Environment Configuration

CivStart runs in three main environments, each with its own infrastructure and configuration.

Environment Overview

Environment	Purpose	URL	API URL
Production	Live production system	https://civstart.ventures	https://api.civstart.ventures
Staging	Pre-production testing	https://staging.civstart.ventures	https://api-staging.civstart.ventures
Development	Development and QA	https://dev.civstart.ventures	https://api-dev.civstart.ventures

Production

Infrastructure

• ECS Cluster: civstart-production-cluster
• Database: civstart-production-postgres
• Redis: civstart-production-redis
• NLB: Production Network Load Balancer

Deployment

• Trigger: Push to main branch
• Approval: Manual approval required
• Rollback: Automated rollback on health check failures

Access

• Admin access restricted
• Monitoring via CloudWatch
• Alerts to on-call team

Staging

Infrastructure

• ECS Cluster: civstart-staging-cluster
• Database: civstart-staging-postgres
• Redis: civstart-staging-redis
• NLB: Staging Network Load Balancer

Deployment

• Trigger: Push to staging branch
• Approval: None (automatic)
• Testing: Automated integration tests

Test Accounts

• 50 test accounts available
• See Staging Credentials

Development

Infrastructure

• ECS Cluster: civstart-dev-cluster
• Database: civstart-dev-postgres
• Redis: civstart-dev-redis
• NLB: Dev Network Load Balancer

Deployment

• Trigger: Push to dev branch
• Approval: None (automatic)
• Testing: Unit tests only

Test Accounts

• 50 test accounts available
• See Dev Credentials

Environment Variables

Shared Variables (All Environments)

# Clerk Authentication
CLERK_SECRET_KEY=
CLERK_PUBLISHABLE_KEY=
ADMIN_CLERK_SECRET_KEY=
ADMIN_CLERK_PUBLISHABLE_KEY=

# AI/ML Services
GOOGLE_GEMINI_API_KEY=
PINECONE_API_KEY=

# Airtable Integration
AIRTABLE_API_KEY=
AIRTABLE_BASE_ID=
AIRTABLE_WEBHOOK_SECRET=

Environment-Specific Variables

# Database (from RDS)
DATABASE_URL=

# Redis (from ElastiCache)
REDIS_URL=

# URLs
FRONTEND_URL=
BACKEND_URL=
ADMIN_URL=

Secrets Management

All secrets are stored in AWS Secrets Manager:

• civstart-{env}-secrets - Application secrets
• civstart-{env}-db-password - Database password

Access via IAM roles (no hardcoded credentials).

CI/CD Pipeline

GitHub Actions Workflow

on:
  push:
    branches: [dev, staging, main]

Pipeline Stages

1. Setup Environment - Determine target environment
2. Build & Push - Docker image to ECR
3. Run Migrations - Database schema updates
4. Deploy to ECS - Update service with new image
5. Health Checks - Verify deployment success
6. Notify - Slack/email notifications

Migration Handling

Migration Failures

Database migrations may fail in CI/CD because RDS is in a private subnet. This is expected and secure by design.

Migrations are automatically applied when the ECS container starts up.

Monitoring & Logging

CloudWatch Logs

Each environment has dedicated log groups:

• /ecs/civstart-{env}-backend
• /ecs/civstart-{env}-frontend
• /ecs/civstart-{env}-admin

Metrics

• ECS task metrics (CPU, memory)
• RDS performance metrics
• NLB connection metrics
• Custom application metrics

Alerts

Production alerts configured for:

• High error rates (> 5%)
• High response times (> 2s p99)
• Database connection issues
• ECS task failures

Database Access

Connecting to RDS

RDS instances are in private subnets. To access:

# Via ECS task
aws ecs run-task \
  --cluster civstart-{env}-cluster \
  --task-definition civstart-{env}-backend \
  --overrides '{"containerOverrides": [{"name": "backend", "command": ["psql", "$DATABASE_URL"]}]}'

Running Migrations

# Via ECS task
aws ecs run-task \
  --cluster civstart-{env}-cluster \
  --task-definition civstart-{env}-backend \
  --overrides '{"containerOverrides": [{"name": "backend", "command": ["pnpm", "db:migrate:deploy"]}]}'

Deployment Best Practices

Pre-Deployment Checklist

• All tests passing
• Migrations tested locally
• Environment variables updated
• Secrets rotated if needed
• Monitoring dashboards ready

Post-Deployment Checklist

• Health checks passing
• No elevated error rates
• WebSocket connections stable
• Database connections normal
• Test credentials working

Emergency Procedures

Rollback Deployment

# Get previous task definition
aws ecs describe-task-definition \
  --task-definition civstart-{env}-backend \
  --query 'taskDefinition.revision'

# Update service to previous revision
aws ecs update-service \
  --cluster civstart-{env}-cluster \
  --service civstart-{env}-backend-service \
  --task-definition civstart-{env}-backend:{previous-revision}

Database Restore

# List snapshots
aws rds describe-db-snapshots \
  --db-instance-identifier civstart-{env}-postgres

# Restore from snapshot
aws rds restore-db-instance-from-db-snapshot \
  --db-instance-identifier civstart-{env}-postgres-restored \
  --db-snapshot-identifier {snapshot-id}

Next Steps

• AWS Infrastructure
• GitHub Actions
• Test Credentials