicitly ensures it exists and is owned by postgres, which has sufficient privileges to manage it.
• Dedicated User: grocery_user is a restricted role for your app, following security best practices by avoiding the use of the postgres superuser for app connections.
• Permission Grants:
  • USAGE, CREATE lets grocery_user use and create objects in the public schema.
  • ALL PRIVILEGES ensures grocery_user can manage existing tables, sequences, and functions.
  • ALTER DEFAULT PRIVILEGES ensures any future tables/sequences created in public automatically inherit these permissions, avoiding manual updates later.
• Verification: Checking \dn+ and \ddp confirms grocery_user has the rights to create and manage objects, preventing permission errors during data import.

After connecting to your database, make sure to exit the database with Ctrl-C to be able to prompt commands to your EC2 instance again instead of your database before you go on with the next step.

Populate RDS with Application Data

Since the RDS database is initially empty, we need to populate it with predefined application data from a SQL file. This file contains the necessary schema (tables, columns, constraints) and sample data for products, users, and orders.

✅ Load Initial Data into RDS

Run the following command on EC2 to execute the SQL file and populate the database:

psql -h <your-rds-endpoint>  -U <username> -d <db_name> -f backend/app/sqlite_dump_clean.sql

🔹 What Does This Do?

• Reads SQL commands from sqlite_dump_clean.sql.
• Creates all necessary tables and relationships.
• Inserts initial test data.

✅ Verify That Data Was Inserted Successfully

To check if the database has been correctly populated, list all tables:

psql -h <your-rds-endpoint> -U <username> -d <db_name> -c "\\dt"

🔹 What This Does?

• Displays all tables in the database.
• Ensures that the schema was successfully created.

✅ Check Specific Tables

To inspect whether data was inserted into key tables, run:

psql -h <your-rds-endpoint> -U grocery_user -d grocerymate_db -c "SELECT * FROM users;"
psql -h <your-rds-endpoint> -U grocery_user -d grocerymate_db -c "SELECT * FROM products;"

🔹 What This Does?

• Retrieves and displays rows from the users and products tables.
• Confirms that test data was successfully loaded into the RDS instance.

If you see rows of data, the setup is complete! ✅

Next, let run the app on docker

• We need to setup Docker

docker run --network host \\
  -e S3_BUCKET_NAME=grocerymate-avatars-20250524115344572600000001 \\
  -e S3_REGION=eu-central-1 \\
  -e USE_S3_STORAGE=true \\
  -e POSTGRES_USER=me**** \\
  -e POSTGRES_PASSWORD=Egwuchu**** \\
  -e POSTGRES_DB=groce**** \\
  -e POSTGRES_HOST=app-db.cv46k0uo8k9f.eu-central-1.rds.amazonaws.com \\
  -e POSTGRES_URI=postgresql://me****:Egwuchu***@app-db.cv46k0uo8k9f.eu-central-1.rds.amazonaws.com:5432/grocerystoredb \\
  -p 5000:5000 grocerymate

Now the app should be running.

You can check in your browser

http://<public ip>:5000

Congratulations🎊